diff --git a/lib/config-utils.js b/lib/config-utils.js index a631a457f..3064de01e 100644 --- a/lib/config-utils.js +++ b/lib/config-utils.js @@ -51,14 +51,14 @@ class Config { const localQueryPath = queryUses.slice(2); // Resolve the local path against the workspace so that when this is // passed to codeql it resolves to exactly the path we expect it to resolve to. - const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE'); - const absoluteQueryPath = path.join(workspacePath, localQueryPath); + const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE')); + const absoluteQueryPath = fs.realpathSync(path.join(workspacePath, localQueryPath)); // Check the file exists if (!fs.existsSync(absoluteQueryPath)) { throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath)); } // Check the local path doesn't jump outside the repo using '..' or symlinks - if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) { + if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) { throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath)); } this.additionalQueries.push(absoluteQueryPath); diff --git a/lib/config-utils.js.map b/lib/config-utils.js.map index 2f02b995d..7c954b2b0 100644 --- a/lib/config-utils.js.map +++ b/lib/config-utils.js.map @@ -1 +1 @@ -{"version":3,"file":"config-utils.js","sourceRoot":"","sources":["../src/config-utils.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,gDAAkC;AAClC,uCAAyB;AACzB,8CAAgC;AAChC,2CAA6B;AAE7B,6CAA+B;AAE/B,MAAM,aAAa,GAAG,MAAM,CAAC;AAC7B,MAAM,gCAAgC,GAAG,yBAAyB,CAAC;AACnE,MAAM,gBAAgB,GAAG,SAAS,CAAC;AACnC,MAAM,qBAAqB,GAAG,MAAM,CAAC;AACrC,MAAM,qBAAqB,GAAG,cAAc,CAAC;AAC7C,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B,MAAa,aAAa;IAKtB,YAAY,UAAkB,EAAE,GAAW;QAFpC,SAAI,GAAG,EAAE,CAAC;QAGb,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;CACJ;AATD,sCASC;AAED,0EAA0E;AAC1E,MAAM,aAAa,GAAG,CAAC,mBAAmB,EAAE,sBAAsB,CAAU,CAAC;AAI7E,MAAa,MAAM;IAAnB;QACW,SAAI,GAAG,EAAE,CAAC;QACV,0BAAqB,GAAG,KAAK,CAAC;QAC9B,sBAAiB,GAAa,EAAE,CAAC;QACjC,oBAAe,GAAoB,EAAE,CAAC;QACtC,qBAAgB,GAAmB,EAAE,CAAC;QACtC,gBAAW,GAAa,EAAE,CAAC;QAC3B,UAAK,GAAa,EAAE,CAAC;IAuEhC,CAAC;IArEU,QAAQ,CAAC,UAAkB,EAAE,SAAiB;QACjD,qEAAqE;QACrE,kDAAkD;QAClD,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,SAAS,KAAK,EAAE,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;SACpD;QAED,oFAAoF;QACpF,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YAC5B,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1C,oEAAoE;YACpE,+EAA+E;YAC/E,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC;YACnE,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;YAEnE,wBAAwB;YACxB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE;gBACnC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;aACzE;YAED,4EAA4E;YAC5E,IAAI,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE;gBACxG,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;aAChF;YAED,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC/C,OAAO;SACV;QAED,sCAAsC;QACtC,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE;YAChE,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;YACjE,IAAI,KAAK,EAAE;gBACP,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAClC,OAAO;aACV;iBAAM;gBACH,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;aAC/D;SACJ;QAED,IAAI,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QAED,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACnB,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxB,+BAA+B;QAC/B,+BAA+B;QAC/B,yFAAyF;QACzF,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QACD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;YAChB,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;SAClD;QAED,2DAA2D;QAC3D,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC9C,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QAED,IAAI,QAAQ,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;SAC1B;QACD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;CACJ;AA9ED,wBA8EC;AAED,SAAgB,cAAc,CAAC,UAAkB;IAC7C,OAAO,0BAA0B,CAAC,UAAU,EAAE,aAAa,EAAE,4BAA4B,CAAC,CAAC;AAC/F,CAAC;AAFD,wCAEC;AAED,SAAgB,+BAA+B,CAAC,UAAkB;IAC9D,OAAO,0BAA0B,CAAC,UAAU,EAAE,gCAAgC,EAAE,mBAAmB,CAAC,CAAC;AACzG,CAAC;AAFD,0EAEC;AAED,SAAgB,iBAAiB,CAAC,UAAkB;IAChD,OAAO,0BAA0B,CAAC,UAAU,EAAE,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