Cyberbeni
commented
2 years ago Or if we want to prepare for different locations for git then Task.capture(bash: "which git") would be safe to run.
Open Cyberbeni opened 2 years ago
Cyberbeni
commented
2 years ago Or if we want to prepare for different locations for git then Task.capture(bash: "which git") would be safe to run.
For example this: https://github.com/yonaskolb/Mint/blob/30101d25524043fd753d25d033b438f943a585b5/Sources/MintKit/Mint.swift#L163
Has a warning that it is unsafe: https://github.com/jakeheis/SwiftCLI/blob/2e949055d9797c1a6bddcda0e58dada16cc8e970/Sources/SwiftCLI/Task.swift#L262
And it could be written like this:
I don't know if any of the commands can be set up to do RCE but there is no reason to take any chances with it when there are functions that take arguments in a string array instead of in a single string separated by spaces. (The linked code probably doesn't even work if you have a space somewhere in the gitPath)