chore(cli-integ): make it possible to run on GitHub Actions#33175
chore(cli-integ): make it possible to run on GitHub Actions#33175mergify[bot] merged 6 commits intomainfrom
Conversation
Migrate some changes back from the new testing repo. These changes are necessary to make the tests run on GitHub Actions. If we keep them here, in the future we can do a `cp -R` on the test directory. If not, we'll have to do manual sorting on every copy over, which is annoying and easy to make mistakes in.
| } | ||
|
|
||
| export class AwsClients { | ||
| public static async default(output: NodeJS.WritableStream) { |
There was a problem hiding this comment.
Why did you add this back in? No tests are using it anymore.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #33175 +/- ##
=======================================
Coverage 80.78% 80.78%
=======================================
Files 232 232
Lines 14111 14111
Branches 2453 2453
=======================================
Hits 11400 11400
Misses 2431 2431
Partials 280 280
Flags with carried forward coverage won't be shown. Click here to find out more.
|
| } | ||
|
|
||
| child.kill('SIGINT'); | ||
| child_process.exec(`for pid in $(ps -ef | grep "${command}" | awk '{print $2}'); do kill -2 $pid; done`); |
Check warning
Code scanning / CodeQL
Unsafe shell command constructed from library input
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to ensure that the user-controlled input is properly sanitized before being used in a shell command. The best way to achieve this is by using the shell-quote library to escape any special characters in the input. This will prevent shell injection vulnerabilities by ensuring that the input is treated as a literal string rather than being interpreted by the shell.
- Install the
shell-quotelibrary if it is not already installed. - Import the
shell-quotelibrary in the file. - Use the
shellQuote.quotefunction to escape thecommandvariable before including it in the shell command on line 290.
| @@ -4,2 +4,3 @@ | ||
| import axios from 'axios'; | ||
| import * as shellQuote from 'shell-quote'; | ||
| import { TestContext } from './integ-test'; | ||
| @@ -289,3 +290,4 @@ | ||
| child.kill('SIGINT'); | ||
| child_process.exec(`for pid in $(ps -ef | grep "${command}" | awk '{print $2}'); do kill -2 $pid; done`); | ||
| const escapedCommand = shellQuote.quote([command]); | ||
| child_process.exec(`for pid in $(ps -ef | grep ${escapedCommand} | awk '{print $2}'); do kill -2 $pid; done`); | ||
| } |
| @@ -69,3 +69,4 @@ | ||
| "yaml": "1.10.2", | ||
| "yargs": "^17.7.2" | ||
| "yargs": "^17.7.2", | ||
| "shell-quote": "^1.8.2" | ||
| }, |
| Package | Version | Security advisories |
| shell-quote (npm) | 1.8.2 | None |
…cdk into huijbers/integtest-changes-back
|
➡️ PR build request submitted to A maintainer must now check the pipeline and add the |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Migrate some changes back from the new testing repo. These changes are necessary to make the tests run on GitHub Actions.
If we keep them here, in the future we can do a
cp -Ron the test directory. If not, we'll have to do manual sorting on every copy over, which is annoying and easy to make mistakes in.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license