Fix config path comparisons where workspace path is a symlink

Before this change, config-utils.ts › load non-empty input was failing on Mac with: The configuration file "/var/folders/gx/y8v1507s29d97m1r_5kq0s000000gn/T/codeql-action-oum66d/input" is invalid: property "queries.uses" is invalid as the local path "" is outside of the repository The reason is that the tmp directory (which is where the config file was put by the test) was a symlink.
2020-06-16 16:57:08 +01:00 · 2020-06-16 16:57:08 +01:00 · 0b53ebbc36
commit 0b53ebbc36
parent 6de3e1cde4
3 changed files with 3 additions and 3 deletions
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@ -58,7 +58,7 @@ class Config {
                throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
            }
            // Check the local path doesn't jump outside the repo using '..' or symlinks
-            if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(workspacePath + path.sep)) {
+            if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
                throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
            }
            this.additionalQueries.push(absoluteQueryPath);
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@ -60,7 +60,7 @@ export class Config {
            }

            // Check the local path doesn't jump outside the repo using '..' or symlinks
-            if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(workspacePath + path.sep)) {
+            if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
                throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
            }