src: handle permissive extension on cmd check

PR-URL: https://github.com/nodejs-private/node-private/pull/596 Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> CVE-ID: CVE-2024-36138
2024-11-21 10:59:27 +00:00 · 2024-05-21 11:10:12 -03:00 · 2024-05-21 11:10:12 -03:00 · 39f207023a
commit 39f207023a
parent 01e9eac912
2 changed files with 17 additions and 5 deletions
--- a/src/util-inl.h
+++ b/src/util-inl.h
@ -27,6 +27,7 @@
 #include <cmath>
 #include <cstring>
 #include <locale>
+#include <regex>  // NOLINT(build/c++11)
 #include "node_revert.h"
 #include "util.h"

@ -543,9 +544,20 @@ bool IsWindowsBatchFile(const char* filename) {
 #else
  static constexpr bool kIsWindows = false;
 #endif  // _WIN32
-  if (kIsWindows)
-    if (const char* p = strrchr(filename, '.'))
-      return StringEqualNoCase(p, ".bat") || StringEqualNoCase(p, ".cmd");
+  if (kIsWindows) {
+    std::string file_with_extension = filename;
+    // Regex to match the last extension part after the last dot, ignoring
+    // trailing spaces and dots
+    std::regex extension_regex(R"(\.([a-zA-Z0-9]+)\s*[\.\s]*$)");
+    std::smatch match;
+    std::string extension;
+
+    if (std::regex_search(file_with_extension, match, extension_regex)) {
+      extension = ToLower(match[1].str());
+    }
+
+    return !extension.empty() && (extension == "cmd" || extension == "bat");
+  }
  return false;
 }

--- a/test/parallel/test-child-process-spawn-windows-batch-file.js
+++ b/test/parallel/test-child-process-spawn-windows-batch-file.js
@ -23,8 +23,8 @@ const expectedCode = isWindows ? 'EINVAL' : 'ENOENT';
 const expectedStatus = isWindows ? 1 : 127;

 const suffixes =
-    'BAT bAT BaT baT BAt bAt Bat bat CMD cMD CmD cmD CMd cMd Cmd cmd'
-    .split(' ');
+    'BAT|bAT|BaT|baT|BAt|bAt|Bat|bat|CMD|cMD|CmD|cmD|CMd|cMd|Cmd|cmd|cmd |cmd .|cmd ....'
+    .split('|');

 function testExec(filename) {
  return new Promise((resolve) => {