github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-03 10:12:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3563 from github/mbg/private-registry/oidc

Browse Source 
Accept OIDC configurations in `start-proxy`
This commit is contained in:
Michael B. Gale
2026-03-13 11:58:36 +00:00
committed by GitHub
parent 4c356c71a2 6c99ca514e
commit e3200e331b
22 changed files with 1299 additions and 571 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -12,6 +12,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
- **User-owned repositories using advanced setup:** Set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in your workflow.
- Fixed [a bug](https://github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://github.com/github/codeql-action/pull/3557)
- The CodeQL Action now loads [custom repository properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) on GitHub Enterprise Server, enabling the customization of features such as `github-codeql-disable-overlay` that was previously only available on GitHub.com. [#3559](https://github.com/github/codeql-action/pull/3559)
- Once [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries) can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. [#3563](https://github.com/github/codeql-action/pull/3563)
- Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". [#3564](https://github.com/github/codeql-action/pull/3564)
## 4.32.6 - 05 Mar 2026

65
lib/analyze-action-post.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -106965,10 +106965,10 @@ var require_util20 = __commonJS({
return typeof arg === "number";
}
exports2.isNumber = isNumber;
function isString(arg) {
function isString2(arg) {
return typeof arg === "string";
}
exports2.isString = isString;
exports2.isString = isString2;
function isSymbol(arg) {
return typeof arg === "symbol";
}
@@ -106981,10 +106981,10 @@ var require_util20 = __commonJS({
return objectToString(re) === "[object RegExp]";
}
exports2.isRegExp = isRegExp;
function isObject2(arg) {
function isObject3(arg) {
return typeof arg === "object" && arg !== null;
}
exports2.isObject = isObject2;
exports2.isObject = isObject3;
function isDate(d) {
return objectToString(d) === "[object Date]";
}
@@ -109026,11 +109026,11 @@ var require_baseGetTag = __commonJS({
// node_modules/lodash/isObject.js
var require_isObject = __commonJS({
"node_modules/lodash/isObject.js"(exports2, module2) {
function isObject2(value) {
function isObject3(value) {
var type2 = typeof value;
return value != null && (type2 == "object" || type2 == "function");
}
module2.exports = isObject2;
module2.exports = isObject3;
}
});
@@ -109038,13 +109038,13 @@ var require_isObject = __commonJS({
var require_isFunction = __commonJS({
"node_modules/lodash/isFunction.js"(exports2, module2) {
var baseGetTag = require_baseGetTag();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var asyncTag = "[object AsyncFunction]";
var funcTag = "[object Function]";
var genTag = "[object GeneratorFunction]";
var proxyTag = "[object Proxy]";
function isFunction(value) {
if (!isObject2(value)) {
if (!isObject3(value)) {
return false;
}
var tag = baseGetTag(value);
@@ -109105,7 +109105,7 @@ var require_baseIsNative = __commonJS({
"node_modules/lodash/_baseIsNative.js"(exports2, module2) {
var isFunction = require_isFunction();
var isMasked = require_isMasked();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var toSource = require_toSource();
var reRegExpChar = /[\\^$.*+?()[\]{}|]/g;
var reIsHostCtor = /^\[object .+?Constructor\]$/;
@@ -109117,7 +109117,7 @@ var require_baseIsNative = __commonJS({
"^" + funcToString.call(hasOwnProperty).replace(reRegExpChar, "\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, "$1.*?") + "$"
);
function baseIsNative(value) {
if (!isObject2(value) || isMasked(value)) {
if (!isObject3(value) || isMasked(value)) {
return false;
}
var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
@@ -109285,9 +109285,9 @@ var require_isIterateeCall = __commonJS({
var eq = require_eq2();
var isArrayLike = require_isArrayLike();
var isIndex = require_isIndex();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
function isIterateeCall(value, index, object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return false;
}
var type2 = typeof index;
@@ -109532,13 +109532,13 @@ var require_nativeKeysIn = __commonJS({
// node_modules/lodash/_baseKeysIn.js
var require_baseKeysIn = __commonJS({
"node_modules/lodash/_baseKeysIn.js"(exports2, module2) {
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var isPrototype = require_isPrototype();
var nativeKeysIn = require_nativeKeysIn();
var objectProto = Object.prototype;
var hasOwnProperty = objectProto.hasOwnProperty;
function baseKeysIn(object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return nativeKeysIn(object);
}
var isProto = isPrototype(object), result = [];
@@ -110030,7 +110030,7 @@ var require_event_target_shim = __commonJS({
var CAPTURE = 1;
var BUBBLE = 2;
var ATTRIBUTE = 3;
function isObject2(x) {
function isObject3(x) {
return x !== null && typeof x === "object";
}
function getListeners(eventTarget) {
@@ -110056,7 +110056,7 @@ var require_event_target_shim = __commonJS({
return null;
},
set(listener) {
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
listener = null;
}
const listeners = getListeners(this);
@@ -110147,11 +110147,11 @@ var require_event_target_shim = __commonJS({
if (listener == null) {
return;
}
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
throw new TypeError("'listener' should be a function or an object.");
}
const listeners = getListeners(this);
const optionsIsObj = isObject2(options);
const optionsIsObj = isObject3(options);
const capture = optionsIsObj ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
const newNode = {
@@ -110188,7 +110188,7 @@ var require_event_target_shim = __commonJS({
return;
}
const listeners = getListeners(this);
const capture = isObject2(options) ? Boolean(options.capture) : Boolean(options);
const capture = isObject3(options) ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
let prev = null;
let node = listeners.get(eventName);
@@ -160996,6 +160996,11 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -163096,7 +163101,7 @@ function getArtifactSuffix(matrix) {
if (matrix) {
try {
const matrixObject = JSON.parse(matrix);
if (matrixObject !== null && typeof matrixObject === "object") {
if (isObject2(matrixObject)) {
for (const matrixKey of Object.keys(matrixObject).sort())
suffix += `-${matrixObject[matrixKey]}`;
} else {

34
lib/analyze-action.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url2.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -105790,6 +105790,16 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -106074,7 +106084,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -112145,7 +112155,7 @@ function locationUpdateCallback(result, location, logger) {
}
function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!location.uri && location.index !== void 0) {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || typeof artifacts[location.index].location !== "object") {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || !isObject2(artifacts[location.index].location)) {
logger.debug(`Ignoring location as index "${location.index}" is invalid`);
return void 0;
}

30
lib/autobuild-action.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -102888,6 +102888,14 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -102995,7 +103003,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {

72
lib/init-action-post.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url2.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -106965,10 +106965,10 @@ var require_util20 = __commonJS({
return typeof arg === "number";
}
exports2.isNumber = isNumber;
function isString(arg) {
function isString2(arg) {
return typeof arg === "string";
}
exports2.isString = isString;
exports2.isString = isString2;
function isSymbol(arg) {
return typeof arg === "symbol";
}
@@ -106981,10 +106981,10 @@ var require_util20 = __commonJS({
return objectToString(re) === "[object RegExp]";
}
exports2.isRegExp = isRegExp;
function isObject2(arg) {
function isObject3(arg) {
return typeof arg === "object" && arg !== null;
}
exports2.isObject = isObject2;
exports2.isObject = isObject3;
function isDate(d) {
return objectToString(d) === "[object Date]";
}
@@ -109026,11 +109026,11 @@ var require_baseGetTag = __commonJS({
// node_modules/lodash/isObject.js
var require_isObject = __commonJS({
"node_modules/lodash/isObject.js"(exports2, module2) {
function isObject2(value) {
function isObject3(value) {
var type2 = typeof value;
return value != null && (type2 == "object" || type2 == "function");
}
module2.exports = isObject2;
module2.exports = isObject3;
}
});
@@ -109038,13 +109038,13 @@ var require_isObject = __commonJS({
var require_isFunction = __commonJS({
"node_modules/lodash/isFunction.js"(exports2, module2) {
var baseGetTag = require_baseGetTag();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var asyncTag = "[object AsyncFunction]";
var funcTag = "[object Function]";
var genTag = "[object GeneratorFunction]";
var proxyTag = "[object Proxy]";
function isFunction(value) {
if (!isObject2(value)) {
if (!isObject3(value)) {
return false;
}
var tag = baseGetTag(value);
@@ -109105,7 +109105,7 @@ var require_baseIsNative = __commonJS({
"node_modules/lodash/_baseIsNative.js"(exports2, module2) {
var isFunction = require_isFunction();
var isMasked = require_isMasked();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var toSource = require_toSource();
var reRegExpChar = /[\\^$.*+?()[\]{}|]/g;
var reIsHostCtor = /^\[object .+?Constructor\]$/;
@@ -109117,7 +109117,7 @@ var require_baseIsNative = __commonJS({
"^" + funcToString.call(hasOwnProperty).replace(reRegExpChar, "\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, "$1.*?") + "$"
);
function baseIsNative(value) {
if (!isObject2(value) || isMasked(value)) {
if (!isObject3(value) || isMasked(value)) {
return false;
}
var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
@@ -109285,9 +109285,9 @@ var require_isIterateeCall = __commonJS({
var eq = require_eq2();
var isArrayLike = require_isArrayLike();
var isIndex = require_isIndex();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
function isIterateeCall(value, index, object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return false;
}
var type2 = typeof index;
@@ -109532,13 +109532,13 @@ var require_nativeKeysIn = __commonJS({
// node_modules/lodash/_baseKeysIn.js
var require_baseKeysIn = __commonJS({
"node_modules/lodash/_baseKeysIn.js"(exports2, module2) {
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var isPrototype = require_isPrototype();
var nativeKeysIn = require_nativeKeysIn();
var objectProto = Object.prototype;
var hasOwnProperty = objectProto.hasOwnProperty;
function baseKeysIn(object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return nativeKeysIn(object);
}
var isProto = isPrototype(object), result = [];
@@ -110030,7 +110030,7 @@ var require_event_target_shim = __commonJS({
var CAPTURE = 1;
var BUBBLE = 2;
var ATTRIBUTE = 3;
function isObject2(x) {
function isObject3(x) {
return x !== null && typeof x === "object";
}
function getListeners(eventTarget) {
@@ -110056,7 +110056,7 @@ var require_event_target_shim = __commonJS({
return null;
},
set(listener) {
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
listener = null;
}
const listeners = getListeners(this);
@@ -110147,11 +110147,11 @@ var require_event_target_shim = __commonJS({
if (listener == null) {
return;
}
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
throw new TypeError("'listener' should be a function or an object.");
}
const listeners = getListeners(this);
const optionsIsObj = isObject2(options);
const optionsIsObj = isObject3(options);
const capture = optionsIsObj ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
const newNode = {
@@ -110188,7 +110188,7 @@ var require_event_target_shim = __commonJS({
return;
}
const listeners = getListeners(this);
const capture = isObject2(options) ? Boolean(options.capture) : Boolean(options);
const capture = isObject3(options) ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
let prev = null;
let node = listeners.get(eventName);
@@ -163894,6 +163894,14 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
@@ -164004,7 +164012,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -168089,7 +168097,7 @@ function getArtifactSuffix(matrix) {
if (matrix) {
try {
const matrixObject = JSON.parse(matrix);
if (matrixObject !== null && typeof matrixObject === "object") {
if (isObject2(matrixObject)) {
for (const matrixKey of Object.keys(matrixObject).sort())
suffix += `-${matrixObject[matrixKey]}`;
} else {
@@ -169230,7 +169238,7 @@ function locationUpdateCallback(result, location, logger) {
}
function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!location.uri && location.index !== void 0) {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || typeof artifacts[location.index].location !== "object") {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || !isObject2(artifacts[location.index].location)) {
logger.debug(`Ignoring location as index "${location.index}" is invalid`);
return void 0;
}

