Skip to content

[0.84] fix: Improvements on MSRC CLI#16010

Open
vineethkuttan wants to merge 1 commit into0.84-stablefrom
fixMSRC
Open

[0.84] fix: Improvements on MSRC CLI#16010
vineethkuttan wants to merge 1 commit into0.84-stablefrom
fixMSRC

Conversation

@vineethkuttan
Copy link
Copy Markdown
Contributor

@vineethkuttan vineethkuttan commented Apr 17, 2026
edited by microsoft-github-policy-service bot
Loading

  • fix: resolve MSRC command/argument injection vulnerabilities in CLI
  • MSRC 112511: Replace execSync with execFileSync in msbuildtools.ts cleanProject() to prevent shell command injection via slnFile parameter (CWE-78)
  • MSRC 112495/112540: Replace .split(' ') anti-pattern with discrete argument array in winappdeploytool.ts uninstallAppPackage() to prevent argument injection via appName parameter (CWE-88)
  • Also fixes {$targetDevice.ip} syntax bug (was never interpolating the IP address)

Cherry pick: #15974

Microsoft Reviewers: Open in CodeFlow

@Nitin-100 @rnbot
fix: Improvements on MSRC CLI (#15974)
4136a2f 
* fix: resolve MSRC command/argument injection vulnerabilities in CLI

- MSRC 112511: Replace execSync with execFileSync in msbuildtools.ts cleanProject()
  to prevent shell command injection via slnFile parameter (CWE-78)
- MSRC 112495/112540: Replace .split(' ') anti-pattern with discrete argument array
  in winappdeploytool.ts uninstallAppPackage() to prevent argument injection via
  appName parameter (CWE-88)
- Also fixes {$targetDevice.ip} syntax bug (was never interpolating the IP address)

* Change files

---------

Co-authored-by: Nitin Chaudhary <nitchaudhary@microsoft.com>
@vineethkuttan vineethkuttan requested a review from a team as a code owner April 17, 2026 09:58
iamAbhi-916
iamAbhi-916 approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@iamAbhi-916 iamAbhi-916 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 17, 2026

Performance Test Results

Branch: fixMSRC
Commit: b759b283
Time: 2026-04-17T10:32:29.612Z
Tests: 161/161 passed

✅ Passed

161 scenario(s) across 28 suite(s) — no regressions

SectionList

Scenario Mean Median StdDev Renders vs Baseline
SectionList mount 5.20ms 5.00ms ±0.63ms 1 +0.0%
SectionList unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
SectionList rerender 11.90ms 12.00ms ±1.73ms 2 +14.3%
SectionList with-3-sections-15-items 6.00ms 6.00ms ±0.47ms 1 +9.1%
SectionList with-5-sections-50-items 6.50ms 6.00ms ±1.90ms 1 +0.0%
SectionList with-10-sections-200-items 6.10ms 6.00ms ±1.10ms 1 +9.1%
SectionList with-20-sections-200-items 5.10ms 5.00ms ±1.73ms 1 +0.0%
SectionList with-section-separator 2.20ms 2.00ms ±1.40ms 1 +0.0%
SectionList with-item-separator 2.40ms 2.00ms ±0.52ms 1 +0.0%
SectionList with-header-footer 1.70ms 2.00ms ±0.48ms 1 +0.0%
SectionList with-section-footer 1.90ms 1.00ms ±1.85ms 1 -50.0%
SectionList with-sticky-section-headers 1.70ms 2.00ms ±0.67ms 1 +0.0%
SectionList with-empty-list 0.60ms 1.00ms ±0.52ms 1 +0.0%
SectionList with-50-sections-1000-items 1.60ms 2.00ms ±0.52ms 1 +0.0%

