wrap pipeline commands for submoduleForeach in quotes (#964)

* wrap pipeline commands for submoduleForeach in quotes * Update src/git-auth-helper.ts drop extraneous space. Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * Followed CONTRIBUTING.md instructions, updating dist/index.js * fixed package-lock.json * updating the pipeline so it runs from sh Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-11-21 18:11:15 +01:00 · 2022-11-15 18:51:19 -08:00 · 2022-11-15 18:51:19 -08:00 · bf085276ce
commit bf085276ce
parent 5c3ccc22eb
2 changed files with 10 additions and 4 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -7121,7 +7121,9 @@ class GitAuthHelper {
                // Configure a placeholder value. This approach avoids the credential being captured
                // by process creation audit events, which are commonly logged. For more information,
                // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
-                const output = yield this.git.submoduleForeach(`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules);
+                const output = yield this.git.submoduleForeach(
+                // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+                `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules);
                // Replace the placeholder
                const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || [];
                for (const configPath of configPaths) {
@ -7288,7 +7290,9 @@ class GitAuthHelper {
                }
            }
            const pattern = regexpHelper.escape(configKey);
-            yield this.git.submoduleForeach(`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, true);
+            yield this.git.submoduleForeach(
+            // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+            `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true);
        });
    }
 }
--- a/src/git-auth-helper.ts
+++ b/src/git-auth-helper.ts
@ -157,7 +157,8 @@ class GitAuthHelper {
      // by process creation audit events, which are commonly logged. For more information,
      // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing
      const output = await this.git.submoduleForeach(
-        `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`,
+        // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+        `sh -c "git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`,
        this.settings.nestedSubmodules
      )

@ -365,7 +366,8 @@ class GitAuthHelper {

    const pattern = regexpHelper.escape(configKey)
    await this.git.submoduleForeach(
-      `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`,
+      // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline
+      `sh -c "git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`,
      true
    )
  }