Skip to content

fix: Improvements on MSRC CLI#15974

Open
Nitin-100 wants to merge 1 commit intomicrosoft:mainfrom
Nitin-100:nitinc/msrc-cli-injection-fixes
Open

fix: Improvements on MSRC CLI#15974
Nitin-100 wants to merge 1 commit intomicrosoft:mainfrom
Nitin-100:nitinc/msrc-cli-injection-fixes

Conversation

@Nitin-100
Copy link
Copy Markdown
Contributor

@Nitin-100 Nitin-100 commented Apr 9, 2026
edited by vineethkuttan
Loading

@Nitin-100 Nitin-100 requested a review from a team as a code owner April 9, 2026 07:35
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026
edited
Loading

Performance Test Results

Branch: nitinc/msrc-cli-injection-fixes
Commit: a06ed4cd
Time: 2026-04-14T05:43:25.235Z
Tests: 161/161 passed

✅ Passed

161 scenario(s) across 28 suite(s) — no regressions

SectionList

Scenario Mean Median StdDev Renders vs Baseline
SectionList mount 5.60ms 6.00ms ±1.58ms 1 +20.0%
SectionList unmount 0.40ms 0.00ms ±0.52ms 0 +0.0%
SectionList rerender 13.70ms 13.00ms ±2.41ms 2 +23.8%
SectionList with-3-sections-15-items 7.10ms 7.00ms ±1.20ms 1 +27.3%
SectionList with-5-sections-50-items 6.40ms 6.00ms ±1.71ms 1 +0.0%
SectionList with-10-sections-200-items 6.00ms 5.00ms ±2.00ms 1 -9.1%
SectionList with-20-sections-200-items 6.10ms 5.00ms ±1.73ms 1 +0.0%
SectionList with-section-separator 2.50ms 2.00ms ±0.71ms 1 +0.0%
SectionList with-item-separator 3.20ms 3.00ms ±0.92ms 1 +50.0%
SectionList with-header-footer 2.60ms 2.00ms ±1.35ms 1 +0.0%
SectionList with-section-footer 1.90ms 2.00ms ±0.57ms 1 +0.0%
SectionList with-sticky-section-headers 1.90ms 2.00ms ±0.57ms 1 +0.0%
SectionList with-empty-list 0.50ms 0.50ms ±0.53ms 1 -50.0%
SectionList with-50-sections-1000-items 1.70ms 2.00ms ±0.48ms 1 +0.0%

FlatList

Scenario Mean Median StdDev Renders vs Baseline
FlatList mount 5.00ms 5.00ms ±1.15ms 1 +25.0%
FlatList unmount 0.20ms 0.00ms ±0.42ms 0 +0.0%
FlatList rerender 12.00ms 12.00ms ±1.89ms 2 +33.3%
FlatList with-10-items 5.70ms 5.00ms ±1.16ms 1 +25.0%
FlatList with-100-items 6.00ms 6.50ms ±1.15ms 1 +30.0%
FlatList with-500-items 4.60ms 5.00ms ±0.52ms 1 +25.0%
FlatList with-1000-items 5.00ms 4.50ms ±1.25ms 1 +12.5%
FlatList horizontal 4.40ms 5.00ms ±1.35ms 1 +0.0%
FlatList with-separator 2.50ms 2.50ms ±0.53ms 1 +25.0%
FlatList with-header-footer 1.90ms 1.00ms ±1.85ms 1 -50.0%
FlatList with-empty-list 0.50ms 0.50ms ±0.53ms 1 +0.0%
FlatList with-get-item-layout 1.40ms 1.00ms ±0.52ms 1 +0.0%
FlatList inverted 1.60ms 1.50ms ±0.70ms 1 +0.0%
FlatList with-num-columns 2.70ms 3.00ms ±0.48ms 1 +0.0%

