8087765002

Committed 28 Feb 2024 10:11PM UTC coverage: 47.814%. Remained the same

Build # 8087765002

Build Type

Pull #331

github

Committed by

web-flow

Commit Message

Address vulnerabilities (#332)

Address vulnerabilities by running `npm audit fix`. Some of the package updates include:
- upgrade `@babel/traverse` from v7.10.3 and v7.11.5 to v7.23.9 to prevent Incomplete List of Disallowed Inputs critical [vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2023-45133) fixed in v7.23.2
- upgrade `handlebars` from v4.7.6 to v4.7.8 to prevent [Prototype Pollution](https://nvd.nist.gov/vuln/detail/cve-2021-23383) and [Remote Code Execution](https://nvd.nist.gov/vuln/detail/CVE-2021-23369) fixed in v4.7.7
- upgrade `lodash` from v4.17.20 to v4.17.21 to prevent [Command Injection](https://nvd.nist.gov/vuln/detail/CVE-2021-23337) and [ReDoS](https://nvd.nist.gov/vuln/detail/CVE-2020-28500) fixed in v4.17.21
- upgrade `shell-quote` from 1.7.2 to v1.8.1 to prevent [CVE-2021-42740](https://nvd.nist.gov/vuln/detail/CVE-2021-42740) fixed in v1.7.3

J=VULN-38731
TEST=none

Pull Request Pull Request #331: Version 1.12.5

Run Details

236 of 511 branches covered (46.18%)

Branch coverage included in aggregate %.

0 of 2 new or added lines in 1 file covered. (0.0%)

770 of 1593 relevant lines covered (48.34%)

6.58 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/utils/customcommands/commandexecuter.js

const path = require('path');
const { spawnSync } = require('child_process');
const SystemError = require('../../errors/systemerror');

/**
 * This class is responsible for executing a {@link CustomCommand}.
 * It makes the various Jambo directories available to the command as
 * flags.
 */
exports.CustomCommandExecuter = class {
    constructor(jamboConfig) {
        this._jamboFlags = this._generateJamboFlags(jamboConfig);
    }

    /**
     * Executes the provided {@link CustomCommand}. The result of the execution
     * is returned.
     *
     * @param {CustomCommand} command The command to execute in the shell.
     * @returns {Object} The result of executing the {@link CustomCommand}. This
     *                   object contains stdout, stderr, a status code, and an
     *                   error if the child process failed.
     */
    execute(command) {
        command.addArgs(this._jamboFlags);
        return spawnSync(
            command.getExecutable(),
            command.getArgs(),
            {
                cwd: command.getCwd(),
                shell: true,
                stdio: 'inherit'
            }
        );
    }

    /**
     * Makes command line flags for all of the properties in the given jambo config.
     *
     * @param {Object} jamboConfig The Jambo config object.
     * @returns {Array} An array containing the flags to add to any {@link CustomCommand}.
     */
    _generateJamboFlags(jamboConfig) {
        const jamboFlags = [];
        const prefix = '--jambo';
        const getAbsolutePath = jamboDir => {
            return path.isAbsolute(jamboDir) ?
                jamboDir :
                path.join(process.cwd(), jamboDir);
        }
        Object.entries(jamboConfig.dirs).forEach(([name, value]) => {
            jamboFlags.push([prefix, 'dirs', name].join('.'));
            if (Array.isArray(value)) {
                jamboFlags.push(value.map(dirpath => getAbsolutePath(dirpath)));
            } else {
                jamboFlags.push(getAbsolutePath(value));
            }
        });
        if (jamboConfig.defaultTheme) {
            jamboFlags.push([prefix, 'defaultTheme'].join('.'));
            jamboFlags.push(jamboConfig.defaultTheme);
        }

        return jamboFlags;
    }
}

1	const path = require('path');	×
2	const { spawnSync } = require('child_process');	×
3	const SystemError = require('../../errors/systemerror');	×
4
5	/**
6	* This class is responsible for executing a {@link CustomCommand}.
7	* It makes the various Jambo directories available to the command as
8	* flags.
9	*/
10	exports.CustomCommandExecuter = class {	×
11	constructor(jamboConfig) {
12	this._jamboFlags = this._generateJamboFlags(jamboConfig);	×
13	}
14
15	/**
16	* Executes the provided {@link CustomCommand}. The result of the execution
17	* is returned.
18	*
19	* @param {CustomCommand} command The command to execute in the shell.
20	* @returns {Object} The result of executing the {@link CustomCommand}. This
21	* object contains stdout, stderr, a status code, and an
22	* error if the child process failed.
23	*/
24	execute(command) {
25	command.addArgs(this._jamboFlags);	×
26	return spawnSync(	×
27	command.getExecutable(),
28	command.getArgs(),
29	{
30	cwd: command.getCwd(),
31	shell: true,
32	stdio: 'inherit'
33	}
34	);
35	}
36
37	/**
38	* Makes command line flags for all of the properties in the given jambo config.
39	*
40	* @param {Object} jamboConfig The Jambo config object.
41	* @returns {Array} An array containing the flags to add to any {@link CustomCommand}.
42	*/
43	_generateJamboFlags(jamboConfig) {
44	const jamboFlags = [];	×
45	const prefix = '--jambo';	×
46	const getAbsolutePath = jamboDir => {	×
NEW 47	return path.isAbsolute(jamboDir) ?	×
48	jamboDir :
49	path.join(process.cwd(), jamboDir);
50	}
51	Object.entries(jamboConfig.dirs).forEach(([name, value]) => {	×
NEW 52	jamboFlags.push([prefix, 'dirs', name].join('.'));	×
53	if (Array.isArray(value)) {	×
54	jamboFlags.push(value.map(dirpath => getAbsolutePath(dirpath)));	×
55	} else {
56	jamboFlags.push(getAbsolutePath(value));	×
57	}
58	});
59	if (jamboConfig.defaultTheme) {	×
60	jamboFlags.push([prefix, 'defaultTheme'].join('.'));	×
61	jamboFlags.push(jamboConfig.defaultTheme);	×
62	}
63
64	return jamboFlags;	×
65	}
66	}

yext / jambo / 8087765002

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous