[ACS-5987] improved security for shell scripts (#8889)

* improved security for node process functions * improved security for node process functions * remove unused file from demo shell * restore regex * fix regex * update escaping * lint fixes * fix typo * fix export * fix exports * fix lint * fix lint
2025-07-24 17:32:15 +00:00 · 2023-09-27 10:52:33 +01:00
parent 6d8c513180
commit 8f684a9f6a
20 changed files with 233 additions and 311 deletions
--- a/lib/cli/scripts/audit.ts
+++ b/lib/cli/scripts/audit.ts
@@ -21,6 +21,7 @@ import * as shell from 'shelljs';
 import * as ejs from 'ejs';
 import * as path from 'path';
 import * as fs from 'fs';
+import { argv, exit } from 'node:process';
 import program from 'commander';

 export default function main(_args: string[], workingDir: string) {
@@ -29,9 +30,9 @@ export default function main(_args: string[], workingDir: string) {
        .usage('audit [options]')
        .option('-p, --package <path>', 'Path to package file (default: package.json in working directory)')
        .option('-d, --outDir <dir>', 'Ouput directory (default: working directory)')
-        .parse(process.argv);
+        .parse(argv);

-    if (process.argv.includes('-h') || process.argv.includes('--help')) {
+    if (argv.includes('-h') || argv.includes('--help')) {
        program.outputHelp();
        return;
    }
@@ -44,13 +45,13 @@ export default function main(_args: string[], workingDir: string) {

    if (!fs.existsSync(packagePath)) {
        console.error('The package.json file was not found');
-        process.exit(1);
+        exit(1);
    }

    const templatePath = path.resolve(__dirname, '../templates/auditPage.ejs');
    if (!fs.existsSync(templatePath)) {
        console.error(`Cannot find the report template: ${templatePath}`);
-        process.exit(1);
+        exit(1);
    }

    return new Promise((resolve, reject) => {
@@ -61,24 +62,29 @@ export default function main(_args: string[], workingDir: string) {
        const cmd = 'npm audit --json --prod';
        const jsonAudit = JSON.parse(shell.exec(cmd, { silent: true }));

-        ejs.renderFile(templatePath, {
-            jsonAudit,
-            projVersion: packageJson.version,
-            projName: packageJson.name
-        }, {}, (err: any, mdText: string) => {
-            if (err) {
-                console.error(err);
-                reject(1);
-            } else {
-                const outputPath = path.resolve(program.outDir || workingDir);
-                const outputFile = path.join(outputPath, `audit-info-${packageJson.version}.md`);
+        ejs.renderFile(
+            templatePath,
+            {
+                jsonAudit,
+                projVersion: packageJson.version,
+                projName: packageJson.name
+            },
+            {},
+            (err: any, mdText: string) => {
+                if (err) {
+                    console.error(err);
+                    reject(err);
+                } else {
+                    const outputPath = path.resolve(program.outDir || workingDir);
+                    const outputFile = path.join(outputPath, `audit-info-${packageJson.version}.md`);

-                fs.writeFileSync(outputFile, mdText);
+                    fs.writeFileSync(outputFile, mdText);

-                // eslint-disable-next-line no-console
-                console.log(`Report saved as ${outputFile}`);
-                resolve(0);
+                    // eslint-disable-next-line no-console
+                    console.log(`Report saved as ${outputFile}`);
+                    resolve(0);
+                }
            }
-        });
+        );
    });
 }