youwen5/eexiv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: add deepcode ignore comment for IndirectCommandInjection in execSync call

Browse source
This commit is contained in:
q9i 2024-03-03 18:43:24 -08:00 committed by Ananth Venkatesh
parent 180082be4b
commit b342595da6
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
scripts/zenodo.ts
View file

@ -9,6 +9,7 @@ const run = (cmd: string): string | Buffer => {
try { try {
// sanitize user input before running to prevent arbitrary code execution // sanitize user input before running to prevent arbitrary code execution
cmd = shellescape(cmd.split(' ')) cmd = shellescape(cmd.split(' '))
// deepcode ignore IndirectCommandInjection: fixed in #36
const output = execSync(cmd, { stdio: 'pipe' }) const output = execSync(cmd, { stdio: 'pipe' })
return output return output
} catch (error) { } catch (error) {