Andrey/uptime-kuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update server/monitor-types/system-service.js

Browse Source 
Co-authored-by: Frank Elsinga <frank@elsinga.de>
This commit is contained in:
iotux 2026-01-01 08:34:47 +01:00 committed by GitHub
parent c09882b00a
commit 2dbd8aecf2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/monitor-types/system-service.js
View File

@ -76,8 +76,12 @@ class SystemServiceMonitorType extends MonitorType {
*/
async checkWindows(serviceName, heartbeat) {
return new Promise((resolve, reject) => {
// SECURITY: Proper Escaping.
const safeServiceName = serviceName.replaceAll("'", "''");
// SECURITY: Validate service name to reduce command-injection risk
if (!/^[A-Za-z0-9._-]+$/.test(serviceName)) {
throw new Error(
"Invalid service name. Only alphanumeric characters and '.', '_', '-' are allowed."
);
}
const cmd = "powershell";
const args = [