robojerk/codeql-action

Merge pull request #2781 from github/angelapwen/fix-code-injection-warning

Browse source 
Fix code injection warnings in `check-codescanning-config` internal Action
This commit is contained in:
Angela P Wen 2025-02-24 16:53:51 -08:00 committed by GitHub
commit a8849fbe63
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.github/actions/check-codescanning-config/action.yml vendored
View file

@ -61,11 +61,12 @@ runs:
- name: Check config - name: Check config
working-directory: ${{ github.action_path }} working-directory: ${{ github.action_path }}
shell: bash shell: bash
run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '${{ inputs.expected-config-file-contents }}' env:
EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
- name: Clean up - name: Clean up
shell: bash shell: bash
if: always() if: always()
run: | run: |
rm -rf ${{ runner.temp }}/codescanning-config-cli-test rm -rf $RUNNER_TEMP/codescanning-config-cli-test
rm -rf ${{ runner.temp }}/user-config.yaml rm -rf $RUNNER_TEMP/user-config.yaml

2
.github/actions/check-codescanning-config/index.ts vendored
View file

@ -8,7 +8,7 @@ const actualConfig = loadActualConfig()
const rawExpectedConfig = process.argv[3].trim() const rawExpectedConfig = process.argv[3].trim()
if (!rawExpectedConfig) { if (!rawExpectedConfig) {
core.info('No expected configuration provided') core.setFailed('No expected configuration provided')
} else { } else {
core.startGroup('Expected generated user config') core.startGroup('Expected generated user config')
core.info(yaml.dump(JSON.parse(rawExpectedConfig))) core.info(yaml.dump(JSON.parse(rawExpectedConfig)))