nodejs-jison/CVE-2020-8178.patch

From 64c18e3e654b55e3414894295127337705217139 Mon Sep 17 00:00:00 2001
From: toufik-airane <toufik.airane@gmail.com>
Date: Fri, 12 Jun 2020 21:06:44 +0200
Subject: [PATCH] Fix OS Command Injection on Jison

Fix OS Command Injection on Jison for huntr.dev.
https://www.huntr.dev/app/bounties/open/1-npm-jison
---
 ports/csharp/Jison/Jison/csharp.js | 4 ++--
 ports/php/php.js                   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ports/csharp/Jison/Jison/csharp.js b/ports/csharp/Jison/Jison/csharp.js
index 76c5d8ad..fdcd7b48 100644
--- a/ports/csharp/Jison/Jison/csharp.js
+++ b/ports/csharp/Jison/Jison/csharp.js
@@ -1,6 +1,6 @@
 var fs = require('fs'),
     util = require('util'),
-    exec = require('child_process').exec,
+    execFile = require('child_process').execFile,
     path = require('path');
 
 GLOBAL.convertToSyntax = function (types, body) {
@@ -16,7 +16,7 @@ function puts(error, stdout, stderr) {
 
 console.log("Executing: " + "jison " + process.argv[2]);
 
-exec("jison " + process.argv[2], function (error) {
+execFile("jison ", [process.argv[2]], function (error) {
     if (error) {
         console.log(error);
         return;
diff --git a/ports/php/php.js b/ports/php/php.js
index 5e9f8425..e9b48499 100644
--- a/ports/php/php.js
+++ b/ports/php/php.js
@@ -1,6 +1,6 @@
 var fs = require('fs'),
     util = require('util'),
-    exec = require('child_process').exec,
+    execFile = require('child_process').execFile,
     path = require('path');
 
 GLOBAL.convertToSyntax = function (types, body) {
@@ -16,7 +16,7 @@ function puts(error, stdout, stderr) {
 
 console.log("Executing: " + "jison " + process.argv[2]);
 
-exec("jison " + process.argv[2], function (error) {
+execFile("jison ", [process.argv[2]], function (error) {
     if (error) {
         console.log(error);
         return;