github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-08 14:50:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Defensively sanitize timestamp

Browse Source
This commit is contained in:
Henry Mercer
2026-04-28 11:33:48 +01:00
parent cdb655d6d4
commit e73c940c9b
7 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/init-action-post.js
Generated
+5 -2
View File
@@ -165812,10 +165812,13 @@ function writeDiagnostic(config, language, diagnostic) {
try {
(0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
const uniqueSuffix = Math.floor(Math.random() * 4294967296).toString(16).padStart(8, "0");
const sanitizedTimestamp = diagnostic.timestamp.replace(
/[^a-zA-Z0-9.-]/g,
""
);
const jsonPath = import_path.default.resolve(
diagnosticsPath,
// Remove colons from the timestamp as these are not allowed in Windows filenames.
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}-${uniqueSuffix}.json`
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
);
(0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
} catch (err) {