38
lib/init-action.js generated
View File

@@ -53438,8 +53438,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57925,7 +57925,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57972,7 +57972,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99984,7 +99984,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString2(data) && !isBuffer(data)) {
if (!isString3(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100239,7 +100239,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString2(input)) {
} else if (isString3(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100255,7 +100255,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString2(options.host) && !isString2(options.hostname)) {
if (!isString3(options.host) && !isString3(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100282,7 +100282,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString2(parsed.protocol)) {
if (!isString3(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100354,11 +100354,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString2(subdomain) && isString2(domain));
assert(isString3(subdomain) && isString3(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString2(value) {
function isString3(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -103107,6 +103107,14 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
@@ -103420,7 +103428,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -104300,16 +104308,16 @@ var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
return RepositoryPropertyName2;
})(RepositoryPropertyName || {});
function isString(value) {
function isString2(value) {
return typeof value === "string";
}
var stringProperty = {
validate: isString,
validate: isString2,
parse: parseStringRepositoryProperty
};
var booleanProperty = {
// The value from the API should come as a string, which we then parse into a boolean.
validate: isString,
validate: isString2,
parse: parseBooleanRepositoryProperty
};
var repositoryPropertyParsers = {
@@ -105895,7 +105903,7 @@ async function getOverlayStatus(codeql, languages, diskUsage, logger) {
}
const contents = await fs5.promises.readFile(statusFile, "utf-8");
const parsed = JSON.parse(contents);
if (typeof parsed !== "object" || parsed === null || typeof parsed["attemptedToBuildOverlayBaseDatabase"] !== "boolean" || typeof parsed["builtOverlayBaseDatabase"] !== "boolean") {
if (!isObject2(parsed) || typeof parsed["attemptedToBuildOverlayBaseDatabase"] !== "boolean" || typeof parsed["builtOverlayBaseDatabase"] !== "boolean") {
logger.debug(
"Ignoring overlay status cache entry with unexpected format."
);

30
lib/resolve-environment-action.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -102888,6 +102888,14 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -102988,7 +102996,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {

30
lib/setup-codeql-action.js generated
View File

@@ -51990,8 +51990,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -56477,7 +56477,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -56524,7 +56524,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -102944,6 +102944,14 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
@@ -103061,7 +103069,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {

65
lib/start-proxy-action-post.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -105592,10 +105592,10 @@ var require_util20 = __commonJS({
return typeof arg === "number";
}
exports2.isNumber = isNumber;
function isString(arg) {
function isString2(arg) {
return typeof arg === "string";
}
exports2.isString = isString;
exports2.isString = isString2;
function isSymbol(arg) {
return typeof arg === "symbol";
}
@@ -105608,10 +105608,10 @@ var require_util20 = __commonJS({
return objectToString(re) === "[object RegExp]";
}
exports2.isRegExp = isRegExp;
function isObject2(arg) {
function isObject3(arg) {
return typeof arg === "object" && arg !== null;
}
exports2.isObject = isObject2;
exports2.isObject = isObject3;
function isDate(d) {
return objectToString(d) === "[object Date]";
}
@@ -107653,11 +107653,11 @@ var require_baseGetTag = __commonJS({
// node_modules/lodash/isObject.js
var require_isObject = __commonJS({
"node_modules/lodash/isObject.js"(exports2, module2) {
function isObject2(value) {
function isObject3(value) {
var type2 = typeof value;
return value != null && (type2 == "object" || type2 == "function");
}
module2.exports = isObject2;
module2.exports = isObject3;
}
});
@@ -107665,13 +107665,13 @@ var require_isObject = __commonJS({
var require_isFunction = __commonJS({
"node_modules/lodash/isFunction.js"(exports2, module2) {
var baseGetTag = require_baseGetTag();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var asyncTag = "[object AsyncFunction]";
var funcTag = "[object Function]";
var genTag = "[object GeneratorFunction]";
var proxyTag = "[object Proxy]";
function isFunction(value) {
if (!isObject2(value)) {
if (!isObject3(value)) {
return false;
}
var tag = baseGetTag(value);
@@ -107732,7 +107732,7 @@ var require_baseIsNative = __commonJS({
"node_modules/lodash/_baseIsNative.js"(exports2, module2) {
var isFunction = require_isFunction();
var isMasked = require_isMasked();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var toSource = require_toSource();
var reRegExpChar = /[\\^$.*+?()[\]{}|]/g;
var reIsHostCtor = /^\[object .+?Constructor\]$/;
@@ -107744,7 +107744,7 @@ var require_baseIsNative = __commonJS({
"^" + funcToString.call(hasOwnProperty).replace(reRegExpChar, "\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, "$1.*?") + "$"
);
function baseIsNative(value) {
if (!isObject2(value) || isMasked(value)) {
if (!isObject3(value) || isMasked(value)) {
return false;
}
var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
@@ -107912,9 +107912,9 @@ var require_isIterateeCall = __commonJS({
var eq = require_eq2();
var isArrayLike = require_isArrayLike();
var isIndex = require_isIndex();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
function isIterateeCall(value, index, object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return false;
}
var type2 = typeof index;
@@ -108159,13 +108159,13 @@ var require_nativeKeysIn = __commonJS({
// node_modules/lodash/_baseKeysIn.js
var require_baseKeysIn = __commonJS({
"node_modules/lodash/_baseKeysIn.js"(exports2, module2) {
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var isPrototype = require_isPrototype();
var nativeKeysIn = require_nativeKeysIn();
var objectProto = Object.prototype;
var hasOwnProperty = objectProto.hasOwnProperty;
function baseKeysIn(object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return nativeKeysIn(object);
}
var isProto = isPrototype(object), result = [];
@@ -108657,7 +108657,7 @@ var require_event_target_shim = __commonJS({
var CAPTURE = 1;
var BUBBLE = 2;
var ATTRIBUTE = 3;
function isObject2(x) {
function isObject3(x) {
return x !== null && typeof x === "object";
}
function getListeners(eventTarget) {
@@ -108683,7 +108683,7 @@ var require_event_target_shim = __commonJS({
return null;
},
set(listener) {
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
listener = null;
}
const listeners = getListeners(this);
@@ -108774,11 +108774,11 @@ var require_event_target_shim = __commonJS({
if (listener == null) {
return;
}
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
throw new TypeError("'listener' should be a function or an object.");
}
const listeners = getListeners(this);
const optionsIsObj = isObject2(options);
const optionsIsObj = isObject3(options);
const capture = optionsIsObj ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
const newNode = {
@@ -108815,7 +108815,7 @@ var require_event_target_shim = __commonJS({
return;
}
const listeners = getListeners(this);
const capture = isObject2(options) ? Boolean(options.capture) : Boolean(options);
const capture = isObject3(options) ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
let prev = null;
let node = listeners.get(eventName);
@@ -157941,7 +157941,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -158196,7 +158196,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -158212,7 +158212,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -158239,7 +158239,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -158311,11 +158311,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -160993,6 +160993,11 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
// src/util.ts
var GITHUB_DOTCOM_URL = "https://github.com";
var MINIMUM_CGROUP_MEMORY_LIMIT_BYTES = 1024 * 1024;
@@ -161996,7 +162001,7 @@ function getArtifactSuffix(matrix) {
if (matrix) {
try {
const matrixObject = JSON.parse(matrix);
if (matrixObject !== null && typeof matrixObject === "object") {
if (isObject2(matrixObject)) {
for (const matrixKey of Object.keys(matrixObject).sort())
suffix += `-${matrixObject[matrixKey]}`;
} else {

220
lib/start-proxy-action.js generated
View File

@@ -47642,12 +47642,12 @@ var require_concat_map = __commonJS({
var res = [];
for (var i = 0; i < xs.length; i++) {
var x = fn(xs[i], i);
if (isArray(x)) res.push.apply(res, x);
if (isArray2(x)) res.push.apply(res, x);
else res.push(x);
}
return res;
};
var isArray = Array.isArray || function(xs) {
var isArray2 = Array.isArray || function(xs) {
return Object.prototype.toString.call(xs) === "[object Array]";
};
}
@@ -51990,8 +51990,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -56477,7 +56477,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -56524,7 +56524,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -63195,7 +63195,7 @@ var require_Credential = __commonJS({
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.Credential = void 0;
var Credential = class {
var Credential2 = class {
/**
* Creates a RequestPolicy object.
*
@@ -63206,7 +63206,7 @@ var require_Credential = __commonJS({
throw new Error("Method should be implemented in children classes.");
}
};
exports2.Credential = Credential;
exports2.Credential = Credential2;
}
});
@@ -64335,7 +64335,7 @@ var require_Credential2 = __commonJS({
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.Credential = void 0;
var Credential = class {
var Credential2 = class {
/**
* Creates a RequestPolicy object.
*
@@ -64346,7 +64346,7 @@ var require_Credential2 = __commonJS({
throw new Error("Method should be implemented in children classes.");
}
};
exports2.Credential = Credential;
exports2.Credential = Credential2;
}
});
@@ -120116,6 +120116,25 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/json/index.ts
function parseString(data) {
return JSON.parse(data);
}
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isArray(value) {
return Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
function isStringOrUndefined(value) {
return value === void 0 || isString(value);
}
// src/util.ts
var GITHUB_DOTCOM_URL = "https://github.com";
var MINIMUM_CGROUP_MEMORY_LIMIT_BYTES = 1024 * 1024;
function parseGitHubUrl(inputUrl) {
@@ -120163,7 +120182,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -121221,6 +121240,95 @@ var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {
return KnownLanguage2;
})(KnownLanguage || {});
// src/start-proxy/types.ts
function hasUsername(config) {
return "username" in config;
}
function isUsernamePassword(config) {
return hasUsername(config) && "password" in config;
}
function isToken(config) {
if ("username" in config && !isStringOrUndefined(config.username)) {
return false;
}
return "token" in config && isStringOrUndefined(config.token);
}
function isAzureConfig(config) {
return "tenant_id" in config && "client_id" in config && isDefined2(config.tenant_id) && isDefined2(config.client_id) && isString(config.tenant_id) && isString(config.client_id);
}
function isAWSConfig(config) {
const requiredProperties = [
"aws_region",
"account_id",
"role_name",
"domain",
"domain_owner"
];
for (const property of requiredProperties) {
if (!(property in config) || !isDefined2(config[property]) || !isString(config[property])) {
return false;
}
}
if ("audience" in config && !isStringOrUndefined(config.audience)) {
return false;
}
return true;
}
function isJFrogConfig(config) {
if ("audience" in config && !isStringOrUndefined(config.audience)) {
return false;
}
if ("identity_mapping_name" in config && !isStringOrUndefined(config.identity_mapping_name)) {
return false;
}
return "jfrog_oidc_provider_name" in config && isDefined2(config.jfrog_oidc_provider_name) && isString(config.jfrog_oidc_provider_name);
}
function credentialToStr(credential) {
let result = `Type: ${credential.type};`;
const appendIfDefined = (name, val) => {
if (isDefined2(val)) {
result += ` ${name}: ${val};`;
}
};
appendIfDefined("Url", credential.url);
appendIfDefined("Host", credential.host);
if (hasUsername(credential)) {
appendIfDefined("Username", credential.username);
}
if ("password" in credential) {
appendIfDefined(
"Password",
isDefined2(credential.password) ? "***" : void 0
);
}
if (isToken(credential)) {
appendIfDefined("Token", isDefined2(credential.token) ? "***" : void 0);
}
if (isAzureConfig(credential)) {
appendIfDefined("Tenant", credential.tenant_id);
appendIfDefined("Client", credential.client_id);
} else if (isAWSConfig(credential)) {
appendIfDefined("AWS Region", credential.aws_region);
appendIfDefined("AWS Account", credential.account_id);
appendIfDefined("AWS Role", credential.role_name);
appendIfDefined("AWS Domain", credential.domain);
appendIfDefined("AWS Domain Owner", credential.domain_owner);
appendIfDefined("AWS Audience", credential.audience);
} else if (isJFrogConfig(credential)) {
appendIfDefined("JFrog Provider", credential.jfrog_oidc_provider_name);
appendIfDefined("JFrog Identity Mapping", credential.identity_mapping_name);
appendIfDefined("JFrog Audience", credential.audience);
}
return result;
}
function getAddressString(address) {
if (address.url === void 0) {
return address.host;
} else {
return address.url;
}
}
// src/status-report.ts
var os = __toESM(require("os"));
var core9 = __toESM(require_core());
@@ -121491,15 +121599,6 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error
}
}
// src/start-proxy/types.ts
function getAddressString(address) {
if (address.url === void 0) {
return address.host;
} else {
return address.url;
}
}
// src/start-proxy.ts
function getStartProxyErrorMessage(errorType) {
switch (errorType) {
@@ -121610,12 +121709,12 @@ var NEW_LANGUAGE_TO_REGISTRY_TYPE = {
go: ["goproxy_server", "git_source"]
};
function getRegistryAddress(registry) {
if (isDefined2(registry.url)) {
if (isDefined2(registry.url) && isString(registry.url) && isStringOrUndefined(registry.host)) {
return {
url: registry.url,
host: registry.host
};
} else if (isDefined2(registry.host)) {
} else if (isDefined2(registry.host) && isString(registry.host)) {
return {
url: void 0,
host: registry.host
@@ -121626,6 +121725,48 @@ function getRegistryAddress(registry) {
);
}
}
function getAuthConfig(config) {
if (isAzureConfig(config)) {
return {
tenant_id: config.tenant_id,
client_id: config.client_id
};
} else if (isAWSConfig(config)) {
return {
aws_region: config.aws_region,
account_id: config.account_id,
role_name: config.role_name,
domain: config.domain,
domain_owner: config.domain_owner,
audience: config.audience
};
} else if (isJFrogConfig(config)) {
return {
jfrog_oidc_provider_name: config.jfrog_oidc_provider_name,
identity_mapping_name: config.identity_mapping_name,
audience: config.audience
};
} else if (isToken(config)) {
if (isDefined2(config.token)) {
core10.setSecret(config.token);
}
return { username: config.username, token: config.token };
} else {
let username = void 0;
let password = void 0;
if ("password" in config && isString(config.password)) {
core10.setSecret(config.password);
password = config.password;
}
if ("username" in config && isString(config.username)) {
username = config.username;
}
return {
username,
password
};
}
}
function getCredentials(logger, registrySecrets, registriesCredentials, language, skipUnusedRegistries = false) {
const registryMapping = skipUnusedRegistries ? NEW_LANGUAGE_TO_REGISTRY_TYPE : LANGUAGE_TO_REGISTRY_TYPE;
const registryTypeForLanguage = language ? registryMapping[language] : void 0;
@@ -121642,30 +121783,25 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
}
let parsed;
try {
parsed = JSON.parse(credentialsStr);
parsed = parseString(credentialsStr);
} catch {
logger.error("Failed to parse the credentials data.");
throw new ConfigurationError("Invalid credentials format.");
}
if (!Array.isArray(parsed)) {
if (!isArray(parsed)) {
throw new ConfigurationError(
"Expected credentials data to be an array of configurations, but it is not."
);
}
const out = [];
for (const e of parsed) {
if (e === null || typeof e !== "object") {
if (e === null || !isObject2(e)) {
throw new ConfigurationError("Invalid credentials - must be an object");
}
if (!isDefined2(e.type)) {
if (!isDefined2(e.type) || !isString(e.type)) {
throw new ConfigurationError("Invalid credentials - must have a type");
}
if (isDefined2(e.password)) {
core10.setSecret(e.password);
}
if (isDefined2(e.token)) {
core10.setSecret(e.token);
}
const authConfig = getAuthConfig(e);
const address = getRegistryAddress(e);
if (registryTypeForLanguage && !registryTypeForLanguage.some((t) => t === e.type)) {
continue;
@@ -121673,21 +121809,22 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
const isPrintable2 = (str2) => {
return str2 ? /^[\x20-\x7E]*$/.test(str2) : true;
};
if (!isPrintable2(e.type) || !isPrintable2(e.host) || !isPrintable2(e.url) || !isPrintable2(e.username) || !isPrintable2(e.password) || !isPrintable2(e.token)) {
throw new ConfigurationError(
"Invalid credentials - fields must contain only printable characters"
);
for (const key of Object.keys(e)) {
const val = e[key];
if (typeof val === "string" && !isPrintable2(val)) {
throw new ConfigurationError(
"Invalid credentials - fields must contain only printable characters"
);
}
}
if (!isDefined2(e.username) && (isDefined2(e.password) && isPAT(e.password) || isDefined2(e.token) && isPAT(e.token))) {
if ((!hasUsername(authConfig) || !isDefined2(authConfig.username)) && isUsernamePassword(authConfig) && isDefined2(authConfig.password) && isPAT(authConfig.password) || isToken(authConfig) && isDefined2(authConfig.token) && isPAT(authConfig.token)) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. This may not work correctly. When configuring a private registry using a PAT, select "Username and password" and enter the username of the user who generated the PAT.`
);
}
out.push({
type: e.type,
username: e.username,
password: e.password,
token: e.token,
...authConfig,
...address
});
}
@@ -121749,9 +121886,6 @@ async function getDownloadUrl(logger, features) {
version: UPDATEJOB_PROXY_VERSION
};
}
function credentialToStr(c) {
return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== void 0}; Token: ${c.token !== void 0}`;
}
async function downloadProxy(logger, url, authorization) {
try {
return toolcache.downloadTool(

