From bf085276cecdb0cc76fbbe0687a5a0e786646936 Mon Sep 17 00:00:00 2001
From: Jok <67024248+jokreliable@users.noreply.github.com>
Date: Tue, 15 Nov 2022 18:51:19 -0800
Subject: [PATCH] wrap pipeline commands for submoduleForeach in quotes (#964)
* wrap pipeline commands for submoduleForeach in quotes
* Update src/git-auth-helper.ts
drop extraneous space.
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* Followed CONTRIBUTING.md instructions, updating dist/index.js
* fixed package-lock.json
* updating the pipeline so it runs from sh
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---
dist/index.js | 8 ++++++--
src/git-auth-helper.ts | 6 ++++--
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/dist/index.js b/dist/index.js
index 63072b8..47a99f1 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -7121,7 +7121,9 @@ class GitAuthHelper {
// Configure a placeholder value. This approach avoids the credential being captured
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
- const output = yield this.git.submoduleForeach(`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
+ const output = yield this.git.submoduleForeach(
+ // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+ `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
// Replace the placeholder
const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
for (const configPath of configPaths) {
@@ -7288,7 +7290,9 @@ class GitAuthHelper {
}
}
const pattern = regexpHelper.escape(configKey);
- yield this.git.submoduleForeach(`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, true);
+ yield this.git.submoduleForeach(
+ // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+ `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
});
}
}
diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts
index 3c6db8e..6e3ad28 100644
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@@ -157,7 +157,8 @@ class GitAuthHelper {
// by process creation audit events, which are commonly logged. For more information,
// refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
const output = await this.git.submoduleForeach(
- `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+ // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+ `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
this.settings.nestedSubmodules
)
@@ -365,7 +366,8 @@ class GitAuthHelper {
const pattern = regexpHelper.escape(configKey)
await this.git.submoduleForeach(
- `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
+ // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+ `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
true
)
}