fix(dotnet): should work with paths that contain spaces #392
Conversation
When a user has a project that contains a space in it's name the command failed because it does not escaped the space to the shell command. Fixes nx-dotnet#308
# Conflicts: # packages/dotnet/src/lib/core/dotnet.client.ts
☁️ Nx Cloud ReportCI ran the following commands for commit 4ee665d. Click to see the status, the terminal output, and the build insights. 📂 See all runs for this branch ✅ Successfully ran 5 targetsSent with 💌 from NxCloud. |
|
Hey @asinino, I've been looking over the code and I'm not sure why the format executor is failing on this branch. It seems like the isNet60OrHigher flag is set incorrectly, I'll look into this a bit |
| private execute(cmd: string): Buffer { | ||
| return execSync(cmd, { cwd: this.cwd || process.cwd() }); | ||
| private execute(params: string[]): Buffer { | ||
| return spawnSync(this.cliCommand.command, params, { |
There was a problem hiding this comment.
Why are we swapping to spawnSync over execSync here? This is more complex maintainability-wise and shouldn't be needed.
There was a problem hiding this comment.
I'm not totally opposed to spawnSync actually, some stuff does work out better this way.
There was a problem hiding this comment.
Sorry, had a lengthy meeting couldn't look into this.
I converted to spawnSync to avoid converting all parameters to string first, spawnSync let us pass each parameter on the array so it is automatically escaped.
With execSync I had some problems passing on "Security Hotspot" tests because it allowed the user to pass arbitrary commands to execSync, like appending in the last parameter: "&& rm -rf *" this would delete everything on the current folder. Using the spawnSync command prevents the user to do this.
There was a problem hiding this comment.
So with nx-plugins and other dev tooling in general, the hotspots that pop up from sonarqube can be mostly ignored. The reason being that those commands are being run by the developer, on their own machine. It's not really an attack point, as someone would already have to be able to run arbitrary commands to exercise it.
The solution for most things that come up like that, are just for me to hit the "not a problem" button while reviewing the PR.
There was a problem hiding this comment.
That would be a lot easier because I had to change the method a lot, I'll take it into account next time, for this one I was kinda in a rush to have a deployable version because the previous one was broken.
| return execSync(cmd, { cwd: this.cwd || process.cwd() }); | ||
| private execute(params: string[]): Buffer { | ||
| return spawnSync(this.cliCommand.command, params, { | ||
| stdio: 'inherit', |
There was a problem hiding this comment.
Adding 'inherit' here causes the returned buffers to be empty
There was a problem hiding this comment.
I have a new solution for this have to discuss with you, I didn't merge it yet. This should resolve the problem:
private execute(params: string[], stdio: StdioOptions = 'pipe'): Buffer {
const proc = spawnSync(this.cliCommand.command, params, {
stdio,
cwd: this.cwd || process.cwd(),
});
let result = Buffer.alloc(0);
if (proc?.stdout) {
result = Buffer.concat([result, proc.stdout]);
}
if (proc?.stderr) {
result = Buffer.concat([result, proc.stderr]);
}
return result;
}There was a problem hiding this comment.
This would work, but its fine to duplicate the spawnSync call for this. The idea behind execute is that we are doing some kind of processing to the Buffer on our side, and we need it. If we are displaying the outputs of the command to the user, its the wrong method to use.
There was a problem hiding this comment.
I agree with different calls for spawnSync with different behavior, it's easier to not mess it up.
| console.log( | ||
| `Executing Command: ${this.cliCommand.command} ${params.join(', ')}`, | ||
| ); | ||
| return this.execute(params); |
There was a problem hiding this comment.
This method needs the 'stdio: inherit' so that things like nx build show terminal output.
AgentEnder
force-pushed
the
fix/issue#308
branch
from
9838ba6 to
5fdaccc
Compare
AgentEnder
force-pushed
the
fix/issue#308
branch
from
5fdaccc to
4ee665d
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
AgentEnder
changed the title
## [1.9.5](v1.9.4...v1.9.5) (2022-03-03) ### Bug Fixes * **dotnet:** should work with paths that contain spaces ([#392](#392)) ([fa86355](fa86355)) Mar 3, 2022, 5:02 PM
|
🎉 This PR is included in version 1.9.5 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Please review the code before merging it.