Skip to content

headlamp-plugin/scripts: Replace execSync with execFileSync#4530

Open
skoeva wants to merge 1 commit intokubernetes-sigs:mainfrom
skoeva:script
Open

headlamp-plugin/scripts: Replace execSync with execFileSync#4530
skoeva wants to merge 1 commit intokubernetes-sigs:mainfrom
skoeva:script

Conversation

@skoeva
Copy link
Contributor

@skoeva skoeva commented Feb 3, 2026
edited
Loading

These changes replace usage of execSync in the headlamp-plugin scripts with execFileSync.

Testing

  • Run npm run fetch-official-plugins and npm run bundle-examples locally and ensure they work as expected

@skoeva skoeva self-assigned this Feb 3, 2026
@skoeva skoeva added the security label Feb 3, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 3, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: skoeva
Once this PR has been reviewed and has the lgtm label, please assign sniok for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 3, 2026
@illume illume modified the milestone: v0.41.0 Feb 3, 2026
@illume
Copy link
Contributor

illume commented Feb 3, 2026

/assign copilot

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 3, 2026

@illume: GitHub didn't allow me to assign the following users: copilot.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

Details

In response to this:

/assign copilot

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@skoeva skoeva requested a review from Copilot February 5, 2026 13:20
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves security by replacing execSync with execFileSync for git command execution in the headlamp-plugin scripts. The use of execFileSync prevents potential shell injection vulnerabilities by executing commands directly without shell interpretation.

Changes:

  • Replaced all execSync calls with execFileSync in git utility scripts
  • Converted shell command strings to properly separated argument arrays
  • Maintained existing error handling and output processing logic

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
plugins/headlamp-plugin/scripts/git-hash-utils.js Updated getLocalGitHash and getRemoteGitHash functions to use execFileSync with proper argument arrays
plugins/headlamp-plugin/scripts/fetch-official-plugins.js Replaced git clone and rev-parse commands to use execFileSync with array-based arguments

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ashu8912 ashu8912 Awaiting requested review from ashu8912

@illume illume Awaiting requested review from illume

Assignees

@skoeva skoeva

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. security size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

v0.41.0

Development

Successfully merging this pull request may close these issues.

3 participants

@skoeva @k8s-ci-robot @illume