robojerk/codeql-action

use .has for searchParams instead of checking for undefined

Browse source
This commit is contained in:
nickfyson 2022-12-12 15:53:40 +00:00
parent d827cf3d65
commit 54d25f56dd
3 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/codeql.js generated
View file

@ -261,6 +261,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, bypassToolca
codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, variant, logger);
}
const parsedCodeQLURL = new URL(codeqlURL);
const searchParams = new URLSearchParams(parsedCodeQLURL.search);
const headers = {
accept: "application/octet-stream",
};
@ -269,7 +270,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, bypassToolca
// This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL.
if (codeqlURL.startsWith(`${apiDetails.url}/`) &&
new URLSearchParams(parsedCodeQLURL.search).get("token") === undefined) {
!searchParams.has("token")) {
logger.debug("Downloading CodeQL bundle with token.");
headers.authorization = `token ${apiDetails.auth}`;
}

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

3
src/codeql.ts
View file

@ -488,6 +488,7 @@ export async function setupCodeQL(
}
const parsedCodeQLURL = new URL(codeqlURL);
const searchParams = new URLSearchParams(parsedCodeQLURL.search);
const headers: OutgoingHttpHeaders = {
accept: "application/octet-stream",
};
@ -497,7 +498,7 @@ export async function setupCodeQL(
// We also don't want to send an authorization header if there's already a token provided in the URL.
if (
codeqlURL.startsWith(`${apiDetails.url}/`) &&
new URLSearchParams(parsedCodeQLURL.search).get("token") === undefined
!searchParams.has("token")
) {
logger.debug("Downloading CodeQL bundle with token.");
headers.authorization = `token ${apiDetails.auth}`;