From 44543f528ab8d6b9d85e5c0fb41c8c7136d4e2ba Mon Sep 17 00:00:00 2001
From: Martin Aeschlimann <martinae@microsoft.com>
Date: Thu, 24 Feb 2022 15:38:11 +0100
Subject: [PATCH] server cli: sanitize string args

---
 src/server-main.js | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/server-main.js b/src/server-main.js
index dc483374323..7257a6331b7 100644
--- a/src/server-main.js
+++ b/src/server-main.js
@@ -101,11 +101,12 @@ async function start() {
 		const remoteExtensionHostAgentServer = await getRemoteExtensionHostAgentServer();
 		return remoteExtensionHostAgentServer.handleServerError(err);
 	});
-	const host = parsedArgs['host'] || (parsedArgs['compatibility'] !== '1.63' ? 'localhost' : undefined);
+
+	const host = sanitizeStringArg(parsedArgs['host']) || (parsedArgs['compatibility'] !== '1.63' ? 'localhost' : undefined);
 	const nodeListenOptions = (
 		parsedArgs['socket-path']
-			? { path: parsedArgs['socket-path'] }
-			: { host, port: await parsePort(host, parsedArgs['port'], parsedArgs['pick-port']) }
+			? { path: sanitizeStringArg(parsedArgs['socket-path']) }
+			: { host, port: await parsePort(host, sanitizeStringArg(parsedArgs['port']), sanitizeStringArg(parsedArgs['pick-port'])) }
 	);
 	server.listen(nodeListenOptions, async () => {
 		let output = Array.isArray(product.serverGreeting) ? `\n\n${product.serverGreeting.join('\n')}\n\n` : ``;
@@ -144,6 +145,16 @@ async function start() {
 		}
 	});
 }
+/**
+ * @param {any} val
+ * @returns {string | undefined}
+ */
+function sanitizeStringArg(val) {
+	if (Array.isArray(val)) { // if an argument is passed multiple times, minimist creates an array
+		val = val.pop(); // take the last item
+	}
+	return typeof val === 'string' ? val : undefined;
+}
 
 /**
  * If `--pick-port` and `--port` is specified, connect to that port.