actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

replacing exec with execFile for security

pull/1255/head
Vallie Joseph 2022-12-07 18:19:23 +00:00
parent b56e7fcd67
commit aee8700cae
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/io/src/io.ts
View File

@ -4,7 +4,6 @@ import * as path from 'path'
import {promisify} from 'util' import {promisify} from 'util'
import * as ioUtil from './io-util' import * as ioUtil from './io-util'
const exec = promisify(childProcess.exec)
const execFile = promisify(childProcess.execFile) const execFile = promisify(childProcess.execFile)
/** /**
@ -129,11 +128,11 @@ export async function rmRF(inputPath: string): Promise<void> {
try { try {
const cmdPath = ioUtil.getCmdPath() const cmdPath = ioUtil.getCmdPath()
if (await ioUtil.isDirectory(inputPath, true)) { if (await ioUtil.isDirectory(inputPath, true)) {
await exec(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, { await execFile(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, {
env: {inputPath} env: {inputPath}
}) })
} else { } else {
await exec(`${cmdPath} /s /c "del /f /a "%inputPath%""`, { await execFile(`${cmdPath} /s /c "del /f /a "%inputPath%""`, {
env: {inputPath} env: {inputPath}
}) })
} }