;AACxF,CAAC;AAFD,8CAEC;AAED,SAAgB,mBAAmB,CAAC,UAAkB,EAAE,SAAkB;IACtE,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,4BAA4B,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC;QACrD,+DAA+D;QAC/D,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAPD,kDAOC;AAED,SAAgB,qBAAqB,CAAC,UAAkB;IACpD,OAAO,0BAA0B,CAAC,UAAU,EAAE,qBAAqB,EAAE,uCAAuC,CAAC,CAAC;AAClH,CAAC;AAFD,sDAEC;AAED,SAAgB,eAAe,CAAC,UAAkB;IAC9C,OAAO,0BAA0B,CAAC,UAAU,EAAE,cAAc,EAAE,uCAAuC,CAAC,CAAC;AAC3G,CAAC;AAFD,0CAEC;AAED,SAAgB,+BAA+B,CAAC,UAAkB,EAAE,SAAiB;IACjF,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,gCAAgC,GAAG,SAAS,GAAG,gCAAgC,CAAC,CAAC;AACzF,CAAC;AALD,0EAKC;AAED,SAAgB,wBAAwB,CAAC,UAAkB,EAAE,SAAiB;IAC1E,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,gCAAgC,GAAG,SAAS,GAAG,oCAAoC,CAAC,CAAC;AAC7F,CAAC;AALD,4DAKC;AAED,SAAgB,yCAAyC,CAAC,UAAkB;IACxE,OAAO,0BAA0B,GAAG,UAAU,GAAG,+BAA+B,CAAC;AACrF,CAAC;AAFD,8FAEC;AAED,SAAgB,qCAAqC,CAAC,UAAkB;IACpE,OAAO,0BAA0B,GAAG,UAAU,GAAG,kBAAkB,CAAC;AACxE,CAAC;AAFD,sFAEC;AAED,SAAS,0BAA0B,CAAC,UAAkB,EAAE,QAAgB,EAAE,KAAa;IACnF,OAAO,0BAA0B,GAAG,UAAU,GAAG,0BAA0B,GAAG,QAAQ,GAAG,IAAI,GAAG,KAAK,CAAC;AAC1G,CAAC;AAED,SAAS,UAAU;IACf,IAAI,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IAE9C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAE5B,qDAAqD;IACrD,IAAI,UAAU,KAAK,EAAE,EAAE;QACnB,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACjD,OAAO,MAAM,CAAC;KACjB;IAED,qDAAqD;IACrD,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC;IACnE,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAErD,2DAA2D;IAC3D,IAAI,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,UAAU,CAAC,CAAC,CAAC;KAC1E;IAED,mCAAmC;IACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,UAAU,CAAC,CAAC,CAAC;KACtE;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAEtE,IAAI,aAAa,IAAI,UAAU,EAAE;QAC7B,IAAI,OAAO,UAAU,CAAC,aAAa,CAAC,KAAK,QAAQ,EAAE;YAC/C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;SAC/C;QACD,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;SAC/C;QACD,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;KAC3C;IAED,IAAI,gCAAgC,IAAI,UAAU,EAAE;QAChD,IAAI,OAAO,UAAU,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE;YACnE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,UAAU,CAAC,CAAC,CAAC;SAChE;QACD,MAAM,CAAC,qBAAqB,GAAG,UAAU,CAAC,gCAAgC,CAAC,CAAC;KAC/E;IAED,IAAI,gBAAgB,IAAI,UAAU,EAAE;QAChC,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,YAAY,KAAK,CAAC,EAAE;YAClD,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;SAClD;QACD,UAAU,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YACzC,IAAI,CAAC,CAAC,qBAAqB,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,qBAAqB,CAAC,KAAK,QAAQ,EAAE;gBACvF,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;aACpD;YACD,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;KACN;IAED,IAAI,qBAAqB,IAAI,UAAU,EAAE;QACrC,IAAI,CAAC,CAAC,UAAU,CAAC,qBAAqB,CAAC,YAAY,KAAK,CAAC,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC;SACtD;QACD,UAAU,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAC7C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,EAAE,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC;aACtD;YACD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;KACN;IAED,IAAI,cAAc,IAAI,UAAU,EAAE;QAC9B,IAAI,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,YAAY,KAAK,CAAC,EAAE;YAChD,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC;SAChD;QACD,UAAU,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,EAAE,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC;aAChD;YACD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;KACN;IAED,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,eAAe;IACpB,OAAO,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,aAAa;IACzB,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,QAAQ,CAAC,CAAC;AAClD,CAAC;AAFD,sCAEC;AAED,KAAK,UAAU,UAAU,CAAC,MAAc;IACpC,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACnC,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;AAC7B,CAAC;AAEM,KAAK,UAAU,UAAU;IAC5B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QAC3B,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;KAEnC;SAAM;QACH,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACnC,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC;KACjB;AACL,CAAC;AAfD,gCAeC"} \ No newline at end of file +{"version":3,"file":"config-utils.js","sourceRoot":"","sources":["../src/config-utils.