child_process: validate exec's options.shell as string

Renegade334 · Renegade334 · commit 4ca3f674aaa8 · 2025-09-11T02:00:40.000+01:00
diff --git a/lib/child_process.js b/lib/child_process.js
@@ -199,7 +199,13 @@ function normalizeExecArgs(command, options, callback) {
 
   // Make a shallow copy so we don't clobber the user's options object.
   options = { __proto__: null, ...options };
-  options.shell = typeof options.shell === 'string' ? options.shell : true;
+
+  // Validate the shell, if present, otherwise request the default shell.
+  if (options.shell != null && options.shell !== true) {
+    validateString(options.shell, 'options.shell');
+  } else {
+    options.shell = true;
+  }
 
   return {
     file: command,
@@ -613,11 +619,12 @@ function normalizeSpawnArguments(file, args, options) {
   }
 
   // Validate the shell, if present.
-  if (options.shell != null &&
-      typeof options.shell !== 'boolean' &&
-      typeof options.shell !== 'string') {
-    throw new ERR_INVALID_ARG_TYPE('options.shell',
-                                   ['boolean', 'string'], options.shell);
+  if (options.shell != null) {
+    if (typeof options.shell !== 'boolean' && typeof options.shell !== 'string') {
+      throw new ERR_INVALID_ARG_TYPE('options.shell',
+                                     ['boolean', 'string'], options.shell);
+    }
+    validateArgumentNullCheck(options.shell, 'options.shell');
   }
 
   // Validate argv0, if present.
@@ -639,7 +646,6 @@ function normalizeSpawnArguments(file, args, options) {
   }
 
   if (options.shell) {
-    validateArgumentNullCheck(options.shell, 'options.shell');
     if (args.length > 0 && !emittedDEP0190Already) {
       process.emitWarning(
         'Passing args to a child process with shell option true can lead to security ' +
diff --git a/test/parallel/test-child-process-exec-any-shells-windows.js b/test/parallel/test-child-process-exec-any-shells-windows.js
@@ -33,7 +33,7 @@ const testCopy = (shellName, shellPath) => {
 const system32 = `${process.env.SystemRoot}\\System32`;
 
 // Test CMD
-test(true);
+test(null);
 test('cmd');
 testCopy('cmd.exe', `${system32}\\cmd.exe`);
 test('cmd.exe');
diff --git a/test/parallel/test-child-process-exec-shell.js b/test/parallel/test-child-process-exec-shell.js
@@ -0,0 +1,15 @@
+'use strict';
+require('../common');
+const assert = require('assert');
+const { exec, execSync } = require('child_process');
+
+const invalidArgTypeError = {
+  code: 'ERR_INVALID_ARG_TYPE',
+  name: 'TypeError'
+};
+
+for (const fn of [exec, execSync]) {
+  assert.throws(() => fn('should-throw-on-boolean-shell-option', { shell: false }), invalidArgTypeError);
+}
+
+// TODO: add DEP0196 tests following runtime deprecation