FlatList

Scenario Mean Median StdDev Renders vs Baseline
FlatList mount 5.30ms 5.50ms ±1.16ms 1 +37.5%
FlatList unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
FlatList rerender 10.40ms 10.00ms ±1.26ms 2 +11.1%
FlatList with-10-items 4.90ms 5.00ms ±0.32ms 1 +25.0%
FlatList with-100-items 5.40ms 5.00ms ±1.07ms 1 +0.0%
FlatList with-500-items 5.30ms 5.00ms ±1.57ms 1 +25.0%
FlatList with-1000-items 4.60ms 5.00ms ±0.52ms 1 +25.0%
FlatList horizontal 4.80ms 5.00ms ±0.79ms 1 +0.0%
FlatList with-separator 1.70ms 2.00ms ±0.67ms 1 +0.0%
FlatList with-header-footer 1.60ms 2.00ms ±0.52ms 1 +0.0%
FlatList with-empty-list 0.20ms 0.00ms ±0.42ms 1 -100.0%
FlatList with-get-item-layout 1.60ms 2.00ms ±0.52ms 1 +100.0%
FlatList inverted 1.80ms 2.00ms ±0.79ms 1 +33.3%
FlatList with-num-columns 3.00ms 3.00ms ±0.67ms 1 +0.0%

TouchableOpacity

Scenario Mean Median StdDev Renders vs Baseline
TouchableOpacity mount 0.80ms 1.00ms ±0.42ms 1 +0.0%
TouchableOpacity unmount 0.10ms 0.00ms ±0.32ms 0 +0.0%
TouchableOpacity rerender 1.00ms 1.00ms ±0.47ms 2 +0.0%
TouchableOpacity custom-active-opacity 0.60ms 1.00ms ±0.52ms 1 +0.0%
TouchableOpacity disabled 0.70ms 1.00ms ±0.48ms 1 +0.0%
TouchableOpacity with-all-handlers 0.50ms 0.50ms ±0.53ms 1 -50.0%
TouchableOpacity with-hit-slop 0.60ms 1.00ms ±0.52ms 1 +0.0%
TouchableOpacity with-delay 0.60ms 1.00ms ±0.52ms 1 +0.0%
TouchableOpacity nested 1.30ms 1.00ms ±0.48ms 1 +0.0%
TouchableOpacity multiple-10 5.93ms 5.00ms ±1.79ms 1 -16.7%
TouchableOpacity multiple-50 26.80ms 26.00ms ±2.86ms 1 -10.3%
TouchableOpacity multiple-100 38.20ms 45.00ms ±13.79ms 1 -10.0%

ScrollView

Scenario Mean Median StdDev Renders vs Baseline
ScrollView mount 0.40ms 0.00ms ±0.52ms 1 +0.0%
ScrollView unmount 0.20ms 0.00ms ±0.42ms 0 +0.0%
ScrollView rerender 0.60ms 1.00ms ±0.52ms 2 +0.0%
ScrollView children-20 3.73ms 3.00ms ±1.79ms 1 -25.0%
ScrollView children-100 17.07ms 16.00ms ±3.67ms 1 +0.0%
ScrollView horizontal 3.40ms 3.00ms ±0.52ms 1 -25.0%
ScrollView sticky-headers 2.60ms 3.00ms ±1.07ms 1 +0.0%
ScrollView scroll-indicators 0.80ms 1.00ms ±0.42ms 1 +0.0%
ScrollView nested 1.50ms 1.00ms ±0.71ms 1 +0.0%
ScrollView content-container-style 3.80ms 1.00ms ±9.21ms 1 +0.0%
ScrollView children-500 21.53ms 21.00ms ±3.76ms 1 +10.5%

TouchableHighlight

Scenario Mean Median StdDev Renders vs Baseline
TouchableHighlight mount 0.40ms 0.00ms ±0.52ms 1 -100.0%
TouchableHighlight unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
TouchableHighlight rerender 0.40ms 0.00ms ±0.52ms 2 -100.0%
TouchableHighlight custom-underlay-color 0.60ms 1.00ms ±0.52ms 1 +Infinity%
TouchableHighlight custom-active-opacity 0.40ms 0.00ms ±0.52ms 1 +0.0%
TouchableHighlight disabled 0.50ms 0.50ms ±0.53ms 1 +Infinity%
TouchableHighlight with-all-handlers 0.90ms 0.50ms ±1.52ms 1 +Infinity%
TouchableHighlight with-hit-slop 0.40ms 0.00ms ±0.52ms 1 +0.0%
TouchableHighlight nested-touchables 1.00ms 1.00ms ±0.00ms 1 +0.0%
TouchableHighlight multiple-touchables-10 2.30ms 2.00ms ±0.67ms 1 -33.3%
TouchableHighlight multiple-touchables-50 14.70ms 14.00ms ±2.26ms 1 +12.0%
TouchableHighlight multiple-touchables-100 26.40ms 25.50ms ±4.35ms 1 +13.3%

