From 726cfc8441d7881c8b00604443652a7f57da93ed Mon Sep 17 00:00:00 2001 From: Chris Gavin Date: Wed, 18 Nov 2020 21:14:45 +0000 Subject: [PATCH] Ensure unqualified program names are present on `PATH` before executing them. --- lib/actions-util.js | 3 +- lib/actions-util.js.map | 2 +- lib/external-queries.js | 5 +- lib/external-queries.js.map | 2 +- lib/external-queries.test.js | 3 +- lib/external-queries.test.js.map | 2 +- lib/init.js | 9 +-- lib/init.js.map | 2 +- lib/toolrunner-error-catcher.js | 3 +- lib/toolrunner-error-catcher.js.map | 2 +- node_modules/@chrisgavin/safe-which/README.md | 2 + .../@chrisgavin/safe-which/build/index.d.ts | 2 + .../@chrisgavin/safe-which/build/index.js | 40 ++++++++++ .../@chrisgavin/safe-which/build/index.js.map | 1 + .../safe-which/build/index.test.d.ts | 1 + .../safe-which/build/index.test.js | 75 +++++++++++++++++++ .../safe-which/build/index.test.js.map | 1 + .../@chrisgavin/safe-which/package.json | 32 ++++++++ package-lock.json | 5 ++ package.json | 1 + src/actions-util.ts | 25 ++++--- src/external-queries.test.ts | 25 ++++--- src/external-queries.ts | 5 +- src/init.ts | 12 +-- src/toolrunner-error-catcher.ts | 15 ++-- 25 files changed, 228 insertions(+), 47 deletions(-) create mode 100644 node_modules/@chrisgavin/safe-which/README.md create mode 100644 node_modules/@chrisgavin/safe-which/build/index.d.ts create mode 100644 node_modules/@chrisgavin/safe-which/build/index.js create mode 100644 node_modules/@chrisgavin/safe-which/build/index.js.map create mode 100644 node_modules/@chrisgavin/safe-which/build/index.test.d.ts create mode 100644 node_modules/@chrisgavin/safe-which/build/index.test.js create mode 100644 node_modules/@chrisgavin/safe-which/build/index.test.js.map create mode 100644 node_modules/@chrisgavin/safe-which/package.json diff --git a/lib/actions-util.js b/lib/actions-util.js index 5c89a4379..01d468d8a 100644 --- a/lib/actions-util.js +++ b/lib/actions-util.js @@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true }); const path = __importStar(require("path")); const core = __importStar(require("@actions/core")); const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner")); +const safeWhich = __importStar(require("@chrisgavin/safe-which")); const api = __importStar(require("./api-client")); const sharedEnv = __importStar(require("./shared-environment")); const util_1 = require("./util"); @@ -77,7 +78,7 @@ exports.getCommitOid = async function () { // reported on the merge commit. try { let commitOid = ""; - await new toolrunnner.ToolRunner("git", ["rev-parse", "HEAD"], { + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), ["rev-parse", "HEAD"], { silent: true, listeners: { stdout: (data) => { diff --git a/lib/actions-util.js.map b/lib/actions-util.js.map index 023ba93ce..6ee03098b 100644 --- a/lib/actions-util.js.map +++ b/lib/actions-util.js.map @@ -1 +1 @@ -{"version":3,"file":"actions-util.js","sourceRoot":"","sources":["../src/actions-util.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA6B;AAE7B,oDAAsC;AACtC,0EAA4D;AAE5D,kDAAoC;AACpC,gEAAkD;AAClD,iCAAuD;AAEvD;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAFD,4CAEC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAHD,4CAGC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;KAClE;IACD,IAAI,CAAC,KAAK,CAAC,GAAG,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAPD,kDAOC;AAED;;GAEG;AACH,SAAgB,0BAA0B;IACxC,IAAI,CAAC,iBAAU,EAAE,EAAE;QACjB,OAAO;KACR;IAED,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QAC3B,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;KAClD;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;QAC3C,IAAI,CAAC,cAAc,CACjB,4BAA4B,EAC5B,aAAa,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CACtC,CAAC;KACH;AACH,CAAC;AAfD,gEAeC;AAED;;GAEG;AACU,QAAA,YAAY,GAAG,KAAK;IAC/B,mEAAmE;IACnE,8EAA8E;IAC9E,6EAA6E;IAC7E,4EAA4E;IAC5E,2DAA2D;IAC3D,wEAAwE;IACxE,gCAAgC;IAChC,IAAI;QACF,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE;YAC7D,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE;gBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACf,SAAS,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC/B,CAAC;gBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;aACF;SACF,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;KACzB;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,IAAI,CACP,oFAAoF,CAAC,EAAE,CACxF,CAAC;QACF,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC;KAC1C;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,KAAK,UAAU,eAAe;IAC5B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