You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We run infection only over a specific subset of the codebase which contains heavy business logic. This allows us to enforce a 100% MSI for critical code paths. We do this by using file glob patterns in the directories config section, eg. src/*/Core.
Is there any reason that we need escapeshellarg here? That's usually used to prevent untrusted data being executed, but it should only ever include data provided by the same user who is running the command right?
Alternatively, maybe the directories config property could support regex like excludes does?
We run infection only over a specific subset of the codebase which contains heavy business logic. This allows us to enforce a 100% MSI for critical code paths. We do this by using file glob patterns in the
directories
config section, eg.src/*/Core
.This was recently broken by #1697, specifically by adding the
directories
configuration togit diff
command withescapeshellarg
which results in thegit diff
command being changed to the following, which returns an empty list of changes.Is there any reason that we need
escapeshellarg
here? That's usually used to prevent untrusted data being executed, but it should only ever include data provided by the same user who is running the command right?Alternatively, maybe the
directories
config property could support regex likeexcludes
does?phpunit.xml
infection.json.dist
Output with issue
The text was updated successfully, but these errors were encountered: