anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 14:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent command injection in git hash-object call (#297)

Browse Source 
* Update package name to reference under the @Anthropic-AI NPM org

* fix: prevent command injection in git hash-object call

* Revert accidental change
This commit is contained in:
David Dworken
2025-07-18 09:58:22 -07:00
committed by GitHub
parent d4d7974604
commit 00b4a23551
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/github/data/fetcher.ts
View File

@@ -1,4 +1,4 @@
import { execSync } from "child_process"; import { execFileSync } from "child_process";
import type { Octokits } from "../api/client"; import type { Octokits } from "../api/client";
import { ISSUE_QUERY, PR_QUERY, USER_QUERY } from "../api/queries/github"; import { ISSUE_QUERY, PR_QUERY, USER_QUERY } from "../api/queries/github";
import type { import type {
@@ -114,7 +114,7 @@ export async function fetchGitHubData({
try { try {
// Use git hash-object to compute the SHA for the current file content // Use git hash-object to compute the SHA for the current file content
const sha = execSync(`git hash-object "${file.path}"`, { const sha = execFileSync("git", ["hash-object", file.path], {
encoding: "utf-8", encoding: "utf-8",
}).trim(); }).trim();
return { return {