github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-02 01:32:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix config path comparisons where workspace path is a symlink

Browse Source 
Before this change, config-utils.ts › load non-empty input was failing on Mac with:

The configuration file "/var/folders/gx/y8v1507s29d97m1r_5kq0s000000gn/T/codeql-action-oum66d/input" is invalid: property "queries.uses" is invalid as the local path "" is outside of the repository

The reason is that the tmp directory (which is where the config file was put by the test) was a symlink.
This commit is contained in:
Sam Partington
2020-06-16 16:57:08 +01:00
parent 6de3e1cde4
commit 0b53ebbc36
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/config-utils.js generated
View File

@@ -58,7 +58,7 @@ class Config {
throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
}
// Check the local path doesn't jump outside the repo using '..' or symlinks
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(workspacePath + path.sep)) {
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
}
this.additionalQueries.push(absoluteQueryPath);

2
lib/config-utils.js.map
View File

File diff suppressed because one or more lines are too long

2
src/config-utils.ts
View File

@@ -60,7 +60,7 @@ export class Config {
}
// Check the local path doesn't jump outside the repo using '..' or symlinks
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(workspacePath + path.sep)) {
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
}