Skip to content

fix(s2): fix unescaped Python strings — proper tests#216

Merged
elazarcoh merged 3 commits intomainfrom
fix/s2-unescaped-python-strings
Mar 9, 2026
Merged

fix(s2): fix unescaped Python strings — proper tests#216
elazarcoh merged 3 commits intomainfrom
fix/s2-unescaped-python-strings

Conversation

@elazarcoh
Copy link
Copy Markdown
Owner

@elazarcoh elazarcoh commented Mar 7, 2026

Rebased on ci/vitest-framework. Export asPythonValue. Replaced hand-rolled JS test with vitest as-python-value.test.ts importing real BuildPythonCode. Tests verify correct escaping of single quotes and backslashes.

@elazarcoh elazarcoh force-pushed the fix/s2-unescaped-python-strings branch from 8166f48 to 955b028 Compare March 7, 2026 21:14
An error occurred while trying to automatically change base from ci/vitest-framework to main March 7, 2026 21:32
@elazarcoh elazarcoh force-pushed the fix/s2-unescaped-python-strings branch from 955b028 to 6100ba5 Compare March 7, 2026 22:47
@elazarcoh elazarcoh changed the base branch from ci/vitest-framework to main March 7, 2026 22:51
@elazarcoh elazarcoh force-pushed the fix/s2-unescaped-python-strings branch from 6100ba5 to 7713587 Compare March 7, 2026 22:52
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 7, 2026
edited
Loading

✅ CI Results

🧪 Tests

Suite ✅ Passed ❌ Failed ⏭️ Skipped 📊 Total
E2E (UI) 16 0 2 18
Python Unit 98 0 0 98
TS Unit 77 0 0 77

📦 Artifacts

screenshots-ubuntu-latest  ·  test-results  ·  extension-vsix  ·  ts-unit-test-results  ·  python-unit-test-results

→ Full run details

elazarcoh and others added 3 commits March 10, 2026 00:26
@elazarcoh
fix: escape strings in asPythonValue() to prevent Python injection
a9af006 
asPythonValue() wraps strings in single quotes without escaping
backslashes or quotes. A string containing a single quote (e.g.,
from a file path or user expression) would produce invalid Python
or allow unintended code execution in the eval'd code.

Fix: escape backslashes first, then single quotes, before wrapping
in Python string literal.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@elazarcoh
test(s2): export asPythonValue; rewrite tests using real BuildPythonC…
746b94c 
…ode source

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@elazarcoh
fix(s2): add newline/CR escaping; fix comment in combined test
b0d56d4 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@elazarcoh elazarcoh force-pushed the fix/s2-unescaped-python-strings branch from 7713587 to b0d56d4 Compare March 9, 2026 22:26
@elazarcoh elazarcoh enabled auto-merge March 9, 2026 22:26
@elazarcoh elazarcoh merged commit f7e26de into main Mar 9, 2026
10 checks passed
@elazarcoh elazarcoh deleted the fix/s2-unescaped-python-strings branch March 9, 2026 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elazarcoh