Go to file

Zeroday BYTE 4aae6bae1c fix(packages): shell command built from environment values (#12386 )

b7473371b3/packages/twenty-server/src/engine/core-modules/serverless/commands/add-packages.command.ts (L6-L6)


b7473371b3/packages/twenty-server/src/engine/core-modules/serverless/commands/add-packages.command.ts (L10-L10)


b7473371b3/packages/twenty-server/src/engine/core-modules/serverless/commands/add-packages.command.ts (L79-L79)

Fix the issue should avoid dynamically constructing the shell command.
Instead, we can use `execFile` or `execFileSync`, which allows us to
pass arguments as an array, avoiding shell interpretation of special
characters. This ensures that the `folderPath` is treated as a literal
argument and not subject to command injection.

Specifically:
1. Replace the use of `execPromise` with `execFilePromise` (a
promisified version of `execFile`).
2. Modify the `addToGit` method to pass the `folderPath` as an argument
to `git add` instead of interpolating it into the command string.



---

2025-06-03 11:35:31 +02:00

.cursor/rules

Misc. of sentry improvements (#12233 )

2025-05-23 13:36:02 +00:00

.github

fix 11997 (#12018 )

2025-05-14 16:35:51 +05:30

.nx

Add nxw.js file (#8362 )

2024-11-06 14:24:07 +01:00

.vscode

[permissions] Add workspace + security settings permission gates (#10204 )

2025-02-14 17:32:42 +01:00

.yarn/releases

[FIX] Move preconstruct patch into twenty-shared package (#11124 )

2025-03-24 15:51:14 +01:00

changelog

Updated several emails template styles (#11797 )

2025-04-29 18:08:45 +02:00

packages

fix(packages): shell command built from environment values (#12386 )

2025-06-03 11:35:31 +02:00

tools/eslint-rules

refacto clickoutside componentv2 (#11644 )

2025-04-18 17:48:30 +02:00

.dockerignore

feat: merge front and server dockerfiles and optimize build (#4589 )

2024-03-21 19:22:21 +01:00

.eslintrc.global.cjs

[FIX] Out of memory while running app localy (#11341 )

2025-04-02 18:35:00 +02:00

.eslintrc.react.cjs

Fix lint issues (#11475 )

2025-04-09 17:35:25 +02:00

.gitignore

Add mcp.json to gitignore (#12321 )

2025-05-27 14:06:21 +02:00

.nvmrc

Restore nvmrc (#10671 )

2025-03-05 14:27:17 +01:00

.prettierignore

POC: chore: use Nx workspace lint rules (#3163 )

2024-01-03 23:07:25 +01:00

.prettierrc

POC: chore: use Nx workspace lint rules (#3163 )

2024-01-03 23:07:25 +01:00

.vale.ini

Fix vale ci (#3353 )

2024-01-10 17:05:23 +01:00

.yarnrc.yml

i18n - translations (#10735 )

2025-03-07 18:19:42 +01:00

crowdin.yml

Translations - Crowdin, Set workspace member locale on signup, and optimizations (#10091 )

2025-02-09 22:10:41 +01:00

jest.config.js

POC: chore: use Nx workspace lint rules (#3163 )

2024-01-03 23:07:25 +01:00

jest.preset.js

POC: chore: use Nx workspace lint rules (#3163 )

2024-01-03 23:07:25 +01:00

LICENSE

feat(sso): allow to use OIDC and SAML (#7246 )

2024-10-21 20:07:08 +02:00

Makefile

Update Makefile in local setup to clean postgres instead of pg-spile (#12273 )

2025-05-26 12:20:19 +02:00

Fix execution permissions (#11604 )

2025-04-16 11:46:37 +02:00

nx.json

[CI][FRONT] Storybook tests sharding (#9448 )

2025-01-10 18:40:03 +01:00

package.json

Refactor drag selection: Replace external library with custom implementation and add auto-scroll (#12134 )

2025-05-26 11:58:22 +02:00

README.md

Update readme with partner logos (#11722 )

2025-04-24 16:09:43 +02:00

render.yaml

Begin moving to postgres spilo + adding pgvector (#8309 )

2024-11-15 09:38:30 +01:00

tsconfig.base.json

Fix import twenty-shared (#9754 )

2025-01-20 23:10:39 +01:00

yarn.config.cjs

[ENHC] Create Yarn constraints to validate node version (#10542 )

2025-02-27 15:18:07 +01:00

yarn.lock

Fix view filter update and deletion propagation (#12082 )

2025-05-28 10:22:28 +00:00

README.md

The #1 Open-Source CRM

🌐 Website · 📚 Documentation · Roadmap · Discord · Figma

Installation

See:
🚀 Self-hosting
🖥️ Local Setup

Does the world need another CRM?

We built Twenty for three reasons:

CRMs are too expensive, and users are trapped. Companies use locked-in customer data to hike prices. It shouldn't be that way.

A fresh start is required to build a better experience. We can learn from past mistakes and craft a cohesive experience inspired by new UX patterns from tools like Notion, Airtable or Linear.

We believe in Open-source and community. Hundreds of developers are already building Twenty together. Once we have plugin capabilities, a whole ecosystem will grow around it.

What You Can Do With Twenty

We're currently developing Twenty's beta version.

Please feel free to flag any specific needs you have by creating an issue.

Below are a few features we have implemented to date:

Add, filter, sort, edit, and track customers
Create one or several opportunities for each company
See rich notes tasks displayed in a timeline
Create tasks on records
Navigate quickly through the app using keyboard shortcuts and search

Add, filter, sort, edit, and track customers:

Create one or several opportunities for each company:

Track deals effortlessly with the email integration:

Tailor your data model to meet business needs:

See rich notes displayed in a timeline:

Create tasks on records

Navigate quickly through the app using keyboard shortcuts and search:

Connect your CRM to all your tools through our APIs and Webhooks.

Stack

Thanks

Thanks to these amazing services that we use and recommend for UI testing (Chromatic), code review (Greptile), catching bugs (Sentry) and translating (Crowdin).

Join the Community

Star the repo
Subscribe to releases (watch -> custom -> releases)
Follow us on Twitter or LinkedIn
Join our Discord
Improve translations on Crowdin
Contributions are, of course, most welcome!