mirror of
https://github.com/github/codeql-action.git
synced 2026-04-29 10:28:52 +00:00
Merge pull request #3422 from github/mbg/start-proxy/warn-if-pat-without-username
Warn if a private registry configuration uses a PAT, but has no username
This commit is contained in:
Michael B. Gale
GitHub
Generated
+18
-12
@@ -128694,29 +128694,35 @@ var fs5 = __toESM(require("fs"));
|
||||
var os = __toESM(require("os"));
|
||||
var path5 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_PAT_CLASSIC_PATTERN = {
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
};
|
||||
var GITHUB_PAT_FINE_GRAINED_PATTERN = {
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
};
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN,
|
||||
{
|
||||
name: "Personal Access Token",
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -128724,13 +128730,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs5.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+18
-12
@@ -133360,29 +133360,35 @@ var fs12 = __toESM(require("fs"));
|
||||
var os2 = __toESM(require("os"));
|
||||
var path11 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_PAT_CLASSIC_PATTERN = {
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
};
|
||||
var GITHUB_PAT_FINE_GRAINED_PATTERN = {
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
};
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN,
|
||||
{
|
||||
name: "Personal Access Token",
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -133390,13 +133396,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs12.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+18
-12
@@ -127632,29 +127632,35 @@ var fs2 = __toESM(require("fs"));
|
||||
var os = __toESM(require("os"));
|
||||
var path2 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_PAT_CLASSIC_PATTERN = {
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
};
|
||||
var GITHUB_PAT_FINE_GRAINED_PATTERN = {
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
};
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN,
|
||||
{
|
||||
name: "Personal Access Token",
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -127662,13 +127668,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs2.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+72
-18
@@ -19578,11 +19578,11 @@ var require_exec = __commonJS({
|
||||
});
|
||||
};
|
||||
Object.defineProperty(exports2, "__esModule", { value: true });
|
||||
exports2.exec = exec;
|
||||
exports2.exec = exec3;
|
||||
exports2.getExecOutput = getExecOutput;
|
||||
var string_decoder_1 = require("string_decoder");
|
||||
var tr = __importStar2(require_toolrunner());
|
||||
function exec(commandLine, args, options) {
|
||||
function exec3(commandLine, args, options) {
|
||||
return __awaiter2(this, void 0, void 0, function* () {
|
||||
const commandArgs = tr.argStringToArray(commandLine);
|
||||
if (commandArgs.length === 0) {
|
||||
@@ -19616,7 +19616,7 @@ var require_exec = __commonJS({
|
||||
}
|
||||
};
|
||||
const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
|
||||
const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
|
||||
const exitCode = yield exec3(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
|
||||
stdout += stdoutDecoder.end();
|
||||
stderr += stderrDecoder.end();
|
||||
return {
|
||||
@@ -19704,12 +19704,12 @@ var require_platform = __commonJS({
|
||||
exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
|
||||
exports2.getDetails = getDetails;
|
||||
var os_1 = __importDefault2(require("os"));
|
||||
var exec = __importStar2(require_exec());
|
||||
var exec3 = __importStar2(require_exec());
|
||||
var getWindowsInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
|
||||
const { stdout: version } = yield exec3.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
|
||||
silent: true
|
||||
});
|
||||
const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
|
||||
const { stdout: name } = yield exec3.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
|
||||
silent: true
|
||||
});
|
||||
return {
|
||||
@@ -19719,7 +19719,7 @@ var require_platform = __commonJS({
|
||||
});
|
||||
var getMacOsInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
var _a, _b, _c, _d;
|
||||
const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
|
||||
const { stdout } = yield exec3.getExecOutput("sw_vers", void 0, {
|
||||
silent: true
|
||||
});
|
||||
const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
|
||||
@@ -19730,7 +19730,7 @@ var require_platform = __commonJS({
|
||||
};
|
||||
});
|
||||
var getLinuxInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
|
||||
const { stdout } = yield exec3.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
|
||||
silent: true
|
||||
});
|
||||
const [name, version] = stdout.trim().split("\n");
|
||||
@@ -49960,7 +49960,7 @@ var require_exec2 = __commonJS({
|
||||
exports2.getExecOutput = exports2.exec = void 0;
|
||||
var string_decoder_1 = require("string_decoder");
|
||||
var tr = __importStar2(require_toolrunner2());
|
||||
function exec(commandLine, args, options) {
|
||||
function exec3(commandLine, args, options) {
|
||||
return __awaiter2(this, void 0, void 0, function* () {
|
||||
const commandArgs = tr.argStringToArray(commandLine);
|
||||
if (commandArgs.length === 0) {
|
||||
@@ -49972,7 +49972,7 @@ var require_exec2 = __commonJS({
|
||||
return runner.exec();
|
||||
});
|
||||
}
|
||||
exports2.exec = exec;
