From 0c8e056ed3ffddd67d2e1a27d9ba406c8149c523 Mon Sep 17 00:00:00 2001 From: Sanjula Ganepola <32170854+SanjulaGanepola@users.noreply.github.com> Date: Sun, 19 Jan 2025 13:26:54 -0500 Subject: [PATCH] Fix handling of variables, inputs, platforms, and options with spaces (#143) * Properly handle variables, inputs, platforms, and options with spaces Signed-off-by: Sanjula Ganepola * Fix double quotes Signed-off-by: Sanjula Ganepola * Escape double quotes in act args Signed-off-by: Sanjula Ganepola * Potential fix for code scanning alert no. 1: Incomplete string escaping or encoding Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Rename func and update comment Signed-off-by: Sanjula Ganepola --------- Signed-off-by: Sanjula Ganepola Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- src/act.ts | 9 +++++---- src/utils.ts | 7 +++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/act.ts b/src/act.ts index 11bc9cb..07b6ab2 100644 --- a/src/act.ts +++ b/src/act.ts @@ -11,6 +11,7 @@ import { HistoryManager, HistoryStatus } from './historyManager'; import { SecretManager } from "./secretManager"; import { SettingsManager } from './settingsManager'; import { StorageKey, StorageManager } from './storageManager'; +import { Utils } from "./utils"; import { Job, Workflow, WorkflowsManager } from "./workflowsManager"; export enum Event { @@ -629,13 +630,13 @@ export class Act { const userOptions: string[] = [ ...settings.secrets.map(secret => `${Option.Secret} ${secret.key}`), (settings.secretFiles.length > 0 ? `${Option.SecretFile} "${settings.secretFiles[0].path}"` : `${Option.SecretFile} ""`), - ...settings.variables.map(variable => `${Option.Var} ${variable.key}=${variable.value}`), + ...settings.variables.map(variable => `${Option.Var} ${variable.key}="${Utils.escapeSpecialCharacters(variable.value)}"`), (settings.variableFiles.length > 0 ? `${Option.VarFile} "${settings.variableFiles[0].path}"` : `${Option.VarFile} ""`), - ...settings.inputs.map(input => `${Option.Input} ${input.key}=${input.value}`), + ...settings.inputs.map(input => `${Option.Input} ${input.key}="${Utils.escapeSpecialCharacters(input.value)}"`), (settings.inputFiles.length > 0 ? `${Option.InputFile} "${settings.inputFiles[0].path}"` : `${Option.InputFile} ""`), - ...settings.runners.map(runner => `${Option.Platform} ${runner.key}=${runner.value}`), + ...settings.runners.map(runner => `${Option.Platform} ${runner.key}="${Utils.escapeSpecialCharacters(runner.value)}"`), (settings.payloadFiles.length > 0 ? `${Option.EventPath} "${settings.payloadFiles[0].path}"` : `${Option.EventPath} ""`), - ...settings.options.map(option => option.path ? `--${option.name}${option.default && ['true', 'false'].includes(option.default) ? "=" : " "}${option.path}` : `--${option.name}`) + ...settings.options.map(option => option.path ? `--${option.name}${option.default && ['true', 'false'].includes(option.default) ? "=" : " "}"${Utils.escapeSpecialCharacters(option.path)}"` : `--${option.name}`) ]; const command = `${actCommand} ${Option.Json} ${Option.Verbose} ${commandArgs.options.join(' ')} ${userOptions.join(' ')}`; diff --git a/src/utils.ts b/src/utils.ts index 3e1c3a2..50284a8 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -56,4 +56,11 @@ export namespace Utils { } } } + + /** + * Escape all backslashes and double quotes. + */ + export function escapeSpecialCharacters(input: string): string { + return input.replace(/\\/g, '\\\\').replace(/"/g, '\\"'); + } } \ No newline at end of file