|
116 | 116 |
|
117 | 117 | hook_status = OpenStruct.new(success?: true, exitstatus: 0) |
118 | 118 | webpack_status = OpenStruct.new(success?: true) |
| 119 | + hook_command = "bin/verbose-hook" |
119 | 120 |
|
120 | | - call_count = 0 |
121 | 121 | allow(Open3).to receive(:capture3) do |*args| |
122 | | - call_count += 1 |
123 | | - if call_count == 1 |
| 122 | + if args[1] == hook_command |
124 | 123 | ["Standard output", "Warning message", hook_status] |
125 | 124 | else |
126 | 125 | ["", "", webpack_status] |
127 | 126 | end |
128 | 127 | end |
129 | 128 |
|
130 | | - allow(Shakapacker.config).to receive(:precompile_hook).and_return("bin/verbose-hook") |
| 129 | + allow(Shakapacker.config).to receive(:precompile_hook).and_return(hook_command) |
131 | 130 |
|
132 | 131 | expect(Shakapacker.compiler.compile).to be true |
133 | 132 | end |
|
172 | 171 |
|
173 | 172 | hook_status = OpenStruct.new(success?: true, exitstatus: 0) |
174 | 173 | webpack_status = OpenStruct.new(success?: true) |
| 174 | + hook_command = "'bin/my script' --arg1 --arg2" |
| 175 | + hook_executable = "bin/my script" |
175 | 176 |
|
176 | | - call_count = 0 |
177 | 177 | allow(Open3).to receive(:capture3) do |*args| |
178 | | - call_count += 1 |
179 | | - if call_count == 1 |
| 178 | + if args[1] == hook_executable |
180 | 179 | ["", "", hook_status] |
181 | 180 | else |
182 | 181 | ["", "", webpack_status] |
183 | 182 | end |
184 | 183 | end |
185 | 184 |
|
186 | 185 | # Hook command with quoted path containing spaces |
187 | | - allow(Shakapacker.config).to receive(:precompile_hook).and_return("'bin/my script' --arg1 --arg2") |
| 186 | + allow(Shakapacker.config).to receive(:precompile_hook).and_return(hook_command) |
188 | 187 | allow(File).to receive(:exist?).and_call_original |
189 | 188 | allow(File).to receive(:exist?).with(anything).and_return(true) |
190 | 189 |
|
|
198 | 197 |
|
199 | 198 | hook_status = OpenStruct.new(success?: true, exitstatus: 0) |
200 | 199 | webpack_status = OpenStruct.new(success?: true) |
| 200 | + hook_command = "bin/nonexistent-hook" |
201 | 201 |
|
202 | | - call_count = 0 |
203 | 202 | allow(Open3).to receive(:capture3) do |*args| |
204 | | - call_count += 1 |
205 | | - if call_count == 1 |
| 203 | + if args[1] == hook_command |
206 | 204 | ["", "", hook_status] |
207 | 205 | else |
208 | 206 | ["", "", webpack_status] |
209 | 207 | end |
210 | 208 | end |
211 | 209 |
|
212 | | - allow(Shakapacker.config).to receive(:precompile_hook).and_return("bin/nonexistent-hook") |
| 210 | + allow(Shakapacker.config).to receive(:precompile_hook).and_return(hook_command) |
213 | 211 | allow(File).to receive(:exist?).and_call_original |
214 | 212 | allow(File).to receive(:exist?).with(anything).and_return(false) |
215 | 213 |
|
|
245 | 243 |
|
246 | 244 | hook_status = OpenStruct.new(success?: true, exitstatus: 0) |
247 | 245 | webpack_status = OpenStruct.new(success?: true) |
| 246 | + hook_command = "bin/prepare && rm -rf /" |
| 247 | + hook_executable = "bin/prepare" |
248 | 248 |
|
249 | | - call_count = 0 |
250 | 249 | captured_args = [] |
251 | 250 | allow(Open3).to receive(:capture3) do |env, *args| |
252 | | - call_count += 1 |
253 | | - captured_args << args if call_count == 1 |
254 | | - if call_count == 1 |
| 251 | + captured_args << args if args[0] == hook_executable |
| 252 | + if args[0] == hook_executable |
255 | 253 | ["", "", hook_status] |
256 | 254 | else |
257 | 255 | ["", "", webpack_status] |
|
260 | 258 |
|
261 | 259 | # This malicious command would execute "rm -rf /" if passed to a shell |
262 | 260 | # With shell-free execution, it's treated as arguments to bin/prepare |
263 | | - allow(Shakapacker.config).to receive(:precompile_hook).and_return("bin/prepare && rm -rf /") |
| 261 | + allow(Shakapacker.config).to receive(:precompile_hook).and_return(hook_command) |
264 | 262 | allow(File).to receive(:exist?).and_call_original |
265 | 263 | allow(File).to receive(:exist?).with(anything).and_return(true) |
266 | 264 |
|
|
278 | 276 |
|
279 | 277 | hook_status = OpenStruct.new(success?: true, exitstatus: 0) |
280 | 278 | webpack_status = OpenStruct.new(success?: true) |
| 279 | + hook_command = "FOO=bar BAZ=qux bin/hook --arg" |
| 280 | + hook_executable = "bin/hook" |
281 | 281 |
|
282 | | - call_count = 0 |
283 | 282 | captured_env = nil |
284 | 283 | allow(Open3).to receive(:capture3) do |env, *args| |
285 | | - call_count += 1 |
286 | | - captured_env = env if call_count == 1 |
287 | | - if call_count == 1 |
| 284 | + captured_env = env if args[0] == hook_executable |
| 285 | + if args[0] == hook_executable |
288 | 286 | ["", "", hook_status] |
289 | 287 | else |
290 | 288 | ["", "", webpack_status] |
291 | 289 | end |
292 | 290 | end |
293 | 291 |
|
294 | | - allow(Shakapacker.config).to receive(:precompile_hook).and_return("FOO=bar BAZ=qux bin/hook --arg") |
| 292 | + allow(Shakapacker.config).to receive(:precompile_hook).and_return(hook_command) |
295 | 293 | allow(File).to receive(:exist?).and_call_original |
296 | 294 | allow(File).to receive(:exist?).with(anything).and_return(true) |
297 | 295 |
|
|
0 commit comments