3pp-mirror/docusaurus
1
0
Fork 0
mirror of https://github.com/facebook/docusaurus.git synced 2025-05-23 14:06:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(create-docusaurus): potential security issue with command injection (#7507)

Browse source
This commit is contained in:
Sébastien Lorber 2022-05-27 10:41:15 +02:00 committed by GitHub
parent cd7cf781cd
commit dbd161d67c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 59 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

19
packages/docusaurus-utils/src/__tests__/shellUtils.test.ts Normal file
View file

@ -0,0 +1,19 @@
/**
* Copyright (c) Facebook, Inc. and its affiliates.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
import {escapeShellArg} from '../shellUtils';
describe('shellUtils', () => {
it('escapeShellArg', () => {
expect(escapeShellArg('hello')).toBe("'hello'");
expect(escapeShellArg('*')).toBe("'*'");
expect(escapeShellArg('hello world')).toBe("'hello world'");
expect(escapeShellArg("'hello'")).toBe("\\''hello'\\'");
expect(escapeShellArg('$(pwd)')).toBe("'$(pwd)'");
expect(escapeShellArg('hello$(pwd)')).toBe("'hello$(pwd)'");
});
});