fix(utils): resolve command injection vulnerability in emptyFolder

mhassan1 · mhassan1 · commit f27ad444685d · 2025-09-16T13:03:52.000-04:00
diff --git a/lib/utils.js b/lib/utils.js
@@ -477,7 +477,10 @@ module.exports.isNotSet = function (obj) {
 }
 
 module.exports.emptyFolder = directoryPath => {
-  require('child_process').execSync(`rm -rf ${directoryPath}/*`)
+  if (!fs.existsSync(directoryPath)) return
+  for (const file of fs.readdirSync(directoryPath)) {
+    fs.rmSync(path.join(directoryPath, file), { recursive: true, force: true })
+  }
 }
 
 module.exports.printObjectProperties = obj => {

Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,10 @@ module.exports.isNotSet = function (obj) {`
`477`	`477`	`}`
`478`	`478`
`479`	`479`	`module.exports.emptyFolder = directoryPath => {`
`480`		- require('child_process').execSync(`rm -rf ${directoryPath}/*`)
	`480`	`+ if (!fs.existsSync(directoryPath)) return`
	`481`	`+ for (const file of fs.readdirSync(directoryPath)) {`
	`482`	`+ fs.rmSync(path.join(directoryPath, file), { recursive: true, force: true })`
	`483`	`+ }`
`481`	`484`	`}`
`482`	`485`
`483`	`486`	`module.exports.printObjectProperties = obj => {`