github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-30 02:40:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Defensively sanitize timestamp

Browse Source
This commit is contained in:
Henry Mercer
2026-04-28 11:33:48 +01:00
parent cdb655d6d4
commit e73c940c9b
7 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/analyze-action.js
Generated
+5 -2
View File
@@ -107893,10 +107893,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
lib/init-action-post.js
Generated
+5 -2
View File
@@ -165812,10 +165812,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
lib/init-action.js
Generated
+5 -2
View File
@@ -105398,10 +105398,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
lib/setup-codeql-action.js
Generated
+5 -2
View File
@@ -105468,10 +105468,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
lib/upload-lib.js
Generated
+5 -2
View File
@@ -107503,10 +107503,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
lib/upload-sarif-action.js
Generated
+5 -2
View File
@@ -108259,10 +108259,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {
src/diagnostics.ts
+7 -2
View File
@@ -173,10 +173,15 @@ function writeDiagnostic(
const uniqueSuffix = Math.floor(Math.random() * 0x100000000)
.toString(16)
.padStart(8, "0");
// We should only need to remove colons, but to be defensive, only allow a restricted set of
// characters.
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
"",
);
const jsonPath = path.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`,
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`,
);
writeFileSync(jsonPath, JSON.stringify(diagnostic));