fix: replace shell exec with execFile to prevent command injection in macOS app termination

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: ConnorQi01

src/common/node/childProcess.ts

@@ -88,6 +88,37 @@ export class ChildProcess {
         return stdout.toString();
     }
 
+    public async execFileToString(
+        command: string,
+        args: string[] = [],
+        options: IExecOptions = {},
+    ): Promise<string> {
+        return new Promise<string>((resolve, reject) => {
+            this.childProcess.execFile(
+                command,
+                args,
+                options,
+                (
+                    error: nodeChildProcess.ExecException | null,
+                    stdout: string | Buffer,
+                    stderr: string | Buffer,
+                ) => {
+                    if (error) {
+                        reject(
+                            ErrorHelper.getNestedError(
+                                error,
+                                InternalErrorCode.CommandFailed,
+                                command,
+                            ),
+                        );
+                    } else {
+                        resolve(stdout.toString());
+                    }
+                },
+            );
+        });
+    }
+
     public execFileSync(
         command: string,
         args: string[] = [],

src/extension/macos/macOSPlatform.ts

@@ -208,7 +208,7 @@ export class MacOSPlatform extends GeneralPlatform {
         // 40959 ??         0:10.36 /Users/user/.nvm/versions/node/v10.19.0/bin/node /Users/user/Documents/rn_for_mac_proj/node_modules/metro/node_modules/jest-worker/build/workers/processChild.js
         // 41004 ??         0:21.34 /Users/user/Library/Developer/Xcode/DerivedData/rn_for_mac_proj-ghuavabiztosiqfqkrityjoxqfmv/Build/Products/Debug/rn_for_mac_proj.app/Contents/MacOS/rn_for_mac_proj
         // 75514 ttys007    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn rn_for_mac_proj
-        const searchResults = await childProcess.execToString(`ps -ax | grep ${appName}`);
+        const searchResults = await childProcess.execFileToString("ps", ["-ax"]);
         if (searchResults) {
             const processIdRgx = /(^\d*)\s\?\?/g;
             //  We are looking for a process whose path contains the "appName.app" part
@@ -217,7 +217,7 @@ export class MacOSPlatform extends GeneralPlatform {
             if (processData) {
                 const match = processIdRgx.exec(processData.trim());
                 if (match && match[1]) {
-                    await childProcess.execToString(`kill ${match[1]}`);
+                    await childProcess.execFileToString("kill", [match[1]]);
                 }
             }
         }