dependabot-common 0.98.20 → 0.98.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/shared_helpers.rb +13 -2
  3. data/lib/dependabot/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8dcb0c3db6c0f0955f6ae8d7f1cd9d345a9c3411538536a9f1f8e80913625fff
4
- data.tar.gz: 8e2ad30efe86c354bde0372ea8a0f6081579b699dd25ebfac4614e47ce219ed8
3
+ metadata.gz: 57d3353a7f86102e26b7829b14a495e40b3c6543dbf44201493ab4316ea38254
4
+ data.tar.gz: 2e74239746f6b33ab4836500c304610b05bb522a03ef57c0703ca87760068d53
5
5
  SHA512:
6
- metadata.gz: 87acc1e086aef9481058098133c4183031dc8ee516eeed1695a6c1c771e11069e3d2b6bdaf170113b1eb7be31bb2bbb818c8e6bc2699133a48dba0827fc3cf04
7
- data.tar.gz: 129e9603fb5ef835c5716f6e7e2f8ba711fba6816ea7916961524619f20fcb92b4072d2892d9cafe01e9abcde88fed409ded495c0c15855d0c89bc3d7c08c53d
6
+ metadata.gz: 9e0eb1ecb1f6348a2542f7fdb0fc4a62451600208aad6f1e525bba3752d79dd3801807b37c001b989821f0cb62040630348d2cf6e81c8d187b1dca708ac0fe53
7
+ data.tar.gz: 89d53942fa6fc900cfa73b1a56908dc6f186004a5feeaad03df349bba11575c1f96f19a93dfc5e6062c2e08dd69449d15734a6b7c2dd05aa05b5ebfd481670b7
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -6,6 +6,7 @@ require "excon"
6
6
  require "English"
7
7
  require "digest"
8
8
  require "open3"
9
+ require "shellwords"
9
10
 
10
11
  module Dependabot
11
12
  module SharedHelpers
@@ -74,11 +75,20 @@ module Dependabot
74
75
  end
75
76
  end
76
77
 
78
+ # Escapes all special characters, e.g. = & | <>
79
+ def self.escape_command(command)
80
+ command_parts = command.split(" ").map(&:strip).reject(&:empty?)
81
+ Shellwords.join(command_parts)
82
+ end
83
+
84
+ # rubocop:disable Metrics/MethodLength
77
85
  def self.run_helper_subprocess(command:, function:, args:, env: nil,
78
- stderr_to_stdout: false)
86
+ stderr_to_stdout: false,
87
+ escape_command_str: true)
79
88
  start = Time.now
80
89
  stdin_data = JSON.dump(function: function, args: args)
81
- env_cmd = [env, command].compact
90
+ cmd = escape_command_str ? escape_command(command) : command
91
+ env_cmd = [env, cmd].compact
82
92
  stdout, stderr, process = Open3.capture3(*env_cmd, stdin_data: stdin_data)
83
93
  time_taken = Time.now - start
84
94
 
@@ -109,6 +119,7 @@ module Dependabot
109
119
  error_context: error_context
110
120
  )
111
121
  end
122
+ # rubocop:enable Metrics/MethodLength
112
123
 
113
124
  def self.excon_middleware
114
125
  Excon.defaults[:middlewares] + [Excon::Middleware::RedirectFollower]
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.98.20"
4
+ VERSION = "0.98.21"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.20
4
+ version: 0.98.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot