The Node documentation for `exec` states:
> Never pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.
The `folder` variable comes directly from the `NX_CACHE_DIRECTORY` environment variable (or from `nx.json`). Careful crafting of this variable can result in NX executing arbitrary commands.
This patch fixes this by using `execFile`, which does not spawn a shell.
Only use parent directory for outputs if output is a file. Closes#8504.
This bug has been caused by 16e9f58f76.
Co-authored-by: skrtheboss <denisfrenademetz97@gmail.com>
* fix(core): use fs/promises instead of promisifying with the util module
* chore(core): use path exists instead of existsSync
Co-authored-by: Jason Jean <jasonjean1993@gmail.com>
* fix(core): wrap writing cache hash into try/catch
Instead of failing the task run process it will allow the process to continue.
Fixes of #6957
* fix(core): ignore errors writing latest output hash cache files
Co-authored-by: Leosvel Pérez Espinosa <leosvel.perez.espinosa@gmail.com>
* cleanup(core): normalized usage of fs-extra and updated fs-extra
* cleanup(misc): use fs over fs-extra when possible
Co-authored-by: Jason Jean <jasonjean1993@gmail.com>
Makes the cache put code slightly more flexible, which allows for specified outputs to be not
just
folder but also files. This allows for greater flexibility of control when it comes to which
files
you want Nx to cache, so you could exclude sub folders of your dist. This is useful so that
Nx
doesn't spend time copying sometimes complex folder structures to cache (i.e. node_modules in
the
case of using npm link).
