Skip to content
This repository was archived by the owner on Jan 10, 2023. It is now read-only.

Commit f429409

Browse files
drazisildrazisil
authored
Merge pull request #164 from codecov/sanitize-gcov-options
[CE-1263] Sanitize gcov-args
2 parents 9bde072 + 2f4eff9 commit f429409

File tree

3 files changed

+10
-3
lines changed

3 files changed

+10
-3
lines changed

lib/codecov.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ var urlgrey = require('urlgrey')
55
var jsYaml = require('js-yaml')
66
var walk = require('ignore-walk')
77
var execSync = require('child_process').execSync
8+
var validator = require('validator')
89

910
var detectProvider = require('./detect')
1011

@@ -397,9 +398,9 @@ var upload = function(args, on_success, on_failure) {
397398
" -type f -name '*.gcno' " +
398399
gcg +
399400
' -exec ' +
400-
(args.options['gcov-exec'] || 'gcov') +
401+
(validator.escape(args.options['gcov-exec']) || 'gcov') +
401402
' ' +
402-
(args.options['gcov-args'] || '') +
403+
(validator.escape(args.options['gcov-args']) || '') +
403404
' {} +'
404405
} else {
405406
// @TODO support for root

package-lock.json

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,8 @@
3535
"ignore-walk": "^3.0.1",
3636
"js-yaml": "^3.13.1",
3737
"teeny-request": "^3.11.3",
38-
"urlgrey": "^0.4.4"
38+
"urlgrey": "^0.4.4",
39+
"validator": "^12.1.0"
3940
},
4041
"devDependencies": {
4142
"eslint": "^5.16.0",

0 commit comments

Comments
 (0)