You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
refactor: validate Windows override values before shell injection
The wrapper injects org identifiers and Azure signing config into the
electron-builder command as double-quoted CLI overrides, then runs it through
spawnSync with shell:true (needed to split the space-separated multi-target
string into argv). A value containing a double quote, newline, or shell
metacharacter could shift argument boundaries or be expanded by the shell.
These values come from repo maintainers, not untrusted input, so this isn't a
security boundary — it's a fail-fast guard that surfaces a misconfigured repo
Variable here, where it's fixable, instead of as a malformed electron-builder
command line. Route both override sites through one helper that rejects the
quote-breaking characters.
The shell:true call itself is slated to go away in a future electron-builder
upgrade, passing argv as an array so no quoting is needed at all.
0 commit comments