fix: Prevent command injection and stale state in test runner

2026-01-31 20:03:37 +00:00 · 2026-01-21 16:12:36 +01:00
parent b73885e04a
commit 4ab927a5fb
5 changed files with 70 additions and 30 deletions
--- a/apps/ui/src/components/views/project-settings-view/testing-section.tsx
+++ b/apps/ui/src/components/views/project-settings-view/testing-section.tsx
@@ -64,12 +64,14 @@ export function TestingSection({ project }: TestingSectionProps) {
    setIsSaving(true);
    try {
      const httpClient = getHttpApiClient();
+      const normalizedCommand = testCommand.trim();
      const response = await httpClient.settings.updateProject(project.path, {
-        testCommand: testCommand.trim() || undefined,
+        testCommand: normalizedCommand || undefined,
      });

      if (response.success) {
-        setOriginalTestCommand(testCommand);
+        setTestCommand(normalizedCommand);
+        setOriginalTestCommand(normalizedCommand);
        toast.success('Test command saved');
      } else {
        toast.error('Failed to save test command', {