TouchableOpacity

Scenario Mean Median StdDev Renders vs Baseline
TouchableOpacity mount 0.90ms 1.00ms ±0.57ms 1 +0.0%
TouchableOpacity unmount 0.10ms 0.00ms ±0.32ms 0 +0.0%
TouchableOpacity rerender 1.00ms 1.00ms ±0.00ms 2 +0.0%
TouchableOpacity custom-active-opacity 0.90ms 1.00ms ±0.32ms 1 +0.0%
TouchableOpacity disabled 0.50ms 0.50ms ±0.53ms 1 -50.0%
TouchableOpacity with-all-handlers 0.80ms 1.00ms ±0.42ms 1 +0.0%
TouchableOpacity with-hit-slop 1.00ms 1.00ms ±0.00ms 1 +0.0%
TouchableOpacity with-delay 0.80ms 1.00ms ±0.42ms 1 +0.0%
TouchableOpacity nested 1.50ms 1.50ms ±0.53ms 1 +50.0%
TouchableOpacity multiple-10 7.33ms 7.00ms ±2.61ms 1 +16.7%
TouchableOpacity multiple-50 30.60ms 31.00ms ±4.56ms 1 +6.9%
TouchableOpacity multiple-100 48.20ms 51.00ms ±11.54ms 1 +2.0%

ScrollView

Scenario Mean Median StdDev Renders vs Baseline
ScrollView mount 0.40ms 0.00ms ±0.52ms 1 +0.0%
ScrollView unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
ScrollView rerender 0.80ms 1.00ms ±0.42ms 2 +0.0%
ScrollView children-20 4.40ms 4.00ms ±1.55ms 1 +0.0%
ScrollView children-100 18.33ms 17.00ms ±3.50ms 1 +6.3%
ScrollView horizontal 4.30ms 3.50ms ±2.50ms 1 -12.5%
ScrollView sticky-headers 3.60ms 3.50ms ±1.71ms 1 +16.7%
ScrollView scroll-indicators 0.80ms 1.00ms ±0.63ms 1 +0.0%
ScrollView nested 1.60ms 1.00ms ±0.84ms 1 +0.0%
ScrollView content-container-style 0.80ms 1.00ms ±0.42ms 1 +0.0%
ScrollView children-500 36.20ms 26.00ms ±22.02ms 1 +36.8%

TouchableHighlight

Scenario Mean Median StdDev Renders vs Baseline
TouchableHighlight mount 0.50ms 0.50ms ±0.53ms 1 +0.0%
TouchableHighlight unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
TouchableHighlight rerender 0.60ms 1.00ms ±0.52ms 2 +0.0%
TouchableHighlight custom-underlay-color 0.60ms 1.00ms ±0.52ms 1 +Infinity%
TouchableHighlight custom-active-opacity 0.60ms 1.00ms ±0.52ms 1 +Infinity%
TouchableHighlight disabled 0.40ms 0.00ms ±0.52ms 1 +0.0%
TouchableHighlight with-all-handlers 0.40ms 0.00ms ±0.52ms 1 +0.0%
TouchableHighlight with-hit-slop 0.40ms 0.00ms ±0.52ms 1 +0.0%
TouchableHighlight nested-touchables 1.00ms 1.00ms ±0.00ms 1 +0.0%
TouchableHighlight multiple-touchables-10 2.70ms 3.00ms ±0.67ms 1 +0.0%
TouchableHighlight multiple-touchables-50 16.90ms 16.00ms ±3.11ms 1 +28.0%
TouchableHighlight multiple-touchables-100 26.70ms 25.50ms ±5.33ms 1 +13.3%

Pressable

Scenario Mean Median StdDev Renders vs Baseline
Pressable mount 0.50ms 0.50ms ±0.53ms 1 +Infinity%
Pressable unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Pressable rerender 0.80ms 1.00ms ±0.63ms 2 +100.0%
Pressable with-all-handlers 0.30ms 0.00ms ±0.48ms 1 +0.0%
Pressable with-style-function 0.40ms 0.00ms ±0.52ms 1 +0.0%
Pressable disabled 0.30ms 0.00ms ±0.48ms 1 +0.0%
Pressable with-hit-slop 0.30ms 0.00ms ±0.48ms 1 +0.0%
Pressable nested 0.80ms 1.00ms ±0.42ms 1 +0.0%
Pressable multiple-10 3.07ms 3.00ms ±0.26ms 1 +0.0%
Pressable multiple-50 18.53ms 19.00ms ±3.40ms 1 +35.7%
Pressable multiple-100 20.67ms 14.00ms ±13.12ms 1 +16.7%

