MALIO-DEV/Supervisor
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix : securite middle et execfile

Browse Source
This commit is contained in:
Kevin Boudet
2026-03-12 08:37:53 +01:00
parent 126d6b505a
commit 47bc8ba966
13 changed files with 116 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/api/backup-script.post.ts
View File

@@ -1,4 +1,4 @@
import { exec } from "node:child_process"
import { execFile } from "node:child_process"
import scripts from "../config/backup-script.json"
type BackupScript = {
@@ -6,11 +6,12 @@ type BackupScript = {
label: string
downloadFolders?: string[]
command: string
args?: string[]
}
function runCommand(command: string): Promise<string> {
function runCommand(command: string, args: string[] = []): Promise<string> {
return new Promise((resolve, reject) => {
exec(command, { timeout: 10 * 60 * 1000 }, (error, stdout, stderr) => {
execFile(command, args, { timeout: 10 * 60 * 1000 }, (error, stdout, stderr) => {
if (error) {
reject(stderr || error.message)
return
@@ -40,7 +41,7 @@ export default defineEventHandler(async (event) => {
}
try {
const output = await runCommand(script.command)
const output = await runCommand(script.command, script.args || [])
return {
ok: true,
key: script.key,

9
server/api/disk.get.ts
View File

@@ -1,10 +1,11 @@
import { exec } from "child_process"
import { execFile } from "child_process"
import diskSources from "../config/disk-commands.json"
type DiskSource = {
key: string
label: string
command: string
args?: string[]
}
function getCommand(source: DiskSource) {
@@ -15,9 +16,9 @@ function getCommand(source: DiskSource) {
return process.env[envKey] || (legacyEnvKey ? process.env[legacyEnvKey] : undefined) || source.command
}
function runCommand(command: string): Promise<string> {
function runCommand(command: string, args: string[] = []): Promise<string> {
return new Promise((resolve, reject) => {
exec(command, (error, stdout, stderr) => {
execFile(command, args, (error, stdout, stderr) => {
if (error) {
reject(stderr || error.message)
return
@@ -31,7 +32,7 @@ export default defineEventHandler(async () => {
const results = await Promise.all(
(diskSources as DiskSource[]).map(async (source) => {
try {
const output = await runCommand(getCommand(source))
const output = await runCommand(source.command, source.args || [])
return {
key: source.key,
label: source.label,