uebelack / tossitin

100%

push

github

🔒 fix: add shell escape utility to prevent command injection vulnerabilities

Added a new `escapeShell` utility function to properly escape special characters in git commit messages, preventing potential command injection attacks. This addresses a security vulnerability where unescaped quotes, backticks, or dollar signs in commit messages could lead to arbitrary command execution.

Changes include:
- Create `escapeShell` utility to sanitize shell input by escaping `"`, `\`, `$`, and `` ` `` characters
- Apply shell escaping to commit message titles and descriptions in commit.mjs
- Add comprehensive test coverage for the new utility function
- Expand test suites across multiple modules (commit, branch, add, jira, config)
- Add user cancellation handling tests for branch and commit flows
- Fix CI workflow order (enable Corepack before setup-node)
- Add debug mode logging tests

100 of 100 branches covered (100.0%)

Branch coverage included in aggregate %.

2 of 2 new or added lines in 2 files covered. (100.0%)

155 of 155 relevant lines covered (100.0%)

11.29 hits per line