diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5c76465..0166bea 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,7 +3,7 @@ ## Submitting a pull request 1. Fork and clone the repository -1. Configure and install the dependencies: `npm install` +1. Configure and install the dependencies: `npm ci` 1. Create a new branch: `git checkout -b my-branch-name` 1. Make your change, add tests, and make sure the tests still pass: `npm run test` 1. Make sure your code is correctly formatted: `npm run format` diff --git a/dist/index.js b/dist/index.js index 63072b8..0694ee6 100644 --- a/dist/index.js +++ b/dist/index.js @@ -7121,7 +7121,9 @@ class GitAuthHelper { // Configure a placeholder value. This approach avoids the credential being captured // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing - const output = yield this.git.submoduleForeach(`git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, this.settings.nestedSubmodules); + const output = yield this.git.submoduleForeach( + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `"git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules); // Replace the placeholder const configPaths = output.match(/(?<=(^|\n)file:)[^\t]+(?=\tremote\.origin\.url)/g) || []; for (const configPath of configPaths) { @@ -7288,7 +7290,9 @@ class GitAuthHelper { } } const pattern = regexpHelper.escape(configKey); - yield this.git.submoduleForeach(`git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, true); + yield this.git.submoduleForeach( + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `"git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true); }); } } diff --git a/src/git-auth-helper.ts b/src/git-auth-helper.ts index 3c6db8e..ffc5c5e 100644 --- a/src/git-auth-helper.ts +++ b/src/git-auth-helper.ts @@ -157,7 +157,8 @@ class GitAuthHelper { // by process creation audit events, which are commonly logged. For more information, // refer to https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing const output = await this.git.submoduleForeach( - `git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url`, + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `"git config --local '${this.tokenConfigKey}' '${this.tokenPlaceholderConfigValue}' && git config --local --show-origin --name-only --get-regexp remote.origin.url"`, this.settings.nestedSubmodules ) @@ -365,7 +366,8 @@ class GitAuthHelper { const pattern = regexpHelper.escape(configKey) await this.git.submoduleForeach( - `git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :`, + // wrap the pipeline in quotes to make sure it's handled properly by submoduleForeach, rather than just the first part of the pipeline + `"git config --local --name-only --get-regexp '${pattern}' && git config --local --unset-all '${configKey}' || :"`, true ) }