Skip to content

Init codeql-config #1086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
narekhovhannisyan merged 5 commits into from
Dec 5, 2024
Merged

Init codeql-config #1086

narekhovhannisyan merged 5 commits into from
Dec 5, 2024

Conversation

@narekhovhannisyan
Copy link
Member

@narekhovhannisyan narekhovhannisyan commented Dec 3, 2024

Types of changes

  • Enhancement (project structure, spelling, grammar, formatting)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.

A description of the changes proposed in the Pull Request

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 4, 2024
View reviewed changes
src/if-check/util/npm.ts
[ifEnvCommand, ifRunCommand, ttyCommand].join(' && ') +
` | ${ifDiffCommand}`;

await execPromise(fullCommand, {

Check warning

Code scanning / CodeQL

Shell command built from environment values Medium

This shell command depends on an uncontrolled
absolute path
Loading
.
This shell command depends on an uncontrolled
absolute path
Loading
.

Copilot Autofix

AI about 1 year ago

To fix the problem, we should avoid constructing the shell command as a single string and instead use execFileSync or execFile to pass the command and its arguments separately. This approach ensures that the shell does not interpret any special characters in the arguments.

  • Replace the construction of fullCommand with separate command arrays for each part of the command.
  • Use execFile to execute each command separately, passing the arguments as an array to avoid shell interpretation.
Suggested changeset 1
src/if-check/util/npm.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/if-check/util/npm.ts b/src/if-check/util/npm.ts
--- a/src/if-check/util/npm.ts
+++ b/src/if-check/util/npm.ts
@@ -58,14 +58,19 @@
 
-  const fullCommand = [
-    ...ifEnvCommand,
-    '&&',
-    ...ifRunCommand,
-    '&&',
-    ...ttyCommand,
-    '|',
-    ...ifDiffCommand,
-  ].join(' ');
+  // Execute ifEnvCommand
+  await execPromise(ifEnvCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
+
+  // Execute ifRunCommand
+  await execPromise(ifRunCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
+
+  // Execute ttyCommand
+  const ttyResult = await execPromise(ttyCommand.join(' '), {
+    cwd: process.env.CURRENT_DIR || process.cwd(),
+  });
 
-  // Execute the full command
-  await execPromise(fullCommand, {
+  // Execute ifDiffCommand
+  await execPromise(ifDiffCommand.join(' '), {
     cwd: process.env.CURRENT_DIR || process.cwd(),
EOF
@@ -58,14 +58,19 @@

const fullCommand = [
...ifEnvCommand,
'&&',
...ifRunCommand,
'&&',
...ttyCommand,
'|',
...ifDiffCommand,
].join(' ');
// Execute ifEnvCommand
await execPromise(ifEnvCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute ifRunCommand
await execPromise(ifRunCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute ttyCommand
const ttyResult = await execPromise(ttyCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
});

// Execute the full command
await execPromise(fullCommand, {
// Execute ifDiffCommand
await execPromise(ifDiffCommand.join(' '), {
cwd: process.env.CURRENT_DIR || process.cwd(),
Copilot is powered by AI and may make mistakes. Always verify output.
@narekhovhannisyan narekhovhannisyan merged commit 4221ec0 into main Dec 5, 2024
4 checks passed
@narekhovhannisyan narekhovhannisyan deleted the code-ql branch December 5, 2024 08:13
@github-actions github-actions bot mentioned this pull request Dec 10, 2024
Merged
@github-actions github-actions bot mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manushak manushak manushak approved these changes

Assignees

No one assigned

Labels

None yet

Projects

IF
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@narekhovhannisyan @manushak