3pp-mirror/docusaurus
1
0
Fork 0
mirror of https://github.com/facebook/docusaurus.git synced 2025-08-06 02:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(create-docusaurus): potential security issue with command injection (#7507)

Browse source
This commit is contained in:
Sébastien Lorber 2022-05-27 10:41:15 +02:00 committed by GitHub
parent cd7cf781cd
commit dbd161d67c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 59 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

31
packages/docusaurus-utils/src/gitUtils.ts
View file

@ -97,26 +97,19 @@ export function getFileCommitDate(
);
}
let formatArg = '--format=%ct';
if (includeAuthor) {
formatArg += ',%an';
}
const args = [
`--format=%ct${includeAuthor ? ',%an' : ''}`,
'--max-count=1',
age === 'oldest' ? '--follow --diff-filter=A' : undefined,
]
.filter(Boolean)
.join(' ');
let extraArgs = '--max-count=1';
if (age === 'oldest') {
// --follow is necessary to follow file renames
// --diff-filter=A ensures we only get the commit which (A)dded the file
extraArgs += ' --follow --diff-filter=A';
}
const result = shell.exec(
`git log ${extraArgs} ${formatArg} -- "${path.basename(file)}"`,
{
// Setting cwd is important, see: https://github.com/facebook/docusaurus/pull/5048
cwd: path.dirname(file),
silent: true,
},
);
const result = shell.exec(`git log ${args} -- "${path.basename(file)}"`, {
// Setting cwd is important, see: https://github.com/facebook/docusaurus/pull/5048
cwd: path.dirname(file),
silent: true,
});
if (result.code !== 0) {
throw new Error(
`Failed to retrieve the git history for file "${file}" with exit code ${result.code}: ${result.stderr}`,