Pressable

Scenario Mean Median StdDev Renders vs Baseline
Pressable mount 0.50ms 0.50ms ±0.53ms 1 +Infinity%
Pressable unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Pressable rerender 1.10ms 1.00ms ±1.45ms 2 +100.0%
Pressable with-all-handlers 0.40ms 0.00ms ±0.52ms 1 +0.0%
Pressable with-style-function 0.30ms 0.00ms ±0.48ms 1 +0.0%
Pressable disabled 0.40ms 0.00ms ±0.52ms 1 +0.0%
Pressable with-hit-slop 0.40ms 0.00ms ±0.52ms 1 +0.0%
Pressable nested 0.70ms 1.00ms ±0.48ms 1 +0.0%
Pressable multiple-10 3.40ms 3.00ms ±0.91ms 1 +0.0%
Pressable multiple-50 16.67ms 16.00ms ±1.84ms 1 +14.3%
Pressable multiple-100 17.27ms 12.00ms ±10.22ms 1 +0.0%

Modal

Scenario Mean Median StdDev Renders vs Baseline
Modal mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
Modal unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Modal rerender 0.60ms 1.00ms ±0.52ms 2 +Infinity%
Modal slide-animation 0.30ms 0.00ms ±0.48ms 1 +0.0%
Modal fade-animation 0.10ms 0.00ms ±0.32ms 1 +0.0%
Modal transparent 0.30ms 0.00ms ±0.48ms 1 +0.0%
Modal with-callbacks 0.40ms 0.00ms ±0.52ms 1 +0.0%
Modal rich-content 1.30ms 1.00ms ±0.48ms 1 -50.0%
Modal with-accessibility 0.30ms 0.00ms ±0.48ms 1 +0.0%

Image

Scenario Mean Median StdDev Renders vs Baseline
Image mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image unmount 0.10ms 0.00ms ±0.32ms 0 +0.0%
Image rerender 0.10ms 0.00ms ±0.32ms 2 +0.0%
Image with-resize-mode 0.10ms 0.00ms ±0.32ms 1 +0.0%
Image with-border-radius 0.10ms 0.00ms ±0.32ms 1 +0.0%
Image with-tint-color 0.10ms 0.00ms ±0.32ms 1 +0.0%
Image with-blur-radius 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image with-accessibility 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image multiple-10 1.00ms 1.00ms ±0.00ms 1 +0.0%
Image multiple-50 3.73ms 4.00ms ±0.46ms 1 +33.3%
Image multiple-100 9.00ms 8.00ms ±1.60ms 1 +0.0%

ActivityIndicator

Scenario Mean Median StdDev Renders vs Baseline
ActivityIndicator mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
ActivityIndicator rerender 0.30ms 0.00ms ±0.48ms 2 +0.0%
ActivityIndicator size-large 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator size-small 0.10ms 0.00ms ±0.32ms 1 +0.0%
ActivityIndicator with-color 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator not-animating 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator with-accessibility 0.10ms 0.00ms ±0.32ms 1 +0.0%
ActivityIndicator multiple-10 1.00ms 1.00ms ±0.00ms 1 +0.0%
ActivityIndicator multiple-50 3.87ms 4.00ms ±0.52ms 1 +0.0%
ActivityIndicator multiple-100 8.47ms 8.00ms ±1.96ms 1 +14.3%

Switch

Scenario Mean Median StdDev Renders vs Baseline
Switch mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Switch rerender 0.20ms 0.00ms ±0.42ms 2 -100.0%
Switch value-true 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch disabled 0.10ms 0.00ms ±0.32ms 1 +0.0%
Switch custom-colors 0.30ms 0.00ms ±0.48ms 1 +0.0%
Switch on-value-change 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch with-accessibility 0.30ms 0.00ms ±0.48ms 1 +0.0%
Switch multiple-10 2.07ms 2.00ms ±1.16ms 1 +0.0%
Switch multiple-50 10.73ms 9.00ms ±3.03ms 1 +0.0%
Switch multiple-100 19.47ms 18.00ms ±3.66ms 1 +12.5%

