github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-21 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Gate updated cert gen behind FF

Browse Source
This commit is contained in:
Michael B. Gale
2026-02-11 18:40:42 +00:00
parent d636fb3f63
commit b1d963ed8f
15 changed files with 136 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/analyze-action-post.js
Generated
+5
View File
@@ -161565,6 +161565,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/analyze-action.js
Generated
+5
View File
@@ -107633,6 +107633,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/autobuild-action.js
Generated
+5
View File
@@ -103966,6 +103966,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/init-action-post.js
Generated
+5
View File
@@ -164959,6 +164959,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/init-action.js
Generated
+5
View File
@@ -105166,6 +105166,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/resolve-environment-action.js
Generated
+5
View File
@@ -103957,6 +103957,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/setup-codeql-action.js
Generated
+5
View File
@@ -103867,6 +103867,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/start-proxy-action-post.js
Generated
+5
View File
@@ -160971,6 +160971,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/start-proxy-action.js
Generated
+30 -15
View File
@@ -120659,6 +120659,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -121742,7 +121747,18 @@ var CERT_SUBJECT = [
value: "San Francisco"
}
];
function generateCertificateAuthority() {
var extraExtensions = [
{
name: "keyUsage",
critical: true,
keyCertSign: true,
cRLSign: true,
digitalSignature: true
},
{ name: "subjectKeyIdentifier" },
{ name: "authorityKeyIdentifier", keyIdentifier: true }
];
function generateCertificateAuthority(newCertGenFF) {
const keys = import_node_forge.pki.rsa.generateKeyPair(KEY_SIZE);
const cert = import_node_forge.pki.createCertificate();
cert.publicKey = keys.publicKey;
@@ -121754,19 +121770,16 @@ function generateCertificateAuthority() {
);
cert.setSubject(CERT_SUBJECT);
cert.setIssuer(CERT_SUBJECT);
cert.setExtensions([
{ name: "basicConstraints", cA: true },
{
name: "keyUsage",
critical: true,
keyCertSign: true,
cRLSign: true,
digitalSignature: true
},
{ name: "subjectKeyIdentifier" },
{ name: "authorityKeyIdentifier", keyIdentifier: true }
]);
cert.sign(keys.privateKey, import_node_forge.md.sha256.create());
const extensions = [{ name: "basicConstraints", cA: true }];
if (newCertGenFF) {
extensions.push(...extraExtensions);
}
cert.setExtensions(extensions);
if (newCertGenFF) {
cert.sign(keys.privateKey, import_node_forge.md.sha256.create());
} else {
cert.sign(keys.privateKey);
}
const pem = import_node_forge.pki.certificateToPem(cert);
const key = import_node_forge.pki.privateKeyToPem(keys.privateKey);
return { cert: pem, key };
@@ -121892,7 +121905,9 @@ async function run(startedAt) {
`Credentials loaded for the following registries:
${credentials.map((c) => credentialToStr(c)).join("\n")}`
);
const ca = generateCertificateAuthority();
const ca = generateCertificateAuthority(
await features.getValue("improved_proxy_certificates" /* ImprovedProxyCertificates */)
);
const proxyConfig = {
all_credentials: credentials,
ca
lib/upload-lib.js
Generated
+5
View File
@@ -107026,6 +107026,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/upload-sarif-action-post.js
Generated
+5
View File
@@ -161133,6 +161133,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
lib/upload-sarif-action.js
Generated
+5
View File
@@ -106821,6 +106821,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES",
minimumVersion: void 0
},
["improved_proxy_certificates" /* ImprovedProxyCertificates */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_IMPROVED_PROXY_CERTIFICATES",
minimumVersion: void 0
},
["overlay_analysis" /* OverlayAnalysis */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",