From 912e5afb90b85605a6d34d6c425ddb8415d703b0 Mon Sep 17 00:00:00 2001
From: Mufeed VH <mufeedvh@gmail.com>
Date: Sat, 4 Apr 2020 01:02:45 +0530
Subject: [PATCH] Fixed Command Injection

---
 lib/index.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/index.js b/lib/index.js
index 4b27e38..2439eec 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -11,6 +11,10 @@ const isGitRemte = (URL, host) => {
     thisURL = `https://www.${thisHost}/${thisURL}`;
   }
 
+  // filtering bad characters to prevent command injection
+  var filter_chars = /[!";|`$()&<>]/g;
+  thisURL = thisURL.replace(filter_chars, '');
+
   try {
     execa.shellSync(`git ls-remote ${thisURL}`);
     return true;