github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-23 15:50:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Apply realpathSync sooner

Browse Source 
Fixes lint: https://github.com/github/codeql-action/pull/67/checks?check_run_id=777215812
This commit is contained in:
Sam Partington
2020-06-16 17:03:50 +01:00
parent 0b53ebbc36
commit 013c02758e
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/config-utils.js generated
View File

@@ -51,14 +51,14 @@ class Config {
const localQueryPath = queryUses.slice(2);
// Resolve the local path against the workspace so that when this is
// passed to codeql it resolves to exactly the path we expect it to resolve to.
const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
const absoluteQueryPath = path.join(workspacePath, localQueryPath);
const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
const absoluteQueryPath = fs.realpathSync(path.join(workspacePath, localQueryPath));
// Check the file exists
if (!fs.existsSync(absoluteQueryPath)) {
throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
}
// Check the local path doesn't jump outside the repo using '..' or symlinks
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) {
throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
}
this.additionalQueries.push(absoluteQueryPath);

2
lib/config-utils.js.map
View File

File diff suppressed because one or more lines are too long

6
src/config-utils.ts
View File

@@ -51,8 +51,8 @@ export class Config {
const localQueryPath = queryUses.slice(2);
// Resolve the local path against the workspace so that when this is
// passed to codeql it resolves to exactly the path we expect it to resolve to.
const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
const absoluteQueryPath = path.join(workspacePath, localQueryPath);
const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
const absoluteQueryPath = fs.realpathSync(path.join(workspacePath, localQueryPath));
// Check the file exists
if (!fs.existsSync(absoluteQueryPath)) {
@@ -60,7 +60,7 @@ export class Config {
}
// Check the local path doesn't jump outside the repo using '..' or symlinks
if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) {
throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
}