[ACS-5987] improved security for shell scripts (#8889)

* improved security for node process functions * improved security for node process functions * remove unused file from demo shell * restore regex * fix regex * update escaping * lint fixes * fix typo * fix export * fix exports * fix lint * fix lint
2025-07-24 17:32:15 +00:00 · 2023-09-27 10:52:33 +01:00
parent 6d8c513180
commit 8f684a9f6a
20 changed files with 233 additions and 311 deletions
--- a/lib/cli/scripts/docker.ts
+++ b/lib/cli/scripts/docker.ts
@@ -17,6 +17,7 @@
 * limitations under the License.
 */

+import { argv, exit } from 'node:process';
 import { exec } from './exec';
 import program from 'commander';
 import { logger } from './logger';
@@ -42,6 +43,7 @@ export interface PublishArgs {
    dockerTags?: string;
    pathProject: string;
    fileName: string;
+    sourceTag?: string;
 }

 function loginPerform(args: PublishArgs) {
@@ -97,15 +99,13 @@ function cleanImagePerform(args: PublishArgs, tag: string) {
    logger.info(response);
 }

-export default function(args: PublishArgs) {
-    main(args);
-}
-
-function main(args) {
+export default function main(args: PublishArgs) {
    program
        .version('0.1.0')
-        .description('Move in the folder where you have your Dockerfile and run the command:\n\n' +
-            'adf-cli docker-publish --dockerRepo "${docker_repository}"  --dockerTags "${TAGS}"')
+        .description(
+            'Move in the folder where you have your Dockerfile and run the command:\n\n' +
+                'adf-cli docker-publish --dockerRepo "${docker_repository}"  --dockerTags "${TAGS}"'
+        )
        .option('--loginRepo [type]', 'URL registry')
        .option('--loginPassword [type]', ' password')
        .option('--loginUsername [type]', ' username')
@@ -119,26 +119,26 @@ function main(args) {
        .option('--target [type]', 'target: publish or link', TARGETS.publish)
        .requiredOption('--dockerRepo [type]', 'docker repo')
        .requiredOption('--dockerTags [type]', ' tags')
-        .parse(process.argv);
+        .parse(argv);

-    if (process.argv.includes('-h') || process.argv.includes('--help')) {
+    if (argv.includes('-h') || argv.includes('--help')) {
        program.outputHelp();
        return;
    }

    if (!Object.values(TARGETS).includes(program.opts().target)) {
        logger.error(`error: invalid --target value. It can be ${Object.values(TARGETS)}`);
-        process.exit(1);
+        exit(1);
    }

    if (program.opts().target === TARGETS.publish && args.buildArgs === undefined) {
        logger.error(`error: required option --buildArgs [type] in case the target is ${TARGETS.publish}`);
-        process.exit(1);
+        exit(1);
    }

    if (program.opts().target === TARGETS.link && args.sourceTag === undefined) {
        logger.error(`error: required option --sourceTag [type] in case the target is ${TARGETS.link}`);
-        process.exit(1);
+        exit(1);
    }

    if (args.pathProject === undefined) {
@@ -153,7 +153,7 @@ function main(args) {
        loginPerform(args);
    }

-    let mainTag;
+    let mainTag: string;
    if (args.dockerTags !== '') {
        args.dockerTags.split(',').forEach((tag, index) => {
            if (tag) {