34
lib/upload-lib.js generated
View File

@@ -53287,8 +53287,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -57774,7 +57774,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -57821,7 +57821,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url2.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -105806,6 +105806,16 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -105889,7 +105899,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -109995,7 +110005,7 @@ function locationUpdateCallback(result, location, logger) {
}
function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!location.uri && location.index !== void 0) {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || typeof artifacts[location.index].location !== "object") {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || !isObject2(artifacts[location.index].location)) {
logger.debug(`Ignoring location as index "${location.index}" is invalid`);
return void 0;
}

65
lib/upload-sarif-action-post.js generated
View File

@@ -55500,8 +55500,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -59987,7 +59987,7 @@ var require_commonjs6 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -60034,7 +60034,7 @@ var require_commonjs6 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID() {
@@ -97776,10 +97776,10 @@ var require_util19 = __commonJS({
return typeof arg === "number";
}
exports2.isNumber = isNumber;
function isString(arg) {
function isString2(arg) {
return typeof arg === "string";
}
exports2.isString = isString;
exports2.isString = isString2;
function isSymbol(arg) {
return typeof arg === "symbol";
}
@@ -97792,10 +97792,10 @@ var require_util19 = __commonJS({
return objectToString(re) === "[object RegExp]";
}
exports2.isRegExp = isRegExp;
function isObject2(arg) {
function isObject3(arg) {
return typeof arg === "object" && arg !== null;
}
exports2.isObject = isObject2;
exports2.isObject = isObject3;
function isDate(d) {
return objectToString(d) === "[object Date]";
}
@@ -99837,11 +99837,11 @@ var require_baseGetTag = __commonJS({
// node_modules/lodash/isObject.js
var require_isObject = __commonJS({
"node_modules/lodash/isObject.js"(exports2, module2) {
function isObject2(value) {
function isObject3(value) {
var type2 = typeof value;
return value != null && (type2 == "object" || type2 == "function");
}
module2.exports = isObject2;
module2.exports = isObject3;
}
});
@@ -99849,13 +99849,13 @@ var require_isObject = __commonJS({
var require_isFunction = __commonJS({
"node_modules/lodash/isFunction.js"(exports2, module2) {
var baseGetTag = require_baseGetTag();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var asyncTag = "[object AsyncFunction]";
var funcTag = "[object Function]";
var genTag = "[object GeneratorFunction]";
var proxyTag = "[object Proxy]";
function isFunction(value) {
if (!isObject2(value)) {
if (!isObject3(value)) {
return false;
}
var tag = baseGetTag(value);
@@ -99916,7 +99916,7 @@ var require_baseIsNative = __commonJS({
"node_modules/lodash/_baseIsNative.js"(exports2, module2) {
var isFunction = require_isFunction();
var isMasked = require_isMasked();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var toSource = require_toSource();
var reRegExpChar = /[\\^$.*+?()[\]{}|]/g;
var reIsHostCtor = /^\[object .+?Constructor\]$/;
@@ -99928,7 +99928,7 @@ var require_baseIsNative = __commonJS({
"^" + funcToString.call(hasOwnProperty).replace(reRegExpChar, "\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, "$1.*?") + "$"
);
function baseIsNative(value) {
if (!isObject2(value) || isMasked(value)) {
if (!isObject3(value) || isMasked(value)) {
return false;
}
var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
@@ -100096,9 +100096,9 @@ var require_isIterateeCall = __commonJS({
var eq = require_eq2();
var isArrayLike = require_isArrayLike();
var isIndex = require_isIndex();
var isObject2 = require_isObject();
var isObject3 = require_isObject();
function isIterateeCall(value, index, object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return false;
}
var type2 = typeof index;
@@ -100343,13 +100343,13 @@ var require_nativeKeysIn = __commonJS({
// node_modules/lodash/_baseKeysIn.js
var require_baseKeysIn = __commonJS({
"node_modules/lodash/_baseKeysIn.js"(exports2, module2) {
var isObject2 = require_isObject();
var isObject3 = require_isObject();
var isPrototype = require_isPrototype();
var nativeKeysIn = require_nativeKeysIn();
var objectProto = Object.prototype;
var hasOwnProperty = objectProto.hasOwnProperty;
function baseKeysIn(object) {
if (!isObject2(object)) {
if (!isObject3(object)) {
return nativeKeysIn(object);
}
var isProto = isPrototype(object), result = [];
@@ -100841,7 +100841,7 @@ var require_event_target_shim = __commonJS({
var CAPTURE = 1;
var BUBBLE = 2;
var ATTRIBUTE = 3;
function isObject2(x) {
function isObject3(x) {
return x !== null && typeof x === "object";
}
function getListeners(eventTarget) {
@@ -100867,7 +100867,7 @@ var require_event_target_shim = __commonJS({
return null;
},
set(listener) {
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
listener = null;
}
const listeners = getListeners(this);
@@ -100958,11 +100958,11 @@ var require_event_target_shim = __commonJS({
if (listener == null) {
return;
}
if (typeof listener !== "function" && !isObject2(listener)) {
if (typeof listener !== "function" && !isObject3(listener)) {
throw new TypeError("'listener' should be a function or an object.");
}
const listeners = getListeners(this);
const optionsIsObj = isObject2(options);
const optionsIsObj = isObject3(options);
const capture = optionsIsObj ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
const newNode = {
@@ -100999,7 +100999,7 @@ var require_event_target_shim = __commonJS({
return;
}
const listeners = getListeners(this);
const capture = isObject2(options) ? Boolean(options.capture) : Boolean(options);
const capture = isObject3(options) ? Boolean(options.capture) : Boolean(options);
const listenerType = capture ? CAPTURE : BUBBLE;
let prev = null;
let node = listeners.get(eventName);
@@ -157941,7 +157941,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -158196,7 +158196,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -158212,7 +158212,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -158239,7 +158239,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -158311,11 +158311,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -160993,6 +160993,11 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.21";
var minimumVersion = "3.14";
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
// src/util.ts
var GITHUB_DOTCOM_URL = "https://github.com";
var MINIMUM_CGROUP_MEMORY_LIMIT_BYTES = 1024 * 1024;
@@ -162018,7 +162023,7 @@ function getArtifactSuffix(matrix) {
if (matrix) {
try {
const matrixObject = JSON.parse(matrix);
if (matrixObject !== null && typeof matrixObject === "object") {
if (isObject2(matrixObject)) {
for (const matrixKey of Object.keys(matrixObject).sort())
suffix += `-${matrixObject[matrixKey]}`;
} else {

