github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-28 18:08:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check whether value is a URL in checkEnvVar and clear credentials

Browse Source 
Note also that we run this after `getCredentials` which already instructs Actions to mask credentials that we know about in logs
This commit is contained in:
Michael B. Gale
2026-02-17 13:42:51 +00:00
parent c1d6ee5477
commit 99fcc7b2a1
3 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/start-proxy/environment.test.ts
+24 -3
View File
@@ -29,12 +29,16 @@ function assertEnvVarLogMessages(
t: ExecutionContext<any>,
envVars: string[],
messages: LoggedMessage[],
expectSet: boolean,
expectSet: boolean | string,
) {
const template = (envVar: string) =>
expectSet
const template = (envVar: string) => {
if (typeof expectSet === "string") {
return `Environment variable '${envVar}' is set to '${expectSet}'`;
}
return expectSet
? `Environment variable '${envVar}' is set to '${envVar}'`
: `Environment variable '${envVar}' is not set`;
};
const expected: string[] = [];
@@ -145,6 +149,23 @@ test("checkProxyEnvVars - logs values when variables are set", (t) => {
assertEnvVarLogMessages(t, Object.values(ProxyEnvVars), messages, true);
});
test("checkProxyEnvVars - credentials are removed from URLs", (t) => {
const messages: LoggedMessage[] = [];
const logger = getRecordingLogger(messages);
for (const envVar of Object.values(ProxyEnvVars)) {
process.env[envVar] = "https://secret:password@proxy.local";
}
checkProxyEnvVars(logger);
assertEnvVarLogMessages(
t,
Object.values(ProxyEnvVars),
messages,
"https://proxy.local/",
);
});
test("checkProxyEnvironment - includes base checks for all known languages", (t) => {
for (const language of Object.values(KnownLanguage)) {
const messages: LoggedMessage[] = [];
src/start-proxy/environment.ts
+8 -1
View File
@@ -16,7 +16,14 @@ import { getErrorMessage, isDefined } from "../util";
function checkEnvVar(logger: Logger, name: string): boolean {
const value = process.env[name];
if (isDefined(value)) {
logger.info(`Environment variable '${name}' is set to '${value}'.`);
const url = URL.parse(value);
if (isDefined(url)) {
url.username = "";
url.password = "";
logger.info(`Environment variable '${name}' is set to '${url}'.`);
} else {
logger.info(`Environment variable '${name}' is set to '${value}'.`);
}
return true;
} else {
logger.debug(`Environment variable '${name}' is not set.`);