|
||||
exports2.exec = exec3;
|
||||
function getExecOutput(commandLine, args, options) {
|
||||
var _a, _b;
|
||||
return __awaiter2(this, void 0, void 0, function* () {
|
||||
@@ -49995,7 +49995,7 @@ var require_exec2 = __commonJS({
|
||||
}
|
||||
};
|
||||
const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
|
||||
const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
|
||||
const exitCode = yield exec3(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
|
||||
stdout += stdoutDecoder.end();
|
||||
stderr += stderrDecoder.end();
|
||||
return {
|
||||
@@ -50073,12 +50073,12 @@ var require_platform2 = __commonJS({
|
||||
Object.defineProperty(exports2, "__esModule", { value: true });
|
||||
exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
|
||||
var os_1 = __importDefault2(require("os"));
|
||||
var exec = __importStar2(require_exec2());
|
||||
var exec3 = __importStar2(require_exec2());
|
||||
var getWindowsInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
|
||||
const { stdout: version } = yield exec3.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
|
||||
silent: true
|
||||
});
|
||||
const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
|
||||
const { stdout: name } = yield exec3.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
|
||||
silent: true
|
||||
});
|
||||
return {
|
||||
@@ -50088,7 +50088,7 @@ var require_platform2 = __commonJS({
|
||||
});
|
||||
var getMacOsInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
var _a, _b, _c, _d;
|
||||
const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
|
||||
const { stdout } = yield exec3.getExecOutput("sw_vers", void 0, {
|
||||
silent: true
|
||||
});
|
||||
const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
|
||||
@@ -50099,7 +50099,7 @@ var require_platform2 = __commonJS({
|
||||
};
|
||||
});
|
||||
var getLinuxInfo = () => __awaiter2(void 0, void 0, void 0, function* () {
|
||||
const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
|
||||
const { stdout } = yield exec3.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
|
||||
silent: true
|
||||
});
|
||||
const [name, version] = stdout.trim().split("\n");
|
||||
@@ -53532,7 +53532,7 @@ var require_cacheUtils = __commonJS({
|
||||
exports2.getCacheVersion = getCacheVersion;
|
||||
exports2.getRuntimeToken = getRuntimeToken;
|
||||
var core12 = __importStar2(require_core());
|
||||
var exec = __importStar2(require_exec());
|
||||
var exec3 = __importStar2(require_exec());
|
||||
var glob = __importStar2(require_glob());
|
||||
var io4 = __importStar2(require_io());
|
||||
var crypto2 = __importStar2(require("crypto"));
|
||||
@@ -53612,7 +53612,7 @@ var require_cacheUtils = __commonJS({
|
||||
additionalArgs.push("--version");
|
||||
core12.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
|
||||
try {
|
||||
yield exec.exec(`${app}`, additionalArgs, {
|
||||
yield exec3.exec(`${app}`, additionalArgs, {
|
||||
ignoreReturnCode: true,
|
||||
silent: true,
|
||||
listeners: {
|
||||
@@ -103396,6 +103396,49 @@ function getActionsLogger() {
|
||||
// src/start-proxy.ts
|
||||
var core7 = __toESM(require_core());
|
||||
|
||||
// src/artifact-scanner.ts
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_PAT_CLASSIC_PATTERN = {
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
};
|
||||
var GITHUB_PAT_FINE_GRAINED_PATTERN = {
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
};
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN,
|
||||
{
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
function isAuthToken(value, patterns = GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of patterns) {
|
||||
if (value.match(pattern)) {
|
||||
return type2;
|
||||
}
|
||||
}
|
||||
return void 0;
|
||||
}
|
||||
|
||||
// src/defaults.json
|
||||
var bundleVersion = "codeql-bundle-v2.24.0";
|
||||
var cliVersion = "2.24.0";
|
||||
@@ -103438,6 +103481,12 @@ function parseLanguage(language) {
|
||||
}
|
||||
return void 0;
|
||||
}
|
||||
function isPAT(value) {
|
||||
return isAuthToken(value, [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN
|
||||
]);
|
||||
}
|
||||
var LANGUAGE_TO_REGISTRY_TYPE = {
|
||||
java: ["maven_repository"],
|
||||
csharp: ["nuget_feed"],
|
||||
@@ -103499,6 +103548,11 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
|
||||
"Invalid credentials - fields must contain only printable characters"
|
||||
);
|
||||
}
|
||||
if (!isDefined(e.username) && (isDefined(e.password) && isPAT(e.password) || isDefined(e.token) && isPAT(e.token))) {
|
||||
logger.warning(
|
||||
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.`
|
||||
);
|
||||
}
|
||||
out.push({
|
||||
type: e.type,
|
||||
host: e.host,
|
||||
|
||||
Generated
+18
-12
@@ -127617,29 +127617,35 @@ var fs = __toESM(require("fs"));
|
||||
var os = __toESM(require("os"));
|
||||
var path = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_PAT_CLASSIC_PATTERN = {
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
};
|
||||
var GITHUB_PAT_FINE_GRAINED_PATTERN = {
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
};
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
GITHUB_PAT_CLASSIC_PATTERN,
|
||||
GITHUB_PAT_FINE_GRAINED_PATTERN,
|
||||
{
|
||||
name: "Personal Access Token",
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -127647,13 +127653,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Reference in New Issue
Block a user