34
lib/upload-sarif-action.js generated
View File

@@ -51990,8 +51990,8 @@ var require_object = __commonJS({
"node_modules/@typespec/ts-http-runtime/dist/commonjs/util/object.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isObject = isObject2;
function isObject2(input) {
exports2.isObject = isObject3;
function isObject3(input) {
return typeof input === "object" && input !== null && !Array.isArray(input) && !(input instanceof RegExp) && !(input instanceof Date);
}
}
@@ -56477,7 +56477,7 @@ var require_commonjs4 = __commonJS({
exports2.computeSha256Hmac = computeSha256Hmac;
exports2.getRandomIntegerInclusive = getRandomIntegerInclusive;
exports2.isError = isError;
exports2.isObject = isObject2;
exports2.isObject = isObject3;
exports2.randomUUID = randomUUID2;
exports2.uint8ArrayToString = uint8ArrayToString;
exports2.stringToUint8Array = stringToUint8Array;
@@ -56524,7 +56524,7 @@ var require_commonjs4 = __commonJS({
function isError(e) {
return tspRuntime.isError(e);
}
function isObject2(input) {
function isObject3(input) {
return tspRuntime.isObject(input);
}
function randomUUID2() {
@@ -99833,7 +99833,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString(data) && !isBuffer(data)) {
if (!isString2(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100088,7 +100088,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString(input)) {
} else if (isString2(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100104,7 +100104,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString(options.host) && !isString(options.hostname)) {
if (!isString2(options.host) && !isString2(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100131,7 +100131,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url2.parse(input));
if (!isString(parsed.protocol)) {
if (!isString2(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100203,11 +100203,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString(subdomain) && isString(domain));
assert(isString2(subdomain) && isString2(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString(value) {
function isString2(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -105781,6 +105781,16 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/json/index.ts
function isObject2(value) {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
function isString(value) {
return typeof value === "string";
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -105871,7 +105881,7 @@ var HTTPError = class extends Error {
var ConfigurationError = class extends Error {
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
if (!isObject2(arg) || !isString(arg.message)) {
return void 0;
}
if (Number.isInteger(arg.status)) {
@@ -110658,7 +110668,7 @@ function locationUpdateCallback(result, location, logger) {
}
function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!location.uri && location.index !== void 0) {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || typeof artifacts[location.index].location !== "object") {
if (typeof location.index !== "number" || location.index < 0 || location.index >= artifacts.length || !isObject2(artifacts[location.index].location)) {
logger.debug(`Ignoring location as index "${location.index}" is invalid`);
return void 0;
}

3
src/debug-artifacts.ts
View File

@@ -12,6 +12,7 @@ import { scanArtifactsForTokens } from "./artifact-scanner";
import { type CodeQL } from "./codeql";
import { Config } from "./config-utils";
import { EnvVar } from "./environment";
import * as json from "./json";
import { Language } from "./languages";
import { Logger, withGroup } from "./logging";
import {
@@ -261,7 +262,7 @@ export function getArtifactSuffix(matrix: string | undefined): string {
if (matrix) {
try {
const matrixObject = JSON.parse(matrix);
if (matrixObject !== null && typeof matrixObject === "object") {
if (json.isObject(matrixObject)) {
for (const matrixKey of Object.keys(matrixObject as object).sort())
suffix += `-${matrixObject[matrixKey]}`;
} else {

3
src/fingerprints.ts
View File

@@ -4,6 +4,7 @@ import path from "path";
import Long from "long";
import { DocUrl } from "./doc-url";
import * as json from "./json";
import { Logger } from "./logging";
import type * as sarif from "./sarif";
@@ -189,7 +190,7 @@ export function resolveUriToFile(
typeof location.index !== "number" ||
location.index < 0 ||
location.index >= artifacts.length ||
typeof artifacts[location.index].location !== "object"
!json.isObject(artifacts[location.index].location)
) {
logger.debug(`Ignoring location as index "${location.index}" is invalid`);
return undefined;

38
src/json/index.ts Normal file
View File

@@ -0,0 +1,38 @@
/**
* Represents a value we have obtained from parsing JSON which we know is an object,
* and expect to be of some type `T` which has not yet been validated.
*/
export type UnvalidatedObject<T> = { [P in keyof T]?: unknown };
/** Represents a value we have obtained from parsing JSON which we know is an array. */
export type UnvalidatedArray = unknown[];
/**
* Attempts to parse `data` as JSON. This function does not perform any validation and will therefore
* return a value of an `unknown` type if successful. Throws if `data` is not valid JSON.
*/
export function parseString(data: string): unknown {
return JSON.parse(data) as unknown;
}
/** Asserts that `value` is an object, which is not yet validated, but expected to be of type `T`. */
export function isObject<T>(value: unknown): value is UnvalidatedObject<T> {
return typeof value === "object" && value !== null && !Array.isArray(value);
}
/** Asserts that `value` is an array, which is not yet validated. */
export function isArray(value: unknown): value is UnvalidatedArray {
return Array.isArray(value);
}
/** Asserts that `value` is a string. */
export function isString(value: unknown): value is string {
return typeof value === "string";
}
/** Asserts that `value` is either a string or undefined. */
export function isStringOrUndefined(
value: unknown,
): value is string | undefined {
return value === undefined || isString(value);
}

4
src/overlay/status.ts
View File

@@ -19,6 +19,7 @@ import {
getWorkflowRunID,
} from "../actions-util";
import { type CodeQL } from "../codeql";
import * as json from "../json";
import { Logger } from "../logging";
import {
DiskUsage,
@@ -149,8 +150,7 @@ export async function getOverlayStatus(
const contents = await fs.promises.readFile(statusFile, "utf-8");
const parsed: unknown = JSON.parse(contents);
if (
typeof parsed !== "object" ||
parsed === null ||
!json.isObject<OverlayStatus>(parsed) ||
typeof parsed["attemptedToBuildOverlayBaseDatabase"] !== "boolean" ||
typeof parsed["builtOverlayBaseDatabase"] !== "boolean"
) {

