Switch to environment files. Apply GHSA-mfwh-5m23-j46w (CVE-2020-15228)

This commit is contained in:
Shivam Mathur 2020-10-02 04:26:51 +05:30
parent 2ad63ddbd3
commit 716331904e
No known key found for this signature in database
GPG Key ID: 3E13E4C8591ACC2A
6 changed files with 89 additions and 24 deletions

99
dist/index.js vendored
View File

@ -953,6 +953,32 @@ class ExecState extends events.EventEmitter {
/***/ }), /***/ }),
/***/ 82:
/***/ (function(__unusedmodule, exports) {
"use strict";
// We use any as a valid input type
/* eslint-disable @typescript-eslint/no-explicit-any */
Object.defineProperty(exports, "__esModule", { value: true });
/**
* Sanitizes an input into a string so it can be passed into issueCommand safely
* @param input input to sanitize into a string
*/
function toCommandValue(input) {
if (input === null || input === undefined) {
return '';
}
else if (typeof input === 'string' || input instanceof String) {
return input;
}
return JSON.stringify(input);
}
exports.toCommandValue = toCommandValue;
//# sourceMappingURL=utils.js.map
/***/ }),
/***/ 86: /***/ 86:
/***/ (function(__unusedmodule, exports, __webpack_require__) { /***/ (function(__unusedmodule, exports, __webpack_require__) {
@ -1003,6 +1029,42 @@ module.exports = require("os");
/***/ }), /***/ }),
/***/ 102:
/***/ (function(__unusedmodule, exports, __webpack_require__) {
"use strict";
// For internal use, subject to change.
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
// We use any as a valid input type
/* eslint-disable @typescript-eslint/no-explicit-any */
const fs = __importStar(__webpack_require__(747));
const os = __importStar(__webpack_require__(87));
const utils_1 = __webpack_require__(82);
function issueCommand(command, message) {
const filePath = process.env[`GITHUB_${command}`];
if (!filePath) {
throw new Error(`Unable to find environment variable for file command ${command}`);
}
if (!fs.existsSync(filePath)) {
throw new Error(`Missing file at path: ${filePath}`);
}
fs.appendFileSync(filePath, `${utils_1.toCommandValue(message)}${os.EOL}`, {
encoding: 'utf8'
});
}
exports.issueCommand = issueCommand;
//# sourceMappingURL=file-command.js.map
/***/ }),
/***/ 129: /***/ 129:
/***/ (function(module) { /***/ (function(module) {
@ -1348,6 +1410,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
const os = __importStar(__webpack_require__(87)); const os = __importStar(__webpack_require__(87));
const utils_1 = __webpack_require__(82);
/** /**
* Commands * Commands
* *
@ -1401,28 +1464,14 @@ class Command {
return cmdStr; return cmdStr;
} }
} }
/**
* Sanitizes an input into a string so it can be passed into issueCommand safely
* @param input input to sanitize into a string
*/
function toCommandValue(input) {
if (input === null || input === undefined) {
return '';
}
else if (typeof input === 'string' || input instanceof String) {
return input;
}
return JSON.stringify(input);
}
exports.toCommandValue = toCommandValue;
function escapeData(s) { function escapeData(s) {
return toCommandValue(s) return utils_1.toCommandValue(s)
.replace(/%/g, '%25') .replace(/%/g, '%25')
.replace(/\r/g, '%0D') .replace(/\r/g, '%0D')
.replace(/\n/g, '%0A'); .replace(/\n/g, '%0A');
} }
function escapeProperty(s) { function escapeProperty(s) {
return toCommandValue(s) return utils_1.toCommandValue(s)
.replace(/%/g, '%25') .replace(/%/g, '%25')
.replace(/\r/g, '%0D') .replace(/\r/g, '%0D')
.replace(/\n/g, '%0A') .replace(/\n/g, '%0A')
@ -1456,6 +1505,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
const command_1 = __webpack_require__(431); const command_1 = __webpack_require__(431);
const file_command_1 = __webpack_require__(102);
const utils_1 = __webpack_require__(82);
const os = __importStar(__webpack_require__(87)); const os = __importStar(__webpack_require__(87));
const path = __importStar(__webpack_require__(622)); const path = __importStar(__webpack_require__(622));
/** /**
@ -1482,10 +1533,18 @@ var ExitCode;
*/ */
// eslint-disable-next-line @typescript-eslint/no-explicit-any // eslint-disable-next-line @typescript-eslint/no-explicit-any
function exportVariable(name, val) { function exportVariable(name, val) {
const convertedVal = command_1.toCommandValue(val); const convertedVal = utils_1.toCommandValue(val);
process.env[name] = convertedVal; process.env[name] = convertedVal;
const filePath = process.env['GITHUB_ENV'] || '';
if (filePath) {
const delimiter = '_GitHubActionsFileCommandDelimeter_';
const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`;
file_command_1.issueCommand('ENV', commandValue);
}
else {
command_1.issueCommand('set-env', { name }, convertedVal); command_1.issueCommand('set-env', { name }, convertedVal);
} }
}
exports.exportVariable = exportVariable; exports.exportVariable = exportVariable;
/** /**
* Registers a secret which will get masked from logs * Registers a secret which will get masked from logs
@ -1500,7 +1559,13 @@ exports.setSecret = setSecret;
* @param inputPath * @param inputPath
*/ */
function addPath(inputPath) { function addPath(inputPath) {
const filePath = process.env['GITHUB_PATH'] || '';
if (filePath) {
file_command_1.issueCommand('PATH', inputPath);
}
else {
command_1.issueCommand('add-path', {}, inputPath); command_1.issueCommand('add-path', {}, inputPath);
}
process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`; process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;
} }
exports.addPath = addPath; exports.addPath = addPath;