,8CAA8C,EAC9C;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,MAAM,aAAa,GAAG,QAAQ,CAAC,mBAAmB,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAND,4CAMC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,OAAO,WAAW,CAAC;KACpB;IAED,MAAM,YAAY,GAAG,MAAM,eAAe,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAED;;GAEG;AACI,KAAK,UAAU,MAAM;IAC1B,0DAA0D;IAC1D,6DAA6D;IAC7D,MAAM,GAAG,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAE9C,+DAA+D;IAC/D,iEAAiE;IACjE,+DAA+D;IAC/D,kBAAkB;IAClB,MAAM,cAAc,GAAG,0BAA0B,CAAC;IAClD,MAAM,WAAW,GAAG,MAAM,oBAAY,EAAE,CAAC;IAEzC,IACE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;QACxB,WAAW,KAAK,mBAAmB,CAAC,YAAY,CAAC,EACjD;QACA,OAAO,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;KACzD;SAAM;QACL,OAAO,GAAG,CAAC;KACZ;AACH,CAAC;AApBD,wBAoBC;AAwCD;;;;;;;;GAQG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAsB,EACtB,MAAoB,EACpB,eAAqB,EACrB,KAAc,EACd,SAAkB;IAElB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC;IAC3B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACtD,IAAI,aAAa,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,gBAAgB,EAAE;QACpB,aAAa,GAAG,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAChD,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,IAAI,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAC1E,IAAI,iBAAiB,KAAK,SAAS,EAAE;QACnC,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC,cAAc,CACjB,SAAS,CAAC,0BAA0B,EACpC,iBAAiB,CAClB,CAAC;KACH;IACD,uGAAuG;IACvG,mDAAmD;IACnD,MAAM,SAAS,GAAG,oBAAoB,EAAE;QACtC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAErC,MAAM,YAAY,GAAqB;QACrC,eAAe,EAAE,aAAa;QAC9B,aAAa,EAAE,YAAY;QAC3B,QAAQ,EAAE,OAAO;QACjB,YAAY;QACZ,UAAU,EAAE,SAAS;QACrB,GAAG;QACH,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,iBAAiB;QAC7B,iBAAiB,EAAE,eAAe,CAAC,WAAW,EAAE;QAChD,MAAM;KACP,CAAC;IAEF,0BAA0B;IAC1B,IAAI,KAAK,EAAE;QACT,YAAY,CAAC,KAAK,GAAG,KAAK,CAAC;KAC5B;IACD,IAAI,SAAS,EAAE;QACb,YAAY,CAAC,SAAS,GAAG,SAAS,CAAC;KACpC;IACD,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,EAAE;QACxE,YAAY,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;KACtD;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,YAAY,CAAC,WAAW,GAAG,MAAM,CAAC;KACnC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AA9DD,wDA8DC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,gBAAgB,CACpC,YAAe,EACf,cAAwB;IAExB,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,KAAK,wBAAiB,EAAE;QAClE,IAAI,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,iBAAU,EAAE,EAAE;QAChB,IAAI,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC;KACb;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACtD,IAAI,CAAC,KAAK,CAAC,0BAA0B,gBAAgB,EAAE,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,OAAO,CACzC,uDAAuD,EACvD;QACE,KAAK;QACL,IAAI;QACJ,IAAI,EAAE,gBAAgB;KACvB,CACF,CAAC;IAEF,IAAI,CAAC,cAAc,EAAE;QACnB,oFAAoF;QACpF,+EAA+E;QAC/E,8DAA8D;QAC9D,EAAE;QACF,+EAA+E;QAC/E,4BAA4B;QAC5B,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE;YACjC,IAAI,CAAC,SAAS,CACZ,mFAAmF,CACpF,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE;YACjC,IAAI,CAAC,SAAS,CACZ,uEAAuE,CACxE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAnDD,4CAmDC;AAED,gHAAgH;AAChH,+EAA+E;AAC/E,SAAgB,oBAAoB;IAClC,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;IACnD,OAAO,CACL,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAC3E,CAAC;AACJ,CAAC;AALD,oDAKC;AAED,sDAAsD;AACtD,oFAAoF;AACpF,SAAgB,qBAAqB;IACnC,MAAM,UAAU,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAJD,sDAIC"} \ No newline at end of file +{"version":3,"file":"actions-util.js","sourceRoot":"","sources":["../src/actions-util.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA6B;AAE7B,oDAAsC;AACtC,0EAA4D;AAC5D,kEAAoD;AAEpD,kDAAoC;AACpC,gEAAkD;AAClD,iCAAuD;AAEvD;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAFD,4CAEC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,IAAY;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAHD,4CAGC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,SAAS,mCAAmC,CAAC,CAAC;KAClE;IACD,IAAI,CAAC,KAAK,CAAC,GAAG,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC;IACpC,OAAO,KAAK,CAAC;AACf,CAAC;AAPD,kDAOC;AAED;;GAEG;AACH,SAAgB,0BAA0B;IACxC,IAAI,CAAC,iBAAU,EAAE,EAAE;QACjB,OAAO;KACR;IAED,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QAC3B,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;KAClD;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE;QAC3C,IAAI,CAAC,cAAc,CACjB,4BAA4B,EAC5B,aAAa,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CACtC,CAAC;KACH;AACH,CAAC;AAfD,gEAeC;AAED;;GAEG;AACU,QAAA,YAAY,GAAG,KAAK;IAC/B,mEAAmE;IACnE,8EAA8E;IAC9E,6EAA6E;IAC7E,4EAA4E;IAC5E,2DAA2D;IAC3D,wEAAwE;IACxE,gCAAgC;IAChC,IAAI;QACF,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,CAAC,WAAW,EAAE,MAAM,CAAC,EACrB;YACE,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE;gBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACf,SAAS,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC/B,CAAC;gBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;oBACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;aACF;SACF,CACF,CAAC,IAAI,EAAE,CAAC;QACT,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC;KACzB;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,IAAI,CACP,oFAAoF,CAAC,EAAE,CACxF,CAAC;QACF,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC;KAC1C;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,KAAK,UAAU,eAAe;IAC5B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,8CAA8C,EAC9C;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,MAAM,aAAa,GAAG,QAAQ,CAAC,mBAAmB,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,CAAC;IACzE,IAAI,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAND,4CAMC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,OAAO,WAAW,CAAC;KACpB;IAED,MAAM,YAAY,GAAG,MAAM,eAAe,EAAE,CAAC;IAC7C,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAED;;GAEG;AACI,KAAK,UAAU,MAAM;IAC1B,0DAA0D;IAC1D,6DAA6D;IAC7D,MAAM,GAAG,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAE9C,+DAA+D;IAC/D,iEAAiE;IACjE,+DAA+D;IAC/D,kBAAkB;IAClB,MAAM,cAAc,GAAG,0BAA0B,CAAC;IAClD,MAAM,WAAW,GAAG,MAAM,oBAAY,EAAE,CAAC;IAEzC,IACE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;QACxB,WAAW,KAAK,mBAAmB,CAAC,YAAY,CAAC,EACjD;QACA,OAAO,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;KACzD;SAAM;QACL,OAAO,GAAG,CAAC;KACZ;AACH,CAAC;AApBD,wBAoBC;AAwCD;;;;;;;;GAQG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAsB,EACtB,MAAoB,EACpB,eAAqB,EACrB,KAAc,EACd,SAAkB;IAElB,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,MAAM,EAAE,CAAC;IAC3B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACtD,IAAI,aAAa,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,gBAAgB,EAAE;QACpB,aAAa,GAAG,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAChD,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,IAAI,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAC1E,IAAI,iBAAiB,KAAK,SAAS,EAAE;QACnC,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC,cAAc,CACjB,SAAS,CAAC,0BAA0B,EACpC,iBAAiB,CAClB,CAAC;KACH;IACD,uGAAuG;IACvG,mDAAmD;IACnD,MAAM,SAAS,GAAG,oBAAoB,EAAE;QACtC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IAErC,MAAM,YAAY,GAAqB;QACrC,eAAe,EAAE,aAAa;QAC9B,aAAa,EAAE,YAAY;QAC3B,QAAQ,EAAE,OAAO;QACjB,YAAY;QACZ,UAAU,EAAE,SAAS;QACrB,GAAG;QACH,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,iBAAiB;QAC7B,iBAAiB,EAAE,eAAe,CAAC,WAAW,EAAE;QAChD,MAAM;KACP,CAAC;IAEF,0BAA0B;IAC1B,IAAI,KAAK,EAAE;QACT,YAAY,CAAC,KAAK,GAAG,KAAK,CAAC;KAC5B;IACD,IAAI,SAAS,EAAE;QACb,YAAY,CAAC,SAAS,GAAG,SAAS,CAAC;KACpC;IACD,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,EAAE;QACxE,YAAY,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;KACtD;IACD,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,YAAY,CAAC,WAAW,GAAG,MAAM,CAAC;KACnC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AA9DD,wDA8DC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,gBAAgB,CACpC,YAAe,EACf,cAAwB;IAExB,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,KAAK,wBAAiB,EAAE;QAClE,IAAI,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,iBAAU,EAAE,EAAE;QAChB,IAAI,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC;KACb;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACtD,IAAI,CAAC,KAAK,CAAC,0BAA0B,gBAAgB,EAAE,CAAC,CAAC;IAEzD,MAAM,GAAG,GAAG,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;IACrD,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACzC,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,OAAO,CACzC,uDAAuD,EACvD;QACE,KAAK;QACL,IAAI;QACJ,IAAI,EAAE,gBAAgB;KACvB,CACF,CAAC;IAEF,IAAI,CAAC,cAAc,EAAE;QACnB,oFAAoF;QACpF,+EAA+E;QAC/E,8DAA8D;QAC9D,EAAE;QACF,+EAA+E;QAC/E,4BAA4B;QAC5B,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE;YACjC,IAAI,CAAC,SAAS,CACZ,mFAAmF,CACpF,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,IAAI,cAAc,CAAC,MAAM,KAAK,GAAG,EAAE;YACjC,IAAI,CAAC,SAAS,CACZ,uEAAuE,CACxE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAnDD,4CAmDC;AAED,gHAAgH;AAChH,+EAA+E;AAC/E,SAAgB,oBAAoB;IAClC,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;IACnD,OAAO,CACL,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAC3E,CAAC;AACJ,CAAC;AALD,oDAKC;AAED,sDAAsD;AACtD,oFAAoF;AACpF,SAAgB,qBAAqB;IACnC,MAAM,UAAU,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;AACrD,CAAC;AAJD,sDAIC"} \ No newline at end of file diff --git a/lib/external-queries.js b/lib/external-queries.js index 02ce44593..7e9e7c025 100644 --- a/lib/external-queries.js +++ b/lib/external-queries.js @@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true }); const fs = __importStar(require("fs")); const path = __importStar(require("path")); const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner")); +const safeWhich = __importStar(require("@chrisgavin/safe-which")); /** * Check out repository at the given ref, and return the directory of the checkout. */ @@ -22,12 +23,12 @@ async function checkoutExternalRepository(repository, ref, githubUrl, tempDir, l } if (!fs.existsSync(checkoutLocation)) { const repoURL = `${githubUrl}/${repository}`; - await new toolrunnner.ToolRunner("git", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [ "clone", repoURL, checkoutLocation, ]).exec(); - await new toolrunnner.ToolRunner("git", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [ `--work-tree=${checkoutLocation}`, `--git-dir=${checkoutLocation}/.git`, "checkout", diff --git a/lib/external-queries.js.map b/lib/external-queries.js.map index 37db38c2a..ceea01843 100644 --- a/lib/external-queries.js.map +++ b/lib/external-queries.js.map @@ -1 +1 @@ -{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAI5D;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CACb,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAClE,CAAC;KACH;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,OAAO;YACP,OAAO;YACP,gBAAgB;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,eAAe,gBAAgB,EAAE;YACjC,aAAa,gBAAgB,OAAO;YACpC,UAAU;YACV,GAAG;SACJ,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAlCD,gEAkCC"} \ No newline at end of file +{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAC5D,kEAAoD;AAIpD;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CACb,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAClE,CAAC;KACH;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YACjE,OAAO;YACP,OAAO;YACP,gBAAgB;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YACjE,eAAe,gBAAgB,EAAE;YACjC,aAAa,gBAAgB,OAAO;YACpC,UAAU;YACV,GAAG;SACJ,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAlCD,gEAkCC"} \ No newline at end of file diff --git a/lib/external-queries.test.js b/lib/external-queries.test.js index 5a2b973d7..f14cac127 100644 --- a/lib/external-queries.test.js +++ b/lib/external-queries.test.js @@ -13,6 +13,7 @@ Object.defineProperty(exports, "__esModule", { value: true }); const fs = __importStar(require("fs")); const path = __importStar(require("path")); const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner")); +const safeWhich = __importStar(require("@chrisgavin/safe-which")); const ava_1 = __importDefault(require("ava")); const externalQueries = __importStar(require("./external-queries")); const logging_1 = require("./logging"); @@ -43,7 +44,7 @@ ava_1.default("checkoutExternalQueries", async (t) => { ]; console.log(`Running: git ${command.join(" ")}`); try { - await new toolrunnner.ToolRunner("git", command, { + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), command, { silent: true, listeners: { stdout: (data) => { diff --git a/lib/external-queries.test.js.map b/lib/external-queries.test.js.map index 0cb9b6600..1df24ce5a 100644 --- a/lib/external-queries.test.js.map +++ b/lib/external-queries.test.js.map @@ -1 +1 @@ -{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAC5D,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE;oBAC/C,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CAAC,CAAC,IAAI,EAAE,CAAC;aACX;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"} \ No newline at end of file +{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAC5D,kEAAoD;AACpD,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,OAAO,EACP;oBACE,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CACF,CAAC,IAAI,EAAE,CAAC;aACV;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"} \ No newline at end of file diff --git a/lib/init.js b/lib/init.js index cdabd23b1..7af46689b 100644 --- a/lib/init.js +++ b/lib/init.js @@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true }); const fs = __importStar(require("fs")); const path = __importStar(require("path")); const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner")); +const safeWhich = __importStar(require("@chrisgavin/safe-which")); const analysisPaