Validate credentials input

lib/start-proxy-action.js

@@ -37,9 +37,6 @@ const UPDATEJOB_PROXY_URL = "https://github.com/github/codeql-action/releases/do
 const PROXY_USER = "proxy_user";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
-function CredentialToStr(c) {
-    return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`;
-}
 const CERT_SUBJECT = [
     {
         name: "commonName",
@@ -89,8 +86,8 @@ async function runWrapper() {
     const proxyLogFilePath = path.resolve(tempDir, "proxy.log");
     core.saveState("proxy-log-file", proxyLogFilePath);
     // Get the configuration options
-    const credentials = getCredentials();
-    logger.info(`Credentials loaded for the following URLs:\n ${credentials.map(c => CredentialToStr(c)).join("\n")}`);
+    const credentials = getCredentials(logger);
+    logger.info(`Credentials loaded for the following registries:\n ${credentials.map(c => credentialToStr(c)).join("\n")}`);
     const ca = generateCertificateAuthority();
     const proxyAuth = getProxyAuth();
     const proxyConfig = {
@@ -149,15 +146,39 @@ async function startProxy(binPath, config, logFilePath, logger) {
 // getCredentials returns registry credentials from action inputs.
 // It prefers `registries_credentials` over `registry_secrets`.
 // If neither is set, it returns an empty array.
-function getCredentials() {
-    const encodedCredentials = actionsUtil.getOptionalInput("registries_credentials");
-    if (encodedCredentials !== undefined) {
-        const credentialsStr = Buffer.from(encodedCredentials, "base64").toString();
-        return JSON.parse(credentialsStr);
+function getCredentials(logger) {
+    const registriesCredentials = actionsUtil.getOptionalInput("registries_credentials");
+    const registrySecrets = actionsUtil.getOptionalInput("registry_secrets");
+    var credentialsStr;
+    if (registriesCredentials !== undefined) {
+        logger.info(`Using registries_credentials input.`);
+        credentialsStr = Buffer.from(registriesCredentials, "base64").toString();
     }
-    core.info(`Using structured credentials.`);
-    const registrySecrets = actionsUtil.getOptionalInput("registry_secrets") || "[]";
-    return JSON.parse(registrySecrets);
+    else if (registrySecrets !== undefined) {
+        logger.info(`Using registry_secrets input.`);
+        credentialsStr = registrySecrets;
+    }
+    else {
+        logger.info(`No credentials defined.`);
+        return [];
+    }
+    // Parse and validate the credentials
+    const parsed = JSON.parse(credentialsStr);
+    let out = [];
+    parsed.forEach(e => {
+        if (e.url === undefined && e.host === undefined) {
+            throw "Invalid credentials - must specify host or url";
+        }
+        out.push({
+            type: e.type,
+            host: e.host,
+            url: e.url,
+            username: e.username,
+            password: e.password,
+            token: e.token,
+        });
+    });
+    return out;
 }
 // getProxyAuth returns the authentication information for the proxy itself.
 function getProxyAuth() {
@@ -180,5 +201,8 @@ async function getProxyBinaryPath() {
     proxyBin = path.join(proxyBin, UPDATEJOB_PROXY);
     return proxyBin;
 }
+function credentialToStr(c) {
+    return `Type: ${c.type}; Host: ${c.host}; Url: ${c.url} Username: ${c.username}; Password: ${c.password !== undefined}; Token: ${c.token !== undefined}`;
+}
 void runWrapper();
 //# sourceMappingURL=start-proxy-action.js.map