robojerk/codeql-action

Fix config path comparisons where workspace path is a symlink

Browse source 
Before this change, config-utils.ts › load non-empty input was failing on Mac with:

The configuration file "/var/folders/gx/y8v1507s29d97m1r_5kq0s000000gn/T/codeql-action-oum66d/input" is invalid: property "queries.uses" is invalid as the local path "" is outside of the repository

The reason is that the tmp directory (which is where the config file was put by the test) was a symlink.
This commit is contained in:
Sam Partington 2020-06-16 16:57:08 +01:00
parent 6de3e1cde4
commit 0b53ebbc36
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/config-utils.ts
View file

@ -60,7 +60,7 @@ export class Config {
}
// Check the local path doesn't jump outside the repo using '..' or symlinks
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(workspacePath + path.sep)) {
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
}