Skip to content

Commit

Permalink
Try to supress CodeQL
Browse files Browse the repository at this point in the history
  • Loading branch information
Takeshi committed Feb 17, 2024
1 parent 460ba73 commit 8fcbc1a
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/utils/clone.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,18 @@ export default async function clone(
await rm(archivePath)
}

// Prevent second order command injection

const depth = options?.git?.depth || 1
if (typeof depth !== 'number') {
throw new GitlyCloneError('Invalid depth option')

Check warning on line 48 in src/utils/clone.ts

View check run for this annotation

Codecov / codecov/patch

src/utils/clone.ts#L48 

Added line #L48 was not covered by tests
}

if (info.href.includes('--upload-pack') || directory.includes('--upload-pack')) {
throw new GitlyCloneError('Invalid argument')

Check warning on line 52 in src/utils/clone.ts

View check run for this annotation

Codecov / codecov/patch

src/utils/clone.ts#L52 

Added line #L52 was not covered by tests
}


const child = spawn('git', [
'clone',
'--depth',
Expand Down

0 comments on commit 8fcbc1a

Please sign in to comment.