added snapshot replay for percy #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

Adarsh2692 wants to merge 1 commit into main from percy_snapshot_replay

Contributor

Adarsh2692 commented Jan 2, 2026

No description provided.


          added snapshot replay for percy

e4683cb

gitguardian bot commented Jan 2, 2026

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
24068148	Triggered	Generic High Entropy Secret	`e4683cb`	src/channelHandlers/browserstack-api.ts	View secret

🛠 Guidelines to remediate hardcoded secrets

Understand the implications of revoking this secret by investigating where it is used in your code.
Replace and store your secret safely. Learn here the best practices.
Revoke and rotate this secret.
If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

following these best practices for managing and storing secrets including API keys and other credentials
install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

github-advanced-security bot found potential problems

View reviewed changes

src/channelHandlers/browserstack-api.ts

    
                  return new Promise((resolve) => {

                      const { exec } = require('child_process');

                      exec(`ps -o pid= -g ${pgid}`, (error: any, stdout: string) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument pgid. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                      const { exec } = require('child_process');

                      // Look for common browser processes in the process group

                      exec(`ps -o pid=,comm= -g ${pgid}`, (error: any, stdout: string) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument pgid. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                          // Check if main process is still running

                          const { exec } = require('child_process');

                          exec(`kill -0 ${session.mainProcess.pid}`, (error: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument sessionId. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

Comment on lines +436 to +445

    
                      const child = spawn(command, {

                          shell: true,

                          env: {

                              ...process.env,

                              PERCY_TOKEN: PERCY_TOKEN,

                              BSTACK_LOCAL_KEY: BSTACK_LOCAL_KEY

                          },

                          detached: true, // Create new process group

                          stdio: ['ignore', 'pipe', 'pipe']

                      });

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.spawn-shell-true.spawn-shell-true Error

Found '$SPAWN' with '{shell: true}'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use '{shell: false}' instead.

src/channelHandlers/browserstack-api.ts

    
                      const optionsString = commandOptions.length > 0 ? ` ${commandOptions.join(' ')}` : '';

                      const command = `npx percy support:debug "${snapshotUrl}"${optionsString}`;

                      const child = spawn(command, {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument snapshotUrl. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                                  console.log('Graceful termination failed, using forceful termination');

                                  // Force kill the entire process group

                                  exec(`kill -KILL -${session.processGroupId}`, (error2: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument processId. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                                          // Kill main process

                                          killPromises.push(new Promise((killResolve) => {

                                              exec(`kill -KILL ${session.mainProcess.pid}`, (killError: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument processId. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                                          // Kill all child processes

                                          session.childProcesses.forEach(childPid => {

                                              killPromises.push(new Promise((killResolve) => {

                                                  exec(`kill -KILL ${childPid}`, (killError: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument childPid. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                                  // Wait a moment and check if processes are still running

                                  setTimeout(() => {

                                      exec(`kill -0 -${session.processGroupId}`, (checkError: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument processId. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

src/channelHandlers/browserstack-api.ts

    
                                              });

                                          } else {

                                              // Still running, force kill

                                              exec(`kill -KILL -${session.processGroupId}`, (forceError: any) => {

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.detect-child-process.detect-child-process Error

Detected calls to child_process from a function argument processId. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed.

Adarsh2692 closed this

Adarsh2692 deleted the percy_snapshot_replay branch

January 2, 2026 22:53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet