Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Init codeql-config #1086

Merged
merged 5 commits into from
Dec 5, 2024
Merged

Init codeql-config #1086

merged 5 commits into from
Dec 5, 2024

Conversation

narekhovhannisyan
Copy link
Member

Types of changes

  • Enhancement (project structure, spelling, grammar, formatting)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

A description of the changes proposed in the Pull Request

[ifEnvCommand, ifRunCommand, ttyCommand].join(' && ') +
` | ${ifDiffCommand}`;

await execPromise(fullCommand, {

Check warning

Code scanning / CodeQL

Shell command built from environment values Medium

This shell command depends on an uncontrolled
absolute path
.
This shell command depends on an uncontrolled
absolute path
.

Copilot Autofix AI 16 days ago

To fix the problem, we should avoid constructing the shell command as a single string and instead use execFileSync or execFile to pass the command and its arguments separately. This approach ensures that the shell does not interpret any special characters in the arguments.

  • Replace the construction of fullCommand with separate command arrays for each part of the command.
  • Use execFile to execute each command separately, passing the arguments as an array to avoid shell interpretation.
Suggested changeset 1
src/if-check/util/npm.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/if-check/util/npm.ts b/src/if-check/util/npm.ts
--- a/src/if-check/util/npm.ts
+++ b/src/if-check/util/npm.ts
@@ -58,14 +58,19 @@
 
-  const fullCommand = [
-    ...ifEnvCommand,
-    '&&',
-    ...ifRunCommand,
-    '&&',
-    ...ttyCommand,
-    '|',
-    ...ifDiffCommand,
-  ].join(' ');
+  // Execute ifEnvCommand
+  await execPromise(ifEnvCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
+
+  // Execute ifRunCommand
+  await execPromise(ifRunCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
+
+  // Execute ttyCommand
+  const ttyResult = await execPromise(ttyCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
 
-  // Execute the full command
-  await execPromise(fullCommand, {
+  // Execute ifDiffCommand
+  await execPromise(ifDiffCommand.join(' '), {
     cwd: process.env.CURRENT_DIR || process.cwd(),
EOF
@@ -58,14 +58,19 @@

const fullCommand = [
...ifEnvCommand,
'&&',
...ifRunCommand,
'&&',
...ttyCommand,
'|',
...ifDiffCommand,
].join(' ');
// Execute ifEnvCommand
await execPromise(ifEnvCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute ifRunCommand
await execPromise(ifRunCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute ttyCommand
const ttyResult = await execPromise(ttyCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute the full command
await execPromise(fullCommand, {
// Execute ifDiffCommand
await execPromise(ifDiffCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@narekhovhannisyan narekhovhannisyan merged commit 4221ec0 into main Dec 5, 2024
4 checks passed
@narekhovhannisyan narekhovhannisyan deleted the code-ql branch December 5, 2024 08:13
@github-actions github-actions bot mentioned this pull request Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants