[CE-1330] Escaping args

[drazisil]

Sanitize gcov-root and ather args.

[hootener]

To address:

• should launch.json be .gitignored?
• should we keep validator and perform a two step sanitization process? 1. pass through validator, 2. pass through sanitizeVar

[hootener]

I'm not sure this should be committed to source since it's IDE specific?

[drazisil]

No, this should not have been commited, good catch.

[hootener]

I'm unsure what benefits validator provides. But would it be worthwhile to keep it, and call it in your sanitizeVar function before the "&" removal step? Off the cuff, something like:

function sanitizeVar(arg) {
  arg = validator.escape(arg)
  return arg.replace(/&/g, '')
}

[drazisil]

Validator was added with the last patch. It also escaped / which makes actual paths very unhappy.

[codecov]

Codecov Report

Merging #167 into master will increase coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #167      +/-   ##
==========================================
+ Coverage   90.14%   90.16%   +0.02%     
==========================================
  Files          23       23              
  Lines         355      356       +1     
  Branches       85       85              
==========================================
+ Hits          320      321       +1     
  Misses         35       35              

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bac0787...2c7ec24. Read the comment docs.

[drazisil]

@eddiemoore Can you please push a new release.

[drazisil]

This has been published under https://www.npmjs.com/package/codecov/v/3.6.5