Narrowed down conditions for CGI execution for security reasons

index.js

@@ -56,14 +56,15 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
         ".sh": ["bash"],
         ".ksh": ["ksh"],
         ".csh": ["csh"],
-        ".bat": ["cmd", "/c"],
-        ".cmd": ["cmd", "/c"],
-        ".vbs": ["cscript"],
-        ".jar": ["java"],
-        ".pyw": ["python"],
         ".rb": ["ruby"],
         ".php": ["php-cgi"]
       };
+      if(os.platform() == "win32") {
+        exttointerpreter[".exe"] = [];
+        exttointerpreter[".bat"] = ["cmd", "/c"];
+        exttointerpreter[".cmd"] = ["cmd", "/c"];
+        exttointerpreter[".vbs"] = ["cscript"];
+      }
       var exttointerpreteruser = {};
       fs.readFile(__dirname + "/../../../redbrick-interpreters.json", function (err, data) {
         if (!err) {
@@ -115,7 +116,7 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
                   return arg.replace(/"/g, "");
                 });
                 afterShebangCallback(args);
-              } else if (line.substr(0, 2) == "MZ" || line.substr(0, 4) == "\x7fELF") {
+              } else if (os.platform() != "win32" && line.substr(0, 4) == "\x7fELF") {
                 afterShebangCallback("binary");
               } else {
                 afterShebangCallback(false);
@@ -146,7 +147,10 @@ Mod.prototype.callback = function (req, res, serverconsole, responseEnd, href, e
             }
           } else {
             args = exttointerpreteruser[ext];
-            if (!args) {
+            if (args === null) {
+              elseCallback();
+              return;
+            } else if (!args) {
               args = exttointerpreter[ext];
               if (!args) {
                 elseCallback();