592
src/start-proxy.test.ts
View File

@@ -124,125 +124,110 @@ const mixedCredentials = [
{ type: "git_source", host: "github.com/github", token: "mno" },
];
test.serial(
"getCredentials prefers registriesCredentials over registrySecrets",
async (t) => {
const registryCredentials = Buffer.from(
JSON.stringify([
{ type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
]),
).toString("base64");
const registrySecrets = JSON.stringify([
{ type: "npm_registry", host: "registry.npmjs.org", token: "def" },
]);
test("getCredentials prefers registriesCredentials over registrySecrets", async (t) => {
const registryCredentials = Buffer.from(
JSON.stringify([
{ type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
]),
).toString("base64");
const registrySecrets = JSON.stringify([
{ type: "npm_registry", host: "registry.npmjs.org", token: "def" },
]);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
registrySecrets,
registryCredentials,
undefined,
);
t.is(credentials.length, 1);
t.is(credentials[0].host, "npm.pkg.github.com");
},
);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
registrySecrets,
registryCredentials,
undefined,
);
t.is(credentials.length, 1);
t.is(credentials[0].host, "npm.pkg.github.com");
});
test.serial(
"getCredentials throws an error when configurations are not an array",
async (t) => {
const registryCredentials = Buffer.from(
JSON.stringify({ type: "npm_registry", token: "abc" }),
).toString("base64");
test("getCredentials throws an error when configurations are not an array", async (t) => {
const registryCredentials = Buffer.from(
JSON.stringify({ type: "npm_registry", token: "abc" }),
).toString("base64");
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
registryCredentials,
undefined,
),
{
message:
"Expected credentials data to be an array of configurations, but it is not.",
},
);
});
test("getCredentials throws error when credential is not an object", async (t) => {
const testCredentials = [["foo"], [null]].map(toEncodedJSON);
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
registryCredentials,
testCredential,
undefined,
),
{
message:
"Expected credentials data to be an array of configurations, but it is not.",
message: "Invalid credentials - must be an object",
},
);
},
);
}
});
test.serial(
"getCredentials throws error when credential is not an object",
async (t) => {
const testCredentials = [["foo"], [null]].map(toEncodedJSON);
test("getCredentials throws error when credential is missing type", async (t) => {
const testCredentials = [[{ token: "abc", url: "https://localhost" }]].map(
toEncodedJSON,
);
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
testCredential,
undefined,
),
{
message: "Invalid credentials - must be an object",
},
);
}
},
);
test.serial(
"getCredentials throws error when credential is missing type",
async (t) => {
const testCredentials = [[{ token: "abc", url: "https://localhost" }]].map(
toEncodedJSON,
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
testCredential,
undefined,
),
{
message: "Invalid credentials - must have a type",
},
);
}
});
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
testCredential,
undefined,
),
{
message: "Invalid credentials - must have a type",
},
);
}
},
);
test("getCredentials throws error when credential missing host and url", async (t) => {
const testCredentials = [
[{ type: "npm_registry", token: "abc" }],
[{ type: "npm_registry", token: "abc", host: null }],
[{ type: "npm_registry", token: "abc", url: null }],
].map(toEncodedJSON);
test.serial(
"getCredentials throws error when credential missing host and url",
async (t) => {
const testCredentials = [
[{ type: "npm_registry", token: "abc" }],
[{ type: "npm_registry", token: "abc", host: null }],
[{ type: "npm_registry", token: "abc", url: null }],
].map(toEncodedJSON);
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
testCredential,
undefined,
),
{
message: "Invalid credentials - must specify host or url",
},
);
}
});
for (const testCredential of testCredentials) {
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
testCredential,
undefined,
),
{
message: "Invalid credentials - must specify host or url",
},
);
}
},
);
test.serial("getCredentials filters by language when specified", async (t) => {
test("getCredentials filters by language when specified", async (t) => {
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
@@ -253,145 +238,270 @@ test.serial("getCredentials filters by language when specified", async (t) => {
t.is(credentials[0].type, "maven_repository");
});
test.serial(
"getCredentials returns all for a language when specified",
async (t) => {
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
toEncodedJSON(mixedCredentials),
KnownLanguage.go,
);
t.is(credentials.length, 2);
test("getCredentials returns all for a language when specified", async (t) => {
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
toEncodedJSON(mixedCredentials),
KnownLanguage.go,
);
t.is(credentials.length, 2);
const credentialsTypes = credentials.map((c) => c.type);
t.assert(credentialsTypes.includes("goproxy_server"));
t.assert(credentialsTypes.includes("git_source"));
},
);
const credentialsTypes = credentials.map((c) => c.type);
t.assert(credentialsTypes.includes("goproxy_server"));
t.assert(credentialsTypes.includes("git_source"));
});
test.serial(
"getCredentials returns all credentials when no language specified",
async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
test("getCredentials returns all credentials when no language specified", async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
);
t.is(credentials.length, mixedCredentials.length);
},
);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
);
t.is(credentials.length, mixedCredentials.length);
});
test.serial(
"getCredentials throws an error when non-printable characters are used",
async (t) => {
const invalidCredentials = [
{ type: "nuget_feed", host: "1nuget.pkg.github.com", token: "abc\u0000" }, // Non-printable character in token
{ type: "nuget_feed", host: "2nuget.pkg.github.com\u0001" }, // Non-printable character in host
test("getCredentials throws an error when non-printable characters are used", async (t) => {
const invalidCredentials: startProxyExports.RawCredential[] = [
{ type: "nuget_feed", host: "1nuget.pkg.github.com", token: "abc\u0000" }, // Non-printable character in token
{ type: "nuget_feed", host: "2nuget.pkg.github.com\u0001" }, // Non-printable character in host
{
type: "nuget_feed",
host: "3nuget.pkg.github.com",
password: "ghi\u0002",
}, // Non-printable character in password
{
type: "nuget_feed",
host: "4nuget.pkg.github.com",
token: "ghi\x00",
}, // Non-printable character in token
];
for (const invalidCredential of invalidCredentials) {
const credentialsInput = toEncodedJSON([invalidCredential]);
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
),
{
type: "nuget_feed",
host: "3nuget.pkg.github.com",
password: "ghi\u0002",
}, // Non-printable character in password
{
type: "nuget_feed",
host: "4nuget.pkg.github.com",
password: "ghi\x00",
}, // Non-printable character in password
];
for (const invalidCredential of invalidCredentials) {
const credentialsInput = Buffer.from(
JSON.stringify([invalidCredential]),
).toString("base64");
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
),
{
message:
"Invalid credentials - fields must contain only printable characters",
},
);
}
},
);
test.serial(
"getCredentials logs a warning when a PAT is used without a username",
async (t) => {
const loggedMessages = [];
const logger = getRecordingLogger(loggedMessages);
const likelyWrongCredentials = toEncodedJSON([
{
type: "git_server",
host: "https://github.com/",
password: `ghp_${makeTestToken()}`,
message:
"Invalid credentials - fields must contain only printable characters",
},
]);
const results = startProxyExports.getCredentials(
logger,
undefined,
likelyWrongCredentials,
undefined,
);
}
});
// The configuration should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
const validAzureCredential: startProxyExports.AzureConfig = {
tenant_id: "12345678-1234-1234-1234-123456789012",
client_id: "abcdef01-2345-6789-abcd-ef0123456789",
};
const validAwsCredential: startProxyExports.AWSConfig = {
aws_region: "us-east-1",
account_id: "123456789012",
role_name: "MY_ROLE",
domain: "MY_DOMAIN",
domain_owner: "987654321098",
audience: "custom-audience",
};
const validJFrogCredential: startProxyExports.JFrogConfig = {
jfrog_oidc_provider_name: "MY_PROVIDER",
audience: "jfrog-audience",
identity_mapping_name: "my-mapping",
};
test("getCredentials throws an error when non-printable characters are used for Azure OIDC", (t) => {
for (const key of Object.keys(validAzureCredential)) {
const invalidAzureCredential = {
...validAzureCredential,
[key]: "123\x00",
};
const invalidCredential: startProxyExports.RawCredential = {
type: "nuget_feed",
host: `${key}.nuget.pkg.github.com`,
...invalidAzureCredential,
};
const credentialsInput = toEncodedJSON([invalidCredential]);
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
),
{
message:
"Invalid credentials - fields must contain only printable characters",
},
);
}
});
test("getCredentials throws an error when non-printable characters are used for AWS OIDC", (t) => {
for (const key of Object.keys(validAwsCredential)) {
const invalidAwsCredential = {
...validAwsCredential,
[key]: "123\x00",
};
const invalidCredential: startProxyExports.RawCredential = {
type: "nuget_feed",
host: `${key}.nuget.pkg.github.com`,
...invalidAwsCredential,
};
const credentialsInput = toEncodedJSON([invalidCredential]);
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
),
{
message:
"Invalid credentials - fields must contain only printable characters",
},
);
}
});
test("getCredentials throws an error when non-printable characters are used for JFrog OIDC", (t) => {
for (const key of Object.keys(validJFrogCredential)) {
const invalidJFrogCredential = {
...validJFrogCredential,
[key]: "123\x00",
};
const invalidCredential: startProxyExports.RawCredential = {
type: "nuget_feed",
host: `${key}.nuget.pkg.github.com`,
...invalidJFrogCredential,
};
const credentialsInput = toEncodedJSON([invalidCredential]);
t.throws(
() =>
startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
undefined,
),
{
message:
"Invalid credentials - fields must contain only printable characters",
},
);
}
});
test("getCredentials accepts OIDC configurations", (t) => {
const oidcConfigurations = [
{
type: "nuget_feed",
host: "azure.pkg.github.com",
...validAzureCredential,
},
{
type: "nuget_feed",
host: "aws.pkg.github.com",
...validAwsCredential,
},
{
type: "nuget_feed",
host: "jfrog.pkg.github.com",
...validJFrogCredential,
},
];
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
toEncodedJSON(oidcConfigurations),
KnownLanguage.csharp,
);
t.is(credentials.length, 3);
t.assert(credentials.every((c) => c.type === "nuget_feed"));
t.assert(credentials.some((c) => startProxyExports.isAzureConfig(c)));
t.assert(credentials.some((c) => startProxyExports.isAWSConfig(c)));
t.assert(credentials.some((c) => startProxyExports.isJFrogConfig(c)));
});
test("getCredentials logs a warning when a PAT is used without a username", async (t) => {
const loggedMessages = [];
const logger = getRecordingLogger(loggedMessages);
const likelyWrongCredentials = toEncodedJSON([
{
type: "git_server",
host: "https://github.com/",
password: `ghp_${makeTestToken()}`,
},
]);
const results = startProxyExports.getCredentials(
logger,
undefined,
likelyWrongCredentials,
undefined,
);
// The configuration should be accepted, despite the likely problem.
t.assert(results);
t.is(results.length, 1);
t.is(results[0].type, "git_server");
t.is(results[0].host, "https://github.com/");
if (startProxyExports.isUsernamePassword(results[0])) {
t.assert(results[0].password?.startsWith("ghp_"));
} else {
t.fail("Expected a `UsernamePassword`-based credential.");
}
// A warning should have been logged.
checkExpectedLogMessages(t, loggedMessages, [
"using a GitHub Personal Access Token (PAT), but no username was provided",
]);
},
);
// A warning should have been logged.
checkExpectedLogMessages(t, loggedMessages, [
"using a GitHub Personal Access Token (PAT), but no username was provided",
]);
});
test.serial(
"getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE",
async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
test("getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE", async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
KnownLanguage.actions,
false,
);
t.is(credentials.length, mixedCredentials.length);
},
);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
KnownLanguage.actions,
false,
);
t.is(credentials.length, mixedCredentials.length);
});
test.serial(
"getCredentials returns no credentials for Actions when using NEW_LANGUAGE_TO_REGISTRY_TYPE",
async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
test("getCredentials returns no credentials for Actions when using NEW_LANGUAGE_TO_REGISTRY_TYPE", async (t) => {
const credentialsInput = toEncodedJSON(mixedCredentials);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
KnownLanguage.actions,
true,
);
t.deepEqual(credentials, []);
},
);
const credentials = startProxyExports.getCredentials(
getRunnerLogger(true),
undefined,
credentialsInput,
KnownLanguage.actions,
true,
);
t.deepEqual(credentials, []);
});
test.serial("parseLanguage", async (t) => {
test("parseLanguage", async (t) => {
// Exact matches
t.deepEqual(parseLanguage("csharp"), KnownLanguage.csharp);
t.deepEqual(parseLanguage("cpp"), KnownLanguage.cpp);
@@ -524,40 +634,6 @@ test.serial("getDownloadUrl returns matching release asset", async (t) => {
});
});
test.serial("credentialToStr - hides passwords", (t) => {
const secret = "password123";
const credential = {
type: "maven_credential",
password: secret,
url: "https://localhost",
};
const str = startProxyExports.credentialToStr(credential);
t.false(str.includes(secret));
t.is(
"Type: maven_credential; Host: undefined; Url: https://localhost Username: undefined; Password: true; Token: false",
str,
);
});
test.serial("credentialToStr - hides tokens", (t) => {
const secret = "password123";
const credential = {
type: "maven_credential",
token: secret,
url: "https://localhost",
};
const str = startProxyExports.credentialToStr(credential);
t.false(str.includes(secret));
t.is(
"Type: maven_credential; Host: undefined; Url: https://localhost Username: undefined; Password: false; Token: true",
str,
);
});
test.serial(
"getSafeErrorMessage - returns actual message for `StartProxyError`",
(t) => {