Modal

Scenario Mean Median StdDev Renders vs Baseline
Modal mount 0.40ms 0.00ms ±0.52ms 1 +0.0%
Modal unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Modal rerender 0.60ms 1.00ms ±0.52ms 2 +Infinity%
Modal slide-animation 0.50ms 0.50ms ±0.53ms 1 +Infinity%
Modal fade-animation 0.20ms 0.00ms ±0.42ms 1 +0.0%
Modal transparent 0.90ms 0.00ms ±1.85ms 1 +0.0%
Modal with-callbacks 0.40ms 0.00ms ±0.52ms 1 +0.0%
Modal rich-content 2.10ms 2.00ms ±1.79ms 1 +0.0%
Modal with-accessibility 0.40ms 0.00ms ±0.52ms 1 +0.0%

Image

Scenario Mean Median StdDev Renders vs Baseline
Image mount 0.10ms 0.00ms ±0.32ms 1 +0.0%
Image unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Image rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
Image with-resize-mode 0.00ms 0.00ms ±0.00ms 1 +0.0%
Image with-border-radius 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image with-tint-color 0.10ms 0.00ms ±0.32ms 1 +0.0%
Image with-blur-radius 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image with-accessibility 0.20ms 0.00ms ±0.42ms 1 +0.0%
Image multiple-10 0.93ms 1.00ms ±0.26ms 1 +0.0%
Image multiple-50 4.13ms 4.00ms ±1.19ms 1 +33.3%
Image multiple-100 10.47ms 11.00ms ±1.92ms 1 +37.5%

ActivityIndicator

Scenario Mean Median StdDev Renders vs Baseline
ActivityIndicator mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
ActivityIndicator rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
ActivityIndicator size-large 0.00ms 0.00ms ±0.00ms 1 +0.0%
ActivityIndicator size-small 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator with-color 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator not-animating 0.20ms 0.00ms ±0.42ms 1 +0.0%
ActivityIndicator with-accessibility 0.30ms 0.00ms ±0.48ms 1 +0.0%
ActivityIndicator multiple-10 1.00ms 1.00ms ±0.00ms 1 +0.0%
ActivityIndicator multiple-50 4.20ms 4.00ms ±1.01ms 1 +0.0%
ActivityIndicator multiple-100 9.47ms 9.00ms ±2.39ms 1 +28.6%

Switch

Scenario Mean Median StdDev Renders vs Baseline
Switch mount 0.40ms 0.00ms ±0.52ms 1 +0.0%
Switch unmount 0.10ms 0.00ms ±0.32ms 0 +0.0%
Switch rerender 0.20ms 0.00ms ±0.42ms 2 -100.0%
Switch value-true 0.30ms 0.00ms ±0.48ms 1 +0.0%
Switch disabled 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch custom-colors 0.30ms 0.00ms ±0.48ms 1 +0.0%
Switch on-value-change 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch with-accessibility 0.20ms 0.00ms ±0.42ms 1 +0.0%
Switch multiple-10 1.60ms 2.00ms ±0.51ms 1 +0.0%
Switch multiple-50 11.27ms 10.00ms ±4.23ms 1 +11.1%
Switch multiple-100 21.73ms 21.00ms ±4.70ms 1 +31.3%

Button

Scenario Mean Median StdDev Renders vs Baseline
Button mount 0.60ms 1.00ms ±0.52ms 1 +0.0%
Button unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Button rerender 1.00ms 1.00ms ±0.67ms 2 +0.0%
Button disabled 1.10ms 1.00ms ±1.45ms 1 +0.0%
Button with-color 0.50ms 0.50ms ±0.53ms 1 +0.0%
Button with-accessibility 0.60ms 1.00ms ±0.52ms 1 +0.0%
Button multiple-10 6.80ms 6.00ms ±2.31ms 1 +0.0%
Button multiple-50 24.00ms 28.00ms ±9.37ms 1 +3.7%
Button multiple-100 19.07ms 16.00ms ±5.04ms 1 -15.8%

