Skip to content

[PM-33436] Refactor setup shell commands#7494

Merged
dereknance merged 8 commits intomainfrom
pm-33436-installer-shell-refactor
Apr 22, 2026
Merged

[PM-33436] Refactor setup shell commands#7494
dereknance merged 8 commits intomainfrom
pm-33436-installer-shell-refactor

Conversation

@dereknance
Copy link
Copy Markdown
Contributor

@dereknance dereknance commented Apr 17, 2026
edited
Loading

🎟️ Tracking

PM-33436

📔 Objective

Remove the Setup utility's use of bash -c "<command>" or pwsh <command>, as well as reduce risk of command injection. This is done by using the ProcessStartInfo.ArgumentList array property instead of the Arguments string property.

The majority of the PR is updating usages of Helpers.Exec and dealing with stdout/stderr due to a few shell commands' input redirection having been removed.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 17, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailse9e51eee-6219-4adb-af38-0ea012fa9e09

New Issues (1) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 512
detailsMethod at line 512 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from orgId. This par...
Attack Vector

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 17, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.13%. Comparing base (0b1c22e) to head (2821af8).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7494   +/-   ##
=======================================
  Coverage   59.13%   59.13%           
=======================================
  Files        2077     2077           
  Lines       91848    91848           
  Branches     8175     8175           
=======================================
+ Hits        54315    54316    +1     
+ Misses      35601    35600    -1     
  Partials     1932     1932

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dereknance
missed a directory update
a5b2ac0
@dereknance
use local time for date comparison assert
85a5b24 
a cert with a non-utc `NotBefore` is not considered in range by xUnit's
assert helper.
dereknance
dereknance commented Apr 17, 2026
View reviewed changes
Comment thread test/Setup.Test/ProgramTests.cs
Comment on lines -75 to 77
var hundredYearsFromNow = DateTime.UtcNow.AddDays(36500);
var hundredYearsFromNow = DateTime.Now.AddDays(36500);

Assert.InRange(cert.NotAfter, hundredYearsFromNow.AddMinutes(-1), hundredYearsFromNow.AddMinutes(1));
Copy link
Copy Markdown
Contributor Author

@dereknance dereknance Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When using an Ubuntu VM, this assert would fire seemingly because the cert's NotAfter date would include the timezone I set for the VM. This test may have originally been run in a Docker container with the timezone left as UTC, so comparing with UtcNow wasn't a problem. Using Now instead should still work for the container test scenario.

[xUnit.net 00:00:02.56]     Setup.Test.ProgramTests.Install_Works [FAIL]
  Failed Setup.Test.ProgramTests.Install_Works [2 s]
  Error Message:
   Assert.InRange() Failure: Value not in range
Range:  (2126-03-24T19:04:58.3800983Z - 2126-03-24T19:06:58.3800983Z)
Actual: 2126-03-24T14:05:56.0000000-05:00
  Stack Trace:
     at Setup.Test.ProgramTests.Install_Works() in /home/parallels/src/server/test/Setup.Test/ProgramTests.cs:line 77
--- End of stack trace from previous location ---

dereknance
dereknance commented Apr 17, 2026
View reviewed changes
Comment thread util/Setup/Helpers.cs
public static string Exec(string cmd, string[] arguments = null, bool returnStdout = false, bool returnStderr = false)
{
var process = new Process
var startInfo = new ProcessStartInfo(cmd, arguments ?? [])
Copy link
Copy Markdown
Contributor Author

@dereknance dereknance Apr 17, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is the main reason for this PR, passing arguments as an ArgumentList instead of as a single string.

@dereknance dereknance added the ai-review Request a Claude code review label Apr 17, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 17, 2026
edited
Loading

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR refactors the Setup utility to invoke external processes via ProcessStartInfo.ArgumentList rather than interpolated shell strings passed to bash -c / powershell, materially reducing command-injection risk in a tool that already handles user-controlled input (e.g., the install domain). The accompanying changes — building the OpenSSL SAN config via a temp file wrapped in try/finally, parsing pkcs12 -info output in-process instead of piping through grep, redirecting only the streams the caller needs, and validating the -domain argument with Uri.CheckHostName — all align with the stated objective. Test adjustment in ProgramTests.cs (switching to DateTime.Now for the cert-expiry assertion) is explained by the author and correctly addresses a host-timezone mismatch for non-UTC VMs.

Code Review Details

No findings above the reporting threshold.

claude[bot]
claude Bot reviewed Apr 17, 2026
View reviewed changes
Comment thread util/Setup/CertBuilder.cs Outdated
@dereknance dereknance marked this pull request as ready for review April 17, 2026 21:08
@dereknance dereknance requested review from a team as code owners April 17, 2026 21:08
djsmith85
djsmith85 reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@djsmith85 djsmith85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes are looking great.

Not sure why the linter is failing, but might run it locally and see if any changes come up. I assume it might be due to not using {} on if-statements.

Let me know once it's ready for re-review and I'll approve.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 21, 2026

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dereknance
Copy link
Copy Markdown
Contributor Author

dereknance commented Apr 22, 2026

Not sure why the linter is failing

I was also not certain why it was failing. I merged main in case these were already-resolved problems, and sure enough 👍🏻

@dereknance dereknance merged commit e1c67a4 into main Apr 22, 2026
46 checks passed
@dereknance dereknance deleted the pm-33436-installer-shell-refactor branch April 22, 2026 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@djsmith85 djsmith85 djsmith85 approved these changes

@mimartin12 mimartin12 Awaiting requested review from mimartin12 mimartin12 is a code owner automatically assigned from bitwarden/dept-shot

Assignees

No one assigned

Labels

ai-review Request a Claude code review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dereknance @djsmith85