158
src/start-proxy.ts
View File

@@ -17,13 +17,26 @@ import {
Feature,
FeatureEnablement,
} from "./feature-flags";
import * as json from "./json";
import { KnownLanguage } from "./languages";
import { Logger } from "./logging";
import {
Address,
RawCredential,
Registry,
Credential,
AuthConfig,
isToken,
isAzureConfig,
Token,
UsernamePassword,
AzureConfig,
isAWSConfig,
AWSConfig,
isJFrogConfig,
JFrogConfig,
isUsernamePassword,
hasUsername,
RawCredential,
} from "./start-proxy/types";
import {
ActionName,
@@ -255,13 +268,19 @@ const NEW_LANGUAGE_TO_REGISTRY_TYPE: Required<RegistryMapping> = {
*
* @throws A `ConfigurationError` if the `Registry` value contains neither a `url` or `host` field.
*/
function getRegistryAddress(registry: Partial<Registry>): Address {
if (isDefined(registry.url)) {
function getRegistryAddress(
registry: json.UnvalidatedObject<Registry>,
): Address {
if (
isDefined(registry.url) &&
json.isString(registry.url) &&
json.isStringOrUndefined(registry.host)
) {
return {
url: registry.url,
host: registry.host,
};
} else if (isDefined(registry.host)) {
} else if (isDefined(registry.host) && json.isString(registry.host)) {
return {
url: undefined,
host: registry.host,
@@ -274,6 +293,75 @@ function getRegistryAddress(registry: Partial<Registry>): Address {
}
}
/** Extracts an `AuthConfig` value from `config`. */
export function getAuthConfig(
config: json.UnvalidatedObject<AuthConfig>,
): AuthConfig {
// Start by checking for the OIDC configurations, since they have required properties
// which we can use to identify them.
if (isAzureConfig(config)) {
return {
tenant_id: config.tenant_id,
client_id: config.client_id,
} satisfies AzureConfig;
} else if (isAWSConfig(config)) {
return {
aws_region: config.aws_region,
account_id: config.account_id,
role_name: config.role_name,
domain: config.domain,
domain_owner: config.domain_owner,
audience: config.audience,
} satisfies AWSConfig;
} else if (isJFrogConfig(config)) {
return {
jfrog_oidc_provider_name: config.jfrog_oidc_provider_name,
identity_mapping_name: config.identity_mapping_name,
audience: config.audience,
} satisfies JFrogConfig;
} else if (isToken(config)) {
// There are three scenarios for non-OIDC authentication based on the registry type:
//
// 1. `username`+`token`
// 2. A `token` that combines the username and actual token, separated by ':'.
// 3. `username`+`password`
//
// In all three cases, all fields are optional. If the `token` field is present,
// we accept the configuration as a `Token` typed configuration, with the `token`
// value and an optional `username`. Otherwise, we accept the configuration
// typed as `UsernamePassword` (in the `else` clause below) with optional
// username and password. I.e. a private registry type that uses 1. or 2.,
// but has no `token` configured, will get accepted as `UsernamePassword` here.
if (isDefined(config.token)) {
// Mask token to reduce chance of accidental leakage in logs, if we have one.
core.setSecret(config.token);
}
return { username: config.username, token: config.token } satisfies Token;
} else {
let username: string | undefined = undefined;
let password: string | undefined = undefined;
// Both "username" and "password" are optional. If we have reached this point, we need
// to validate which of them are present and that they have the correct type if so.
if ("password" in config && json.isString(config.password)) {
// Mask password to reduce chance of accidental leakage in logs, if we have one.
core.setSecret(config.password);
password = config.password;
}
if ("username" in config && json.isString(config.username)) {
username = config.username;
}
// Return the `UsernamePassword` object. Both username and password may be undefined.
return {
username,
password,
} satisfies UsernamePassword;
}
}
// getCredentials returns registry credentials from action inputs.
// It prefers `registries_credentials` over `registry_secrets`.
// If neither is set, it returns an empty array.
@@ -304,9 +392,9 @@ export function getCredentials(
}
// Parse and validate the credentials
let parsed: RawCredential[];
let parsed: unknown;
try {
parsed = JSON.parse(credentialsStr) as RawCredential[];
parsed = json.parseString(credentialsStr);
} catch {
// Don't log the error since it might contain sensitive information.
logger.error("Failed to parse the credentials data.");
@@ -314,7 +402,7 @@ export function getCredentials(
}
// Check that the parsed data is indeed an array.
if (!Array.isArray(parsed)) {
if (!json.isArray(parsed)) {
throw new ConfigurationError(
"Expected credentials data to be an array of configurations, but it is not.",
);
@@ -322,23 +410,17 @@ export function getCredentials(
const out: Credential[] = [];
for (const e of parsed) {
if (e === null || typeof e !== "object") {
if (e === null || !json.isObject<RawCredential>(e)) {
throw new ConfigurationError("Invalid credentials - must be an object");
}
// The configuration must have a type.
if (!isDefined(e.type)) {
if (!isDefined(e.type) || !json.isString(e.type)) {
throw new ConfigurationError("Invalid credentials - must have a type");
}
// Mask credentials to reduce chance of accidental leakage in logs.
if (isDefined(e.password)) {
core.setSecret(e.password);
}
if (isDefined(e.token)) {
core.setSecret(e.token);
}
const authConfig = getAuthConfig(e);
const address = getRegistryAddress(e);
// Filter credentials based on language if specified. `type` is the registry type.
@@ -354,24 +436,25 @@ export function getCredentials(
return str ? /^[\x20-\x7E]*$/.test(str) : true;
};
if (
!isPrintable(e.type) ||
!isPrintable(e.host) ||
!isPrintable(e.url) ||
!isPrintable(e.username) ||
!isPrintable(e.password) ||
!isPrintable(e.token)
) {
throw new ConfigurationError(
"Invalid credentials - fields must contain only printable characters",
);
// Ensure that all string fields only contain printable characters.
for (const key of Object.keys(e)) {
const val = e[key];
if (typeof val === "string" && !isPrintable(val)) {
throw new ConfigurationError(
"Invalid credentials - fields must contain only printable characters",
);
}
}
// If the password or token looks like a GitHub PAT, warn if no username is configured.
if (
!isDefined(e.username) &&
((isDefined(e.password) && isPAT(e.password)) ||
(isDefined(e.token) && isPAT(e.token)))
((!hasUsername(authConfig) || !isDefined(authConfig.username)) &&
isUsernamePassword(authConfig) &&
isDefined(authConfig.password) &&
isPAT(authConfig.password)) ||
(isToken(authConfig) &&
isDefined(authConfig.token) &&
isPAT(authConfig.token))
) {
logger.warning(
`A ${e.type} private registry is configured for ${e.host || e.url} using a GitHub Personal Access Token (PAT), but no username was provided. ` +
@@ -382,9 +465,7 @@ export function getCredentials(
out.push({
type: e.type,
username: e.username,
password: e.password,
token: e.token,
...authConfig,
...address,
});
}
@@ -498,17 +579,6 @@ export async function getDownloadUrl(
};
}
/**
* Pretty-prints a `Credential` value to a string, but hides the actual password or token values.
*
* @param c The credential to convert to a string.
*/
export function credentialToStr(c: Credential): string {
return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${
c.username
}; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`;
}
/**
* Attempts to download a file from `url` into the toolcache.
*

