milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Escape special chars in shell scripts

Browse source
This commit is contained in:
Sander Declerck 2025-10-06 16:25:12 +02:00
parent 04cb001006
commit 486a4b8f68
No known key found for this signature in database
2 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
packages/safe-chain/src/utils/safeSpawn.spec.js
View file

@ -105,5 +105,14 @@ describe("safeSpawn", () => {
assert.strictEqual(spawnCalls[0].command, "npm install axios --save");
assert.strictEqual(spawnCalls[0].options.shell, true);
});
it(`should escape ampersand character (${variant})`, async () => {
await runSafeSpawn(variant, "npx", ["cypress", "run", "--env", "password=foo&bar"]);
assert.strictEqual(spawnCalls.length, 1);
// & should be escaped by wrapping the arg in quotes
assert.strictEqual(spawnCalls[0].command, 'npx cypress run --env "password=foo&bar"');
assert.strictEqual(spawnCalls[0].options.shell, true);
});
}
});