Check that proxy configurations are an array

2026-01-03 05:00:04 +08:00 · 2025-06-27 13:59:57 +01:00
parent 4c57370d03
commit e9938e34d5
6 changed files with 39 additions and 2 deletions
--- a/src/start-proxy.test.ts
+++ b/src/start-proxy.test.ts
@@ -26,6 +26,26 @@ test("getCredentials prefers registriesCredentials over registrySecrets", async
  t.is(credentials[0].host, "npm.pkg.github.com");
 });

+test("getCredentials throws an error when configurations are not an array", async (t) => {
+  const registryCredentials = Buffer.from(
+    JSON.stringify({ type: "npm_registry", token: "abc" }),
+  ).toString("base64");
+
+  t.throws(
+    () =>
+      startProxyExports.getCredentials(
+        getRunnerLogger(true),
+        undefined,
+        registryCredentials,
+        undefined,
+      ),
+    {
+      message:
+        "Expected credentials data to be an array of configurations, but it is not.",
+    },
+  );
+});
+
 test("getCredentials throws error when credential missing host and url", async (t) => {
  const registryCredentials = Buffer.from(
    JSON.stringify([{ type: "npm_registry", token: "abc" }]),
--- a/src/start-proxy.ts
+++ b/src/start-proxy.ts
@@ -63,6 +63,13 @@ export function getCredentials(
    throw new ConfigurationError("Invalid credentials format.");
  }

+  // Check that the parsed data is indeed an array.
+  if (!Array.isArray(parsed)) {
+    throw new ConfigurationError(
+      "Expected credentials data to be an array of configurations, but it is not.",
+    );
+  }
+
  const out: Credential[] = [];
  for (const e of parsed) {
    // Mask credentials to reduce chance of accidental leakage in logs.