Sanitize binary args passed by user

Author: singh811

lib/Local.js

@@ -1,4 +1,5 @@
 var childProcess = require('child_process'),
+  os = require('os'),
   fs = require('fs'),
   path = require('path'),
   running = require('is-running'),
@@ -7,11 +8,12 @@ var childProcess = require('child_process'),
   psTree = require('ps-tree');
 
 function Local(){
+  this.windows = os.platform().match(/mswin|msys|mingw|cygwin|bccwin|wince|emc|win32/i);
   this.pid = undefined;
   this.isProcessRunning = false;
   this.retriesLeft = 5;
   this.key = process.env.BROWSERSTACK_ACCESS_KEY;
-  this.logfile = path.join(process.cwd(), 'local.log');
+  this.logfile = this.sanitizePath(path.join(process.cwd(), 'local.log'));
   this.opcode = 'start';
   this.exitCallback;
 
@@ -124,7 +126,7 @@ function Local(){
       case 'folder':
         if(value){
           this.folderFlag = '-f';
-          this.folderPath = value;
+          this.folderPath = this.sanitizePath(value);
         }
         break;
 
@@ -157,7 +159,7 @@ function Local(){
       case 'logfile':
       case 'logFile':
         if(value)
-          this.logfile = value;
+          this.logfile = this.sanitizePath(value);
         break;
 
       case 'parallelRuns':
@@ -167,7 +169,7 @@ function Local(){
 
       case 'binarypath':
         if(value)
-          this.binaryPath = value;
+          this.binaryPath = this.sanitizePath(value);
         break;
 
       default:
@@ -253,6 +255,11 @@ function Local(){
     return args;
   };
 
+  this.sanitizePath = function(rawPath) {
+    var doubleQuoteIfRequired = this.windows && !rawPath.match(/"[^"]+"/) ? '"' : '';
+    return doubleQuoteIfRequired + rawPath + doubleQuoteIfRequired;
+  }
+
   this.killAllProcesses = function(callback){
     psTree(this.pid, (err, children) => {
       var childPids = children.map(val => val.PID);