Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…code-scanning/448 - using a safer script execution
  • Loading branch information
delanni committed Aug 28, 2024
1 parent 02a3992 commit 8b3ead7
Showing 1 changed file with 37 additions and 11 deletions.
48 changes: 37 additions & 11 deletions src/dev/run_quick_checks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@
* Side Public License, v 1.
*/

import { exec } from 'child_process';
import { execFile } from 'child_process';
import { availableParallelism } from 'os';
import { join, isAbsolute } from 'path';
import { readdirSync, readFileSync } from 'fs';
import { isAbsolute, join } from 'path';
import { existsSync, readdirSync, readFileSync } from 'fs';

import { run, RunOptions } from '@kbn/dev-cli-runner';
import { REPO_ROOT } from '@kbn/repo-info';
Expand Down Expand Up @@ -54,7 +54,7 @@ void run(async ({ log, flagsReader }) => {
targetFile: flagsReader.string('file'),
targetDir: flagsReader.string('dir'),
checks: flagsReader.string('checks'),
});
}).map((script) => (isAbsolute(script) ? script : join(REPO_ROOT, script)));

logger.write(
`--- Running ${scriptsToRun.length} checks, with parallelism ${MAX_PARALLELISM}...`,
Expand Down Expand Up @@ -108,7 +108,7 @@ function collectScriptsToRun(inputOptions: {
}
}

async function runAllChecks(scriptsToRun: string[]) {
async function runAllChecks(scriptsToRun: string[]): Promise<CheckResult[]> {
const checksRunning: Array<Promise<any>> = [];
const checksFinished: CheckResult[] = [];

Expand All @@ -121,10 +121,20 @@ async function runAllChecks(scriptsToRun: string[]) {

const check = runCheckAsync(script);
checksRunning.push(check);
check.then((result) => {
checksRunning.splice(checksRunning.indexOf(check), 1);
checksFinished.push(result);
});
check
.then((result) => {
checksRunning.splice(checksRunning.indexOf(check), 1);
checksFinished.push(result);
})
.catch((error) => {
checksRunning.splice(checksRunning.indexOf(check), 1);
checksFinished.push({
success: false,
script,
output: error.message,
durationMs: 0,
});
});
}

await sleep(1000);
Expand All @@ -138,9 +148,10 @@ async function runCheckAsync(script: string): Promise<CheckResult> {
const startTime = Date.now();

return new Promise((resolve) => {
const scriptProcess = exec(script);
validateScriptPath(script);
const scriptProcess = execFile('bash', [script]);
let output = '';
const appendToOutput = (data: string | Buffer) => (output += data);
const appendToOutput = (data: string | Buffer) => (output += data.toString());

scriptProcess.stdout?.on('data', appendToOutput);
scriptProcess.stderr?.on('data', appendToOutput);
Expand Down Expand Up @@ -194,3 +205,18 @@ function humanizeTime(ms: number) {
return `${minutes}m ${seconds}s`;
}
}

function validateScriptPath(scriptPath: string) {
if (!isAbsolute(scriptPath)) {
logger.error(`Invalid script path: ${scriptPath}`);
throw new Error('Invalid script path');
} else if (!scriptPath.endsWith('.sh')) {
logger.error(`Invalid script extension: ${scriptPath}`);
throw new Error('Invalid script extension');
} else if (!existsSync(scriptPath)) {
logger.error(`Script not found: ${scriptPath}`);
throw new Error('Script not found');
} else {
return;
}
}

0 comments on commit 8b3ead7

Please sign in to comment.