TextInput

Scenario Mean Median StdDev Renders vs Baseline
TextInput mount 0.20ms 0.00ms ±0.42ms 1 +0.0%
TextInput unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
TextInput rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
TextInput multiline 0.10ms 0.00ms ±0.32ms 1 +0.0%
TextInput with-value 0.00ms 0.00ms ±0.00ms 1 +0.0%
TextInput styled 0.10ms 0.00ms ±0.32ms 1 +0.0%
TextInput multiple-100 8.47ms 8.00ms ±2.36ms 1 +14.3%

View

Scenario Mean Median StdDev Renders vs Baseline
View mount 0.00ms 0.00ms ±0.00ms 1 +0.0%
View unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
View rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
View nested-50 3.53ms 3.00ms ±0.64ms 1 +0.0%
View nested-100 8.87ms 8.00ms ±1.92ms 1 +14.3%
View shadow 0.20ms 0.00ms ±0.42ms 1 +0.0%
View border-radius 0.00ms 0.00ms ±0.00ms 1 +0.0%
View nested-500 24.47ms 14.00ms ±20.89ms 1 +40.0%

Text

Scenario Mean Median StdDev Renders vs Baseline
Text mount 0.30ms 0.00ms ±0.48ms 1 +0.0%
Text unmount 0.00ms 0.00ms ±0.00ms 0 +0.0%
Text rerender 0.20ms 0.00ms ±0.42ms 2 +0.0%
Text long-1000 0.20ms 0.00ms ±0.42ms 1 +0.0%
Text nested 0.30ms 0.00ms ±0.48ms 1 +0.0%
Text styled 0.00ms 0.00ms ±0.00ms 1 +0.0%
Text multiple-100 9.73ms 10.00ms ±2.43ms 1 +42.9%

SectionList.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
SectionList native mount 7.75ms 7.42ms ±1.57ms 1 +14.1%

FlatList.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
FlatList native mount 7.33ms 7.59ms ±0.96ms 1 -17.8%

TouchableHighlight.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TouchableHighlight native mount 2.29ms 2.33ms ±0.35ms 1 +11.7%

TouchableOpacity.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TouchableOpacity native mount 2.56ms 2.23ms ±0.91ms 1 -29.0%

Pressable.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Pressable native mount 2.11ms 2.11ms ±0.31ms 1 -15.9%

ScrollView.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
ScrollView native mount 5.10ms 5.16ms ±1.09ms 1 +27.5%

ActivityIndicator.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
ActivityIndicator native mount 1.80ms 1.73ms ±0.24ms 1 -30.5%

TextInput.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
TextInput native mount 2.97ms 3.02ms ±0.60ms 1 -26.2%

Switch.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Switch native mount 1.73ms 1.50ms ±0.86ms 1 -13.5%

Button.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Button native mount 2.44ms 2.20ms ±0.62ms 1 -15.5%

Modal.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Modal native mount 1.34ms 1.28ms ±0.26ms 1 +5.4%

Image.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Image native mount 2.49ms 2.28ms ±0.86ms 1 +0.8%

View.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
View native mount 1.78ms 1.41ms ±1.04ms 1 -1.5%

Text.native-perf-test.ts

Scenario Mean Median StdDev Renders vs Baseline
Text native mount 1.77ms 1.80ms ±0.30ms 1 +3.3%

@vineethkuttan vineethkuttan changed the title fix: resolve MSRC command/argument injection vulnerabilities in CLI fix: Improvements on MSRC CLI Apr 10, 2026
vmoroz
vmoroz reviewed Apr 10, 2026
View reviewed changes
fix: resolve MSRC command/argument injection vulnerabilities in CLI
2629579 
- MSRC 112511: Replace execSync with execFileSync in msbuildtools.ts cleanProject()
  to prevent shell command injection via slnFile parameter (CWE-78)
- MSRC 112495/112540: Replace .split(' ') anti-pattern with discrete argument array
  in winappdeploytool.ts uninstallAppPackage() to prevent argument injection via
  appName parameter (CWE-88)
- Also fixes {$targetDevice.ip} syntax bug (was never interpolating the IP address)
@Nitin-100 Nitin-100 force-pushed the nitinc/msrc-cli-injection-fixes branch from 9b372e2 to 2629579 Compare April 14, 2026 05:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmoroz vmoroz vmoroz left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Nitin-100 @vmoroz