Button

Scenario Mean Median StdDev Renders vs Baseline
Button mount 0.60ms 1.00ms ±0.52ms 1 +0.0%
Button unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Button rerender 0.80ms 1.00ms ±0.63ms 2 +0.0%
Button disabled 0.70ms 1.00ms ±0.48ms 1 +0.0%
Button with-color 0.60ms 1.00ms ±0.52ms 1 +100.0%
Button with-accessibility 0.70ms 1.00ms ±0.48ms 1 +0.0%
Button multiple-10 5.93ms 6.00ms ±1.58ms 1 +0.0%
Button multiple-50 21.93ms 24.00ms ±8.80ms 1 -11.1%
Button multiple-100 15.67ms 15.00ms ±2.55ms 1 -21.1%

TextInput

Scenario Mean Median StdDev Renders vs Baseline
TextInput mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
TextInput unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
TextInput rerender 0.10ms 0.00ms ±0.32ms 2 +0.0%
TextInput multiline 0.10ms 0.00ms ±0.32ms 1 +0.0%
TextInput with-value 0.10ms 0.00ms ±0.32ms 1 +0.0%
TextInput styled 0.20ms 0.00ms ±0.42ms 1 +0.0%
TextInput multiple-100 7.67ms 7.00ms ±1.50ms 1 +0.0%

View

Scenario Mean Median StdDev Renders vs Baseline
View mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
View unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
View rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
View nested-50 4.07ms 4.00ms ±1.22ms 1 +33.3%
View nested-100 8.33ms 8.00ms ±1.50ms 1 +14.3%
View shadow 0.20ms 0.00ms ±0.42ms 1 +0.0%
View border-radius 0.20ms 0.00ms ±0.42ms 1 +0.0%
View nested-500 17.60ms 11.00ms ±13.00ms 1 +10.0%

Text

Scenario Mean Median StdDev Renders vs Baseline
Text mount 0.30ms 0.00ms ±0.48ms 1 +0.0%
Text unmount 0.10ms 0.00ms ±0.32ms 0 +0.0%
Text rerender 0.10ms 0.00ms ±0.32ms 2 +0.0%
Text long-1000 0.10ms 0.00ms ±0.32ms 1 +0.0%
Text nested 0.30ms 0.00ms ±0.48ms 1 +0.0%
Text styled 0.20ms 0.00ms ±0.42ms 1 +0.0%
Text multiple-100 9.13ms 8.00ms ±1.77ms 1 +14.3%

SectionList.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
SectionList native mount 6.19ms 5.75ms ±1.15ms 1 -11.6%

FlatList.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
FlatList native mount 6.19ms 6.00ms ±0.86ms 1 -35.0%

TouchableHighlight.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TouchableHighlight native mount 1.74ms 1.66ms ±0.23ms 1 -20.4%

TouchableOpacity.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TouchableOpacity native mount 2.22ms 1.93ms ±0.67ms 1 -38.5%

Pressable.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Pressable native mount 1.92ms 1.74ms ±0.43ms 1 -30.7%

ScrollView.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
ScrollView native mount 3.51ms 3.50ms ±0.13ms 1 -13.6%

ActivityIndicator.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
ActivityIndicator native mount 1.69ms 1.67ms ±0.16ms 1 -32.6%

TextInput.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TextInput native mount 2.63ms 2.54ms ±0.34ms 1 -38.0%

Switch.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Switch native mount 1.80ms 1.75ms ±0.46ms 1 +0.7%

Button.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Button native mount 2.58ms 2.35ms ±0.60ms 1 -9.8%

Modal.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Modal native mount 1.14ms 1.09ms ±0.17ms 1 -10.7%

Image.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Image native mount 1.92ms 1.89ms ±0.25ms 1 -16.3%

View.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
View native mount 1.37ms 1.23ms ±0.40ms 1 -13.9%

Text.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Text native mount 1.55ms 1.46ms ±0.18ms 1 -16.3%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iamAbhi-916 iamAbhi-916 iamAbhi-916 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vineethkuttan @iamAbhi-916 @Nitin-100