diff --git a/src/common/installHelper.ts b/src/common/installHelper.ts index 9effcb4b5..68380ab5b 100644 --- a/src/common/installHelper.ts +++ b/src/common/installHelper.ts @@ -45,14 +45,11 @@ export async function installiOSApplication(project: AppLauncher, appPath: strin try { // Create dir to iOS app - await childProcess.execToString( - `mkdir ${project.getPackager().getProjectPath()}/expoApp.app`, - ); + const appDir = `${project.getPackager().getProjectPath()}/expoApp.app`; + await childProcess.execFileToString("mkdir", [appDir]); // Unpack .tar.gz file - await childProcess.execToString( - `tar -xf ${appPath} -C ${project.getPackager().getProjectPath()}/expoApp.app`, - ); + await childProcess.execFileToString("tar", ["-xf", appPath, "-C", appDir]); } catch (e) { throw e; } diff --git a/src/extension/android/adb.ts b/src/extension/android/adb.ts index 9a3a24fec..b4b5588d6 100644 --- a/src/extension/android/adb.ts +++ b/src/extension/android/adb.ts @@ -257,7 +257,7 @@ export class AdbHelper { } public installApplicationToEmulator(appPath: string): Promise { - return this.childProcess.execToString(`adb install ${appPath}`); + return this.childProcess.execFileToString("adb", ["install", appPath]); } public executeQuery(deviceId: string, command: string): Promise { diff --git a/src/extension/commands/installExpoGoApplication.ts b/src/extension/commands/installExpoGoApplication.ts index a35f4c01d..ab002425b 100644 --- a/src/extension/commands/installExpoGoApplication.ts +++ b/src/extension/commands/installExpoGoApplication.ts @@ -53,7 +53,9 @@ export class InstallExpoGoApplication extends Command { ); const targetUrl = expoUrlInfo.androidClientUrl; - const androidClientVersion = expoUrlInfo.androidClientVersion as string; + const androidClientVersion = validateVersion( + expoUrlInfo.androidClientVersion as string, + ); const fileName = `${this.project .getPackager() .getProjectPath()}/expogo_${androidClientVersion}.apk`; @@ -99,7 +101,9 @@ export class InstallExpoGoApplication extends Command { ); const targetUrl = expoUrlInfo.iosClientUrl; - const iOSClientVersion = expoUrlInfo.iosClientVersion as string; + const iOSClientVersion = validateVersion( + expoUrlInfo.iosClientVersion as string, + ); const tarFile = `${this.project .getPackager() @@ -147,10 +151,7 @@ export class InstallExpoGoApplication extends Command { async function fetchJson(url: string): Promise { return new Promise((fulfill, reject) => { - const requestOptions: https.RequestOptions = {}; - requestOptions.rejectUnauthorized = false; // CodeQL [js/disabling-certificate-validation] Debug extension does not need to verify certificate - - const request = https.get(url, requestOptions, response => { + const request = https.get(url, response => { let data = ""; response.setEncoding("utf8"); response.on("data", (chunk: string) => { @@ -164,3 +165,12 @@ async function fetchJson(url: string): Promise { request.end(); }); } + +const versionPattern = /^[0-9][0-9.]*$/; + +function validateVersion(version: string): string { + if (!versionPattern.test(version)) { + throw new Error(`Invalid Expo Go version string: ${version}`); + } + return version; +} diff --git a/src/extension/ios/simctl.ts b/src/extension/ios/simctl.ts index ad002e953..e8e38d4d6 100644 --- a/src/extension/ios/simctl.ts +++ b/src/extension/ios/simctl.ts @@ -19,7 +19,6 @@ export class SimctrlHelper { targetId: string, appPath: string, ): Promise { - const installCommand = `xcrun simctl install ${targetId} ${appPath}`; - await childProcess.execToString(installCommand); + await childProcess.execFileToString("xcrun", ["simctl", "install", targetId, appPath]); } }