From bf085276cecdb0cc76fbbe0687a5a0e786646936 Mon Sep 17 00:00:00 2001 From: Jok <67024248+jokreliable@users.noreply.github.com> Date: Tue, 15 Nov 2022 18:51:19 -0800 Subject: [PATCH] wrap pipeline commands for submoduleForeach in quotes (#964) * wrap pipeline commands for submoduleForeach in quotes * Update src/git-auth-helper.ts drop extraneous space. Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * Followed CONTRIBUTING.md instructions, updating dist/index.js * fixed package-lock.json * updating the pipeline so it runs from sh Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- dist/index.js | 8 ++++++-- src/git-auth-helper.ts | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/dist/index.js b/dist/index.js index 63072b8e3..47a99f132 100644 --- a/dist/index.js +++ b/dist/index.js @@ -7121,7 +7121,9 @@ class GitAuthHelper { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing - const output = yield this.git.submoduleForeach(`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules); + const output = yield this.git.submoduleForeach( + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules); // Replace the placeholder const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; for (const configPath of configPaths) { @@ -7288,7 +7290,9 @@ class GitAuthHelper { } } const pattern = regexpHelper.escape(configKey); - yield this.git.submoduleForeach(`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, true); + yield this.git.submoduleForeach( + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true); }); } } diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts index 3c6db8e77..6e3ad2897 100644 --- a/src/git-auth-helper.ts +++ b/src/git-auth-helper.ts @@ -157,7 +157,8 @@ class GitAuthHelper { // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing const output = await this.git.submoduleForeach( - `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules ) @@ -365,7 +366,8 @@ class GitAuthHelper { const pattern = regexpHelper.escape(configKey) await this.git.submoduleForeach( - `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true ) }