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,gDAAkC;AAClC,uCAAyB;AACzB,8CAAgC;AAChC,2CAA6B;AAE7B,6CAA+B;AAE/B,MAAM,aAAa,GAAG,MAAM,CAAC;AAC7B,MAAM,gCAAgC,GAAG,yBAAyB,CAAC;AACnE,MAAM,gBAAgB,GAAG,SAAS,CAAC;AACnC,MAAM,qBAAqB,GAAG,MAAM,CAAC;AACrC,MAAM,qBAAqB,GAAG,cAAc,CAAC;AAC7C,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B,MAAa,aAAa;IAKtB,YAAY,UAAkB,EAAE,GAAW;QAFpC,SAAI,GAAG,EAAE,CAAC;QAGb,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;CACJ;AATD,sCASC;AAED,0EAA0E;AAC1E,MAAM,aAAa,GAAG,CAAC,mBAAmB,EAAE,sBAAsB,CAAU,CAAC;AAI7E,MAAa,MAAM;IAAnB;QACW,SAAI,GAAG,EAAE,CAAC;QACV,0BAAqB,GAAG,KAAK,CAAC;QAC9B,sBAAiB,GAAa,EAAE,CAAC;QACjC,oBAAe,GAAoB,EAAE,CAAC;QACtC,qBAAgB,GAAmB,EAAE,CAAC;QACtC,gBAAW,GAAa,EAAE,CAAC;QAC3B,UAAK,GAAa,EAAE,CAAC;IAuEhC,CAAC;IArEU,QAAQ,CAAC,UAAkB,EAAE,SAAiB;QACjD,qEAAqE;QACrE,kDAAkD;QAClD,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,SAAS,KAAK,EAAE,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;SACpD;QAED,oFAAoF;QACpF,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YAC5B,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1C,oEAAoE;YACpE,+EAA+E;YAC/E,MAAM,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC,CAAC;YACpF,MAAM,iBAAiB,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC;YAEpF,wBAAwB;YACxB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE;gBACnC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;aACzE;YAED,4EAA4E;YAC5E,IAAI,CAAC,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE;gBACtE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;aAChF;YAED,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC/C,OAAO;SACV;QAED,sCAAsC;QACtC,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE;YAChE,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;YACjE,IAAI,KAAK,EAAE;gBACP,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAClC,OAAO;aACV;iBAAM;gBACH,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;aAC/D;SACJ;QAED,IAAI,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QAED,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACnB,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxB,+BAA+B;QAC/B,+BAA+B;QAC/B,yFAAyF;QACzF,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QACD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;YAChB,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;SAClD;QAED,2DAA2D;QAC3D,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC9C,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;SAC/D;QAED,IAAI,QAAQ,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;SAC1B;QACD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;CACJ;AA9ED,wBA8EC;AAED,SAAgB,cAAc,CAAC,UAAkB;IAC7C,OAAO,0BAA0B,CAAC,UAAU,EAAE,aAAa,EAAE,4BAA4B,CAAC,CAAC;AAC/F,CAAC;AAFD,wCAEC;AAED,SAAgB,+BAA+B,CAAC,UAAkB;IAC9D,OAAO,0BAA0B,CAAC,UAAU,EAAE,gCAAgC,EAAE,mBAAmB,CAAC,CAAC;AACzG,CAAC;AAFD,0EAEC;AAED,SAAgB,iBAAiB,CAAC,UAAkB;IAChD,OAAO,0BAA0B,CAAC,UAAU,EAAE,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;AACxF,CAAC;AAFD,8CAEC;AAED,SAAgB,mBAAmB,CAAC,UAAkB,EAAE,SAAkB;IACtE,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,4BAA4B,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC;QACrD,+DAA+D;QAC/D,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAPD,kDAOC;AAED,SAAgB,qBAAqB,CAAC,UAAkB;IACpD,OAAO,0BAA0B,CAAC,UAAU,EAAE,qBAAqB,EAAE,uCAAuC,CAAC,CAAC;AAClH,CAAC;AAFD,sDAEC;AAED,SAAgB,eAAe,CAAC,UAAkB;IAC9C,OAAO,0BAA0B,CAAC,UAAU,EAAE,cAAc,EAAE,uCAAuC,CAAC,CAAC;AAC3G,CAAC;AAFD,0CAEC;AAED,SAAgB,+BAA+B,CAAC,UAAkB,EAAE,SAAiB;IACjF,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,gCAAgC,GAAG,SAAS,GAAG,gCAAgC,CAAC,CAAC;AACzF,CAAC;AALD,0EAKC;AAED,SAAgB,wBAAwB,CAAC,UAAkB,EAAE,SAAiB;IAC1E,OAAO,0BAA0B,CAC7B,UAAU,EACV,gBAAgB,GAAG,GAAG,GAAG,qBAAqB,EAC9C,gCAAgC,GAAG,SAAS,GAAG,oCAAoC,CAAC,CAAC;AAC7F,CAAC;AALD,4DAKC;AAED,SAAgB,yCAAyC,CAAC,UAAkB;IACxE,OAAO,0BAA0B,GAAG,UAAU,GAAG,+BAA+B,CAAC;AACrF,CAAC;AAFD,8FAEC;AAED,SAAgB,qCAAqC,CAAC,UAAkB;IACpE,OAAO,0BAA0B,GAAG,UAAU,GAAG,kBAAkB,CAAC;AACxE,CAAC;AAFD,sFAEC;AAED,SAAS,0BAA0B,CAAC,UAAkB,EAAE,QAAgB,EAAE,KAAa;IACnF,OAAO,0BAA0B,GAAG,UAAU,GAAG,0BAA0B,GAAG,QAAQ,GAAG,IAAI,GAAG,KAAK,CAAC;AAC1G,CAAC;AAED,SAAS,UAAU;IACf,IAAI,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