robojerk/codeql-action

Merge pull request #477 from github/hmakholm/pr/fix-escaping

Browse source 
fix value escaping in codeql-env.sh
This commit is contained in:
Andrew Eisenberg 2021-05-06 09:09:01 -07:00 committed by GitHub
commit 35a83b92ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/runner.js generated
View file

@ -150,7 +150,7 @@ program
const shEnvFile = path.join(config.tempDir, "codeql-env.sh");
const shEnvFileContents = Object.entries(tracerConfig.env)
// Some vars contain ${LIB} that we do not want to be expanded when executing this script
.map(([key, value]) => `export ${key}="${value.replace(/\$/g, "\\$")}"`)
.map(([key, value]) => `export ${key}='${value.replace(/'/g, "'\"'\"'")}'`)
.join("\n");
fs.writeFileSync(shEnvFile, shEnvFileContents);
logger.info(`\nCodeQL environment output to "${jsonEnvFile}" and "${shEnvFile}". ` +

2
lib/runner.js.map
View file

File diff suppressed because one or more lines are too long

3
src/runner.ts
View file

@ -249,7 +249,8 @@ program
const shEnvFileContents = Object.entries(tracerConfig.env)
// Some vars contain ${LIB} that we do not want to be expanded when executing this script
.map(
([key, value]) => `export ${key}="${value.replace(/\$/g, "\\$")}"`
([key, value]) =>
`export ${key}='${value.replace(/'/g, "'\"'\"'")}'`
)
.join("\n");
fs.writeFileSync(shEnvFile, shEnvFileContents);