mirror of
https://github.com/github/codeql-action.git
synced 2026-04-26 08:48:46 +00:00
Use enum for token types
This commit is contained in:
Michael B. Gale
Generated
+10
-10
@@ -125449,31 +125449,31 @@ var path5 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
{
|
||||
name: "Personal Access Token (Classic)",
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Personal Access Token (Fine-grained)",
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -125481,13 +125481,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs5.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+10
-10
@@ -130111,31 +130111,31 @@ var path11 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
{
|
||||
name: "Personal Access Token (Classic)",
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Personal Access Token (Fine-grained)",
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -130143,13 +130143,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs12.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+10
-10
@@ -124389,31 +124389,31 @@ var path2 = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
{
|
||||
name: "Personal Access Token (Classic)",
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Personal Access Token (Fine-grained)",
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -124421,13 +124421,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs2.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
Generated
+10
-10
@@ -124374,31 +124374,31 @@ var path = __toESM(require("path"));
|
||||
var exec = __toESM(require_exec());
|
||||
var GITHUB_TOKEN_PATTERNS = [
|
||||
{
|
||||
name: "Personal Access Token (Classic)",
|
||||
type: "Personal Access Token (Classic)" /* PersonalAccessClassic */,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Personal Access Token (Fine-grained)",
|
||||
type: "Personal Access Token (Fine-grained)" /* PersonalAccessFineGrained */,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: "OAuth Access Token" /* OAuth */,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: "User-to-Server Token" /* UserToServer */,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: "Server-to-Server Token" /* ServerToServer */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: "Refresh Token" /* Refresh */,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: "App Installation Access Token" /* AppInstallationAccess */,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g
|
||||
}
|
||||
];
|
||||
@@ -124406,13 +124406,13 @@ function scanFileForTokens(filePath, relativePath, logger) {
|
||||
const findings = [];
|
||||
try {
|
||||
const content = fs.readFileSync(filePath, "utf8");
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type2, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type2}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
return findings;
|
||||
|
||||
+30
-11
@@ -7,37 +7,56 @@ import * as exec from "@actions/exec";
|
||||
import { Logger } from "./logging";
|
||||
import { getErrorMessage } from "./util";
|
||||
|
||||
/**
|
||||
* Enumerates known types of GitHub token formats.
|
||||
*/
|
||||
export enum TokenType {
|
||||
PersonalAccessClassic = "Personal Access Token (Classic)",
|
||||
PersonalAccessFineGrained = "Personal Access Token (Fine-grained)",
|
||||
OAuth = "OAuth Access Token",
|
||||
UserToServer = "User-to-Server Token",
|
||||
ServerToServer = "Server-to-Server Token",
|
||||
Refresh = "Refresh Token",
|
||||
AppInstallationAccess = "App Installation Access Token",
|
||||
}
|
||||
|
||||
/** A value of this type associates a token type with its pattern. */
|
||||
export interface TokenPattern {
|
||||
type: TokenType;
|
||||
pattern: RegExp;
|
||||
}
|
||||
|
||||
/**
|
||||
* GitHub token patterns to scan for.
|
||||
* These patterns match various GitHub token formats.
|
||||
*/
|
||||
const GITHUB_TOKEN_PATTERNS = [
|
||||
const GITHUB_TOKEN_PATTERNS: TokenPattern[] = [
|
||||
{
|
||||
name: "Personal Access Token (Classic)",
|
||||
type: TokenType.PersonalAccessClassic,
|
||||
pattern: /\bghp_[a-zA-Z0-9]{36}\b/g,
|
||||
},
|
||||
{
|
||||
name: "Personal Access Token (Fine-grained)",
|
||||
type: TokenType.PersonalAccessFineGrained,
|
||||
pattern: /\bgithub_pat_[a-zA-Z0-9_]+\b/g,
|
||||
},
|
||||
{
|
||||
name: "OAuth Access Token",
|
||||
type: TokenType.OAuth,
|
||||
pattern: /\bgho_[a-zA-Z0-9]{36}\b/g,
|
||||
},
|
||||
{
|
||||
name: "User-to-Server Token",
|
||||
type: TokenType.UserToServer,
|
||||
pattern: /\bghu_[a-zA-Z0-9]{36}\b/g,
|
||||
},
|
||||
{
|
||||
name: "Server-to-Server Token",
|
||||
type: TokenType.ServerToServer,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{36}\b/g,
|
||||
},
|
||||
{
|
||||
name: "Refresh Token",
|
||||
type: TokenType.Refresh,
|
||||
pattern: /\bghr_[a-zA-Z0-9]{36}\b/g,
|
||||
},
|
||||
{
|
||||
name: "App Installation Access Token",
|
||||
type: TokenType.AppInstallationAccess,
|
||||
pattern: /\bghs_[a-zA-Z0-9]{255}\b/g,
|
||||
},
|
||||
];
|
||||
@@ -69,13 +88,13 @@ function scanFileForTokens(
|
||||
try {
|
||||
const content = fs.readFileSync(filePath, "utf8");
|
||||
|
||||
for (const { name, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
for (const { type, pattern } of GITHUB_TOKEN_PATTERNS) {
|
||||
const matches = content.match(pattern);
|
||||
if (matches) {
|
||||
for (let i = 0; i < matches.length; i++) {
|
||||
findings.push({ tokenType: name, filePath: relativePath });
|
||||
findings.push({ tokenType: type, filePath: relativePath });
|
||||
}
|
||||
logger.debug(`Found ${matches.length} ${name}(s) in ${relativePath}`);
|
||||
logger.debug(`Found ${matches.length} ${type}(s) in ${relativePath}`);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user