View File

@ -24,7 +24,7 @@
"author": "shivammathur", "author": "shivammathur",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/core": "^1.2.5", "@actions/core": "^1.2.6",
"@actions/exec": "^1.0.4", "@actions/exec": "^1.0.4",
"@actions/io": "^1.0.2", "@actions/io": "^1.0.2",
"fs": "0.0.1-security" "fs": "0.0.1-security"

View File

@ -152,7 +152,7 @@ configure_composer() {
exit 1 exit 1
fi fi
composer -q global config process-timeout 0 composer -q global config process-timeout 0
echo "::add-path::/Users/$USER/.composer/vendor/bin" echo "/Users/$USER/.composer/vendor/bin" >> "$GITHUB_PATH"
if [ -n "$COMPOSER_TOKEN" ]; then if [ -n "$COMPOSER_TOKEN" ]; then
composer -q global config github-oauth.github.com "$COMPOSER_TOKEN" composer -q global config github-oauth.github.com "$COMPOSER_TOKEN"
fi fi

View File

@ -252,7 +252,7 @@ configure_composer() {
exit 1; exit 1;
fi fi
composer -q global config process-timeout 0 composer -q global config process-timeout 0
echo "::add-path::/home/$USER/.composer/vendor/bin" echo "/home/$USER/.composer/vendor/bin" >> "$GITHUB_PATH"
if [ -n "$COMPOSER_TOKEN" ]; then if [ -n "$COMPOSER_TOKEN" ]; then
composer -q global config github-oauth.github.com "$COMPOSER_TOKEN" composer -q global config github-oauth.github.com "$COMPOSER_TOKEN"
fi fi

View File

@ -11,7 +11,7 @@ Function Add-Grpc_php_plugin() {
$msys_location = Add-Msys2 $msys_location = Add-Msys2
$logs = . $msys_location\usr\bin\bash -l -c "pacman -S --noconfirm mingw-w64-x86_64-grpc" >$null 2>&1 $logs = . $msys_location\usr\bin\bash -l -c "pacman -S --noconfirm mingw-w64-x86_64-grpc" >$null 2>&1
$grpc_version = Get-ToolVersion 'Write-Output' "$logs" $grpc_version = Get-ToolVersion 'Write-Output' "$logs"
Write-Output "::add-path::$msys_location\mingw64\bin" Write-Output "$msys_location\mingw64\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
Write-Output "::set-output name=grpc_php_plugin_path::$msys_location\mingw64\bin\grpc_php_plugin.exe" Write-Output "::set-output name=grpc_php_plugin_path::$msys_location\mingw64\bin\grpc_php_plugin.exe"
Add-ToProfile $current_profile 'grpc_php_plugin' "New-Alias grpc_php_plugin $msys_location\mingw64\bin\grpc_php_plugin.exe" Add-ToProfile $current_profile 'grpc_php_plugin' "New-Alias grpc_php_plugin $msys_location\mingw64\bin\grpc_php_plugin.exe"
Add-Log $tick "grpc_php_plugin" "Added grpc_php_plugin $grpc_version" Add-Log $tick "grpc_php_plugin" "Added grpc_php_plugin $grpc_version"

View File

@ -189,7 +189,7 @@ Function Edit-ComposerConfig() {
exit 1; exit 1;
} }
composer -q global config process-timeout 0 composer -q global config process-timeout 0
Write-Output "::add-path::$env:APPDATA\Composer\vendor\bin" Write-Output "$env:APPDATA\Composer\vendor\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
if (Test-Path env:COMPOSER_TOKEN) { if (Test-Path env:COMPOSER_TOKEN) {
composer -q global config github-oauth.github.com $env:COMPOSER_TOKEN composer -q global config github-oauth.github.com $env:COMPOSER_TOKEN
} }