cedarstalking with keyboard shortcuts
feat: use execFile to avoid shell injection
+5
-4
+5
-4
src/auth.ts
+5
-4
src/auth.ts
···
1
1
import { environment, LocalStorage, showToast, Toast } from "@raycast/api";
2
-
import { exec, spawn } from "child_process";
3
-
import { mkdir, readFile, stat, symlink, unlink, writeFile } from "fs/promises";
2
+
import { exec, execFile, spawn } from "child_process";
3
+
import { mkdir, readFile, rm, stat, symlink, unlink, writeFile } from "fs/promises";
4
4
import * as os from "os";
5
5
import * as path from "path";
6
6
import { promisify } from "util";
7
7
8
8
const execAsync = promisify(exec);
9
+
const execFileAsync = promisify(execFile);
9
10
const COOKIE_KEY = "session_cookie";
10
11
11
12
// Use /tmp directly (not os.tmpdir) so paths match the Swift binary's hardcoded path.
···
108
109
try {
109
110
// Use `xcrun swiftc` (not the raw path) so xcrun sets up DEVELOPER_DIR and
110
111
// the correct SDK — running the swiftc binary directly loses that context.
111
-
await execAsync(`xcrun swiftc -O "${swiftSrc}" -o "${binaryPath}"`);
112
+
await execFileAsync("xcrun", ["swiftc", "-O", swiftSrc, "-o", binaryPath]);
112
113
} finally {
113
114
await toast.hide();
114
115
}
···
123
124
const bundledBinary = path.join(macosDir, "auth-browser");
124
125
125
126
// Always recreate fresh so Launch Services sees a new bundle.
126
-
await execAsync(`rm -rf "${appDir}"`).catch(() => {});
127
+
await rm(appDir, { recursive: true, force: true }).catch(() => {});
127
128
await mkdir(macosDir, { recursive: true });
128
129
await symlink(binaryPath, bundledBinary);
129
130