uebelack / tossitin / 24633700949 / 1

100%

main: 100%

push

github

🔒 fix: add shell escape utility to prevent command injection vulnerabilities

Added a new `escapeShell` utility function to properly escape special characters in git commit messages, preventing potential command injection attacks. This addresses a security vulnerability where unescaped quotes, backticks, or dollar signs in commit messages could lead to arbitrary command execution.

Changes include:
- Create `escapeShell` utility to sanitize shell input by escaping `"`, `\`, `$`, and `` ` `` characters
- Apply shell escaping to commit message titles and descriptions in commit.mjs
- Add comprehensive test coverage for the new utility function
- Expand test suites across multiple modules (commit, branch, add, jira, config)
- Add user cancellation handling tests for branch and commit flows
- Fix CI workflow order (enable Corepack before setup-node)
- Add debug mode logging tests

102 of 102 branches covered (100.0%)

Branch coverage included in aggregate %.

310 of 310 relevant lines covered (100.0%)

5.65 hits per line