github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-06 14:40:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Register credentials extracted from proxy configuration as secrets to mask in logs

Browse Source
This commit is contained in:
Michael B. Gale
2025-06-12 12:59:02 +01:00
parent 466d6ce584
commit bbab10229f
3 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/start-proxy.ts
View File

@@ -1,3 +1,5 @@
import * as core from "@actions/core";
import { parseLanguage, Language } from "./languages";
import { Logger } from "./logging";
import { ConfigurationError } from "./util";
@@ -63,6 +65,14 @@ export function getCredentials(
const out: Credential[] = [];
for (const e of parsed) {
// Mask credentials to reduce chance of accidental leakage in logs.
if (e.password !== undefined) {
core.setSecret(e.password);
}
if (e.token !== undefined) {
core.setSecret(e.token);
}
if (e.url === undefined && e.host === undefined) {
// The proxy needs one of these to work. If both are defined, the url has the precedence.
throw new ConfigurationError(