136
src/start-proxy/types.test.ts Normal file
View File

@@ -0,0 +1,136 @@
import test from "ava";
import { setupTests } from "../testing-utils";
import * as types from "./types";
setupTests(test);
const validAzureCredential: types.AzureConfig = {
tenant_id: "12345678-1234-1234-1234-123456789012",
client_id: "abcdef01-2345-6789-abcd-ef0123456789",
};
const validAwsCredential: types.AWSConfig = {
aws_region: "us-east-1",
account_id: "123456789012",
role_name: "MY_ROLE",
domain: "MY_DOMAIN",
domain_owner: "987654321098",
audience: "custom-audience",
};
const validJFrogCredential: types.JFrogConfig = {
jfrog_oidc_provider_name: "MY_PROVIDER",
audience: "jfrog-audience",
identity_mapping_name: "my-mapping",
};
test("credentialToStr - pretty-prints valid username+password configurations", (t) => {
const secret = "password123";
const credential: types.Credential = {
type: "maven_credential",
username: "user",
password: secret,
url: "https://localhost",
};
const str = types.credentialToStr(credential);
t.false(str.includes(secret));
t.is(
"Type: maven_credential; Url: https://localhost; Username: user; Password: ***;",
str,
);
});
test("credentialToStr - pretty-prints valid username+token configurations", (t) => {
const secret = "password123";
const credential: types.Credential = {
type: "maven_credential",
username: "user",
token: secret,
url: "https://localhost",
};
const str = types.credentialToStr(credential);
t.false(str.includes(secret));
t.is(
"Type: maven_credential; Url: https://localhost; Username: user; Token: ***;",
str,
);
});
test("credentialToStr - pretty-prints valid Azure OIDC configurations", (t) => {
const credential: types.Credential = {
type: "maven_credential",
url: "https://localhost",
...validAzureCredential,
};
const str = types.credentialToStr(credential);
t.is(
"Type: maven_credential; Url: https://localhost; Tenant: 12345678-1234-1234-1234-123456789012; Client: abcdef01-2345-6789-abcd-ef0123456789;",
str,
);
});
test("credentialToStr - pretty-prints valid AWS OIDC configurations", (t) => {
const credential: types.Credential = {
type: "maven_credential",
url: "https://localhost",
...validAwsCredential,
};
const str = types.credentialToStr(credential);
t.is(
"Type: maven_credential; Url: https://localhost; AWS Region: us-east-1; AWS Account: 123456789012; AWS Role: MY_ROLE; AWS Domain: MY_DOMAIN; AWS Domain Owner: 987654321098; AWS Audience: custom-audience;",
str,
);
});
test("credentialToStr - pretty-prints valid JFrog OIDC configurations", (t) => {
const credential: types.Credential = {
type: "maven_credential",
url: "https://localhost",
...validJFrogCredential,
};
const str = types.credentialToStr(credential);
t.is(
"Type: maven_credential; Url: https://localhost; JFrog Provider: MY_PROVIDER; JFrog Identity Mapping: my-mapping; JFrog Audience: jfrog-audience;",
str,
);
});
test("credentialToStr - hides passwords", (t) => {
const secret = "password123";
const credential = {
type: "maven_credential",
password: secret,
url: "https://localhost",
};
const str = types.credentialToStr(credential);
t.false(str.includes(secret));
t.is("Type: maven_credential; Url: https://localhost; Password: ***;", str);
});
test("credentialToStr - hides tokens", (t) => {
const secret = "password123";
const credential = {
type: "maven_credential",
token: secret,
url: "https://localhost",
};
const str = types.credentialToStr(credential);
t.false(str.includes(secret));
t.is("Type: maven_credential; Url: https://localhost; Token: ***;", str);
});

207
src/start-proxy/types.ts
View File

@@ -1,22 +1,211 @@
import type { UnvalidatedObject } from "../json";
import * as json from "../json";
import { isDefined } from "../util";
/**
* After parsing configurations from JSON, we don't know whether all the keys we expect are
* present or not. This type is used to represent such values, which we expect to be
* `Credential` values, but haven't validated yet.
*/
export type RawCredential = Partial<Credential>;
export type RawCredential = UnvalidatedObject<Credential>;
/** Usernames may be present for both authentication with tokens or passwords. */
export type Username = {
/** The username needed to authenticate to the package registry, if any. */
username?: string;
};
/** Decides whether `config` has a username. */
export function hasUsername(config: AuthConfig): config is Username {
return "username" in config;
}
/**
* Fields expected for authentication based on a username and password.
* Both username and password are optional.
*/
export type UsernamePassword = {
/** The password needed to authenticate to the package registry, if any. */
password?: string;
} & Username;
/** Decides whether `config` is based on a username and password. */
export function isUsernamePassword(
config: AuthConfig,
): config is UsernamePassword {
return hasUsername(config) && "password" in config;
}
/**
* Fields expected for token-based authentication.
* Both username and token are optional.
*/
export type Token = {
/** The token needed to authenticate to the package registry, if any. */
token?: string;
} & Username;
/** Decides whether `config` is token-based. */
export function isToken(
config: UnvalidatedObject<AuthConfig>,
): config is Token {
// The "username" field is optional, but should be a string if present.
if ("username" in config && !json.isStringOrUndefined(config.username)) {
return false;
}
// The "token" field is required, and must be a string or undefined.
return "token" in config && json.isStringOrUndefined(config.token);
}
/** Configuration for Azure OIDC. */
export type AzureConfig = { tenant_id: string; client_id: string };
/** Decides whether `config` is an Azure OIDC configuration. */
export function isAzureConfig(
config: UnvalidatedObject<AuthConfig>,
): config is AzureConfig {
return (
"tenant_id" in config &&
"client_id" in config &&
isDefined(config.tenant_id) &&
isDefined(config.client_id) &&
json.isString(config.tenant_id) &&
json.isString(config.client_id)
);
}
/** Configuration for AWS OIDC. */
export type AWSConfig = {
aws_region: string;
account_id: string;
role_name: string;
domain: string;
domain_owner: string;
audience?: string;
};
/** Decides whether `config` is an AWS OIDC configuration. */
export function isAWSConfig(
config: UnvalidatedObject<AuthConfig>,
): config is AWSConfig {
// All of these properties are required.
const requiredProperties = [
"aws_region",
"account_id",
"role_name",
"domain",
"domain_owner",
];
for (const property of requiredProperties) {
if (
!(property in config) ||
!isDefined(config[property]) ||
!json.isString(config[property])
) {
return false;
}
}
// The "audience" field is optional, but should be a string if present.
if ("audience" in config && !json.isStringOrUndefined(config.audience)) {
return false;
}
return true;
}
/** Configuration for JFrog OIDC. */
export type JFrogConfig = {
jfrog_oidc_provider_name: string;
audience?: string;
identity_mapping_name?: string;
};
/** Decides whether `config` is a JFrog OIDC configuration. */
export function isJFrogConfig(
config: UnvalidatedObject<AuthConfig>,
): config is JFrogConfig {
// The "audience" and "identity_mapping_name" fields are optional, but should be strings if present.
if ("audience" in config && !json.isStringOrUndefined(config.audience)) {
return false;
}
if (
"identity_mapping_name" in config &&
!json.isStringOrUndefined(config.identity_mapping_name)
) {
return false;
}
return (
"jfrog_oidc_provider_name" in config &&
isDefined(config.jfrog_oidc_provider_name) &&
json.isString(config.jfrog_oidc_provider_name)
);
}
/** Represents all supported OIDC configurations. */
export type OIDC = AzureConfig | AWSConfig | JFrogConfig;
/** All authentication-related fields. */
export type AuthConfig = UsernamePassword | Token | OIDC;
/**
* A package registry configuration includes identifying information as well as
* authentication credentials.
*/
export type Credential = {
/** The username needed to authenticate to the package registry, if any. */
username?: string;
/** The password needed to authenticate to the package registry, if any. */
password?: string;
/** The token needed to authenticate to the package registry, if any. */
token?: string;
} & Registry;
export type Credential = AuthConfig & Registry;
/**
* Pretty-prints a `Credential` value to a string, but hides the actual password or token values.
*
* @param credential The credential to convert to a string.
*/
export function credentialToStr(credential: Credential): string {
let result: string = `Type: ${credential.type};`;
const appendIfDefined = (name: string, val: string | undefined) => {
if (isDefined(val)) {
result += ` ${name}: ${val};`;
}
};
appendIfDefined("Url", credential.url);
appendIfDefined("Host", credential.host);
if (hasUsername(credential)) {
appendIfDefined("Username", credential.username);
}
if ("password" in credential) {
appendIfDefined(
"Password",
isDefined(credential.password) ? "***" : undefined,
);
}
if (isToken(credential)) {
appendIfDefined("Token", isDefined(credential.token) ? "***" : undefined);
}
if (isAzureConfig(credential)) {
appendIfDefined("Tenant", credential.tenant_id);
appendIfDefined("Client", credential.client_id);
} else if (isAWSConfig(credential)) {
appendIfDefined("AWS Region", credential.aws_region);
appendIfDefined("AWS Account", credential.account_id);
appendIfDefined("AWS Role", credential.role_name);
appendIfDefined("AWS Domain", credential.domain);
appendIfDefined("AWS Domain Owner", credential.domain_owner);
appendIfDefined("AWS Audience", credential.audience);
} else if (isJFrogConfig(credential)) {
appendIfDefined("JFrog Provider", credential.jfrog_oidc_provider_name);
appendIfDefined("JFrog Identity Mapping", credential.identity_mapping_name);
appendIfDefined("JFrog Audience", credential.audience);
}
return result;
}
/** A package registry is identified by its type and address. */
export type Registry = {

11
src/util.ts
View File

@@ -14,6 +14,7 @@ import type { CodeQL, VersionInfo } from "./codeql";
import type { Pack } from "./config/db-config";
import type { Config } from "./config-utils";
import { EnvVar } from "./environment";
import * as json from "./json";
import { Language } from "./languages";
import { Logger } from "./logging";
@@ -603,19 +604,15 @@ export class HTTPError extends Error {
export class ConfigurationError extends Error {}
export function asHTTPError(arg: any): HTTPError | undefined {
if (
typeof arg !== "object" ||
arg === null ||
typeof arg.message !== "string"
) {
if (!json.isObject<any>(arg) || !json.isString(arg.message)) {
return undefined;
}
if (Number.isInteger(arg.status)) {
return new HTTPError(arg.message as string, arg.status as number);
return new HTTPError(arg.message, arg.status as number);
}
// See https://github.com/actions/toolkit/blob/acb230b99a46ed33a3f04a758cd68b47b9a82908/packages/tool-cache/src/tool-cache.ts#L19
if (Number.isInteger(arg.httpStatusCode)) {
return new HTTPError(arg.message as string, arg.httpStatusCode as number);
return new HTTPError(arg.message, arg.httpStatusCode as number);
}
return undefined;
}