fix: use execFileSync for safer git command execution in lastModified date retrieval

abumalick · abumalick · commit ab341fbb380f · 2025-08-07T20:28:57.000+03:00
diff --git a/scripts/update-sitemap-dates.js b/scripts/update-sitemap-dates.js
@@ -72,8 +72,8 @@ function getUrlToFileMap() {
 function getLastModifiedDate(filePath) {
 	try {
 		// Get the last commit date for the file
-		const gitCommand = `git log -1 --format="%ai" -- "${filePath}"`
-		const result = execSync(gitCommand, {
+		// Use execFileSync to prevent command injection by separating command from arguments
+		const result = execFileSync("git", ["log", "-1", "--format=%ai", "--", filePath], {
 			cwd: path.join(__dirname, "../"), // Go to repo root
 			encoding: "utf8",
 		}).trim()