IAE9C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAE5B,qDAAqD;IACrD,IAAI,UAAU,KAAK,EAAE,EAAE;QACnB,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACjD,OAAO,MAAM,CAAC;KACjB;IAED,qDAAqD;IACrD,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC;IACnE,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;IAErD,2DAA2D;IAC3D,IAAI,CAAC,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,UAAU,CAAC,CAAC,CAAC;KAC1E;IAED,mCAAmC;IACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,UAAU,CAAC,CAAC,CAAC;KACtE;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;IAEtE,IAAI,aAAa,IAAI,UAAU,EAAE;QAC7B,IAAI,OAAO,UAAU,CAAC,aAAa,CAAC,KAAK,QAAQ,EAAE;YAC/C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;SAC/C;QACD,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;SAC/C;QACD,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;KAC3C;IAED,IAAI,gCAAgC,IAAI,UAAU,EAAE;QAChD,IAAI,OAAO,UAAU,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE;YACnE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,UAAU,CAAC,CAAC,CAAC;SAChE;QACD,MAAM,CAAC,qBAAqB,GAAG,UAAU,CAAC,gCAAgC,CAAC,CAAC;KAC/E;IAED,IAAI,gBAAgB,IAAI,UAAU,EAAE;QAChC,IAAI,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,YAAY,KAAK,CAAC,EAAE;YAClD,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;SAClD;QACD,UAAU,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YACzC,IAAI,CAAC,CAAC,qBAAqB,IAAI,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,qBAAqB,CAAC,KAAK,QAAQ,EAAE;gBACvF,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;aACpD;YACD,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;KACN;IAED,IAAI,qBAAqB,IAAI,UAAU,EAAE;QACrC,IAAI,CAAC,CAAC,UAAU,CAAC,qBAAqB,CAAC,YAAY,KAAK,CAAC,EAAE;YACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC;SACtD;QACD,UAAU,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YAC7C,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,EAAE,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC;aACtD;YACD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;KACN;IAED,IAAI,cAAc,IAAI,UAAU,EAAE;QAC9B,IAAI,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,YAAY,KAAK,CAAC,EAAE;YAChD,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC;SAChD;QACD,UAAU,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACtC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,EAAE,EAAE;gBACzC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC;aAChD;YACD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;KACN;IAED,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,eAAe;IACpB,OAAO,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,aAAa;IACzB,OAAO,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,QAAQ,CAAC,CAAC;AAClD,CAAC;AAFD,sCAEC;AAED,KAAK,UAAU,UAAU,CAAC,MAAc;IACpC,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACnC,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;AAC7B,CAAC;AAEM,KAAK,UAAU,UAAU;IAC5B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;QAC3B,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;KAEnC;SAAM;QACH,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QACnC,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC;KACjB;AACL,CAAC;AAfD,gCAeC"} \ No newline at end of file diff --git a/src/config-utils.ts b/src/config-utils.ts index 8a3d18e9b..cedf75c2f 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -51,8 +51,8 @@ export class Config { const localQueryPath = queryUses.slice(2); // Resolve the local path against the workspace so that when this is // passed to codeql it resolves to exactly the path we expect it to resolve to. - const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE'); - const absoluteQueryPath = path.join(workspacePath, localQueryPath); + const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE')); + const absoluteQueryPath = fs.realpathSync(path.join(workspacePath, localQueryPath)); // Check the file exists if (!fs.existsSync(absoluteQueryPath)) { @@ -60,7 +60,7 @@ export class Config { } // Check the local path doesn't jump outside the repo using '..' or symlinks - if (!(fs.realpathSync(absoluteQueryPath) + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) { + if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) { throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath)); }