dependabot-common 0.98.20 → 0.98.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/shared_helpers.rb +13 -2
  3. data/lib/dependabot/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8dcb0c3db6c0f0955f6ae8d7f1cd9d345a9c3411538536a9f1f8e80913625fff
4
- data.tar.gz: 8e2ad30efe86c354bde0372ea8a0f6081579b699dd25ebfac4614e47ce219ed8
3
+ metadata.gz: 57d3353a7f86102e26b7829b14a495e40b3c6543dbf44201493ab4316ea38254
4
+ data.tar.gz: 2e74239746f6b33ab4836500c304610b05bb522a03ef57c0703ca87760068d53
5
5
  SHA512:
6
- metadata.gz: 87acc1e086aef9481058098133c4183031dc8ee516eeed1695a6c1c771e11069e3d2b6bdaf170113b1eb7be31bb2bbb818c8e6bc2699133a48dba0827fc3cf04
7
- data.tar.gz: 129e9603fb5ef835c5716f6e7e2f8ba711fba6816ea7916961524619f20fcb92b4072d2892d9cafe01e9abcde88fed409ded495c0c15855d0c89bc3d7c08c53d
6
+ metadata.gz: 9e0eb1ecb1f6348a2542f7fdb0fc4a62451600208aad6f1e525bba3752d79dd3801807b37c001b989821f0cb62040630348d2cf6e81c8d187b1dca708ac0fe53
7
+ data.tar.gz: 89d53942fa6fc900cfa73b1a56908dc6f186004a5feeaad03df349bba11575c1f96f19a93dfc5e6062c2e08dd69449d15734a6b7c2dd05aa05b5ebfd481670b7
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -6,6 +6,7 @@ require "excon"
6
6
  require "English"
7
7
  require "digest"
8
8
  require "open3"
9
+ require "shellwords"
9
10
 
10
11
  module Dependabot
11
12
  module SharedHelpers
@@ -74,11 +75,20 @@ module Dependabot
74
75
  end
75
76
  end
76
77
 
78
+ # Escapes all special characters, e.g. = & | <>
79
+ def self.escape_command(command)
80
+ command_parts = command.split(" ").map(&:strip).reject(&:empty?)
81
+ Shellwords.join(command_parts)
82
+ end
83
+
84
+ # rubocop:disable Metrics/MethodLength
77
85
  def self.run_helper_subprocess(command:, function:, args:, env: nil,
78
- stderr_to_stdout: false)
86
+ stderr_to_stdout: false,
87
+ escape_command_str: true)
79
88
  start = Time.now
80
89
  stdin_data = JSON.dump(function: function, args: args)
81
- env_cmd = [env, command].compact
90
+ cmd = escape_command_str ? escape_command(command) : command
91
+ env_cmd = [env, cmd].compact
82
92
  stdout, stderr, process = Open3.capture3(*env_cmd, stdin_data: stdin_data)
83
93
  time_taken = Time.now - start
84
94
 
@@ -109,6 +119,7 @@ module Dependabot
109
119
  error_context: error_context
110
120
  )
111
121
  end
122
+ # rubocop:enable Metrics/MethodLength
112
123
 
113
124
  def self.excon_middleware
114
125
  Excon.defaults[:middlewares] + [Excon::Middleware::RedirectFollower]
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.98.20"
4
+ VERSION = "0.98.21"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.20
4
+ version: 0.98.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot