Skip to content

fix: replace exec with spawnSync in VS Code extension #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ereslibre merged 2 commits into from
Aug 27, 2025
Merged

fix: replace exec with spawnSync in VS Code extension #105

ereslibre merged 2 commits into from
Aug 27, 2025

Conversation

@ereslibre
Copy link
Collaborator

@ereslibre ereslibre commented Aug 27, 2025

Replace the remaining exec invocations with spawnSync across the VS Code extension codebase for improved security and better argument handling. This change also enables opening shell access for completed tasks in addition to running tasks.

Changes

  • packages/extension/src/extension.mts: Replaced async spawn with synchronous spawnSync for git operations and GitHub CLI commands
  • packages/extension/src/lib/os.mts: Added new spawnSync wrapper with consistent error handling
  • packages/cli/src/lib/git.ts: Updated to use the centralized spawnSync from os.js
  • packages/cli/src/lib/os.ts: Exported SpawnSyncReturns type for better type safety
  • packages/extension/src/views/: Updated task detail and webview components to allow shell access for completed tasks

Notes

This change eliminates shell injection vulnerabilities by using direct process spawning and provides better error handling. The shell functionality is now available for both running and completed tasks, improving the developer experience when inspecting finished work.

Closes: #97

@ereslibre ereslibre self-assigned this Aug 27, 2025
@ereslibre ereslibre requested a review from Angelmmiguel August 27, 2025 08:39
Angelmmiguel
Angelmmiguel approved these changes Aug 27, 2025
View reviewed changes
Copy link
Contributor

@Angelmmiguel Angelmmiguel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM! Could you reproduce the original error and confirmed this fixed it? I see now we are throwing the exception, so we get more visibility

@ereslibre
Copy link
Collaborator Author

ereslibre commented Aug 27, 2025

Could you reproduce the original error and confirmed this fixed it?

Yup

Screenshot 2025-08-27 at 11 52 02

I see now we are throwing the exception, so we get more visibility

Yes, still this is to be reworked.

@ereslibre ereslibre merged commit da148af into main Aug 27, 2025
3 checks passed
@ereslibre ereslibre deleted the ereslibre/vscode-extension-fix-diff branch August 27, 2025 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Angelmmiguel Angelmmiguel Angelmmiguel approved these changes

Assignees

@ereslibre ereslibre

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

The diff button in the extension is not working

3 participants

@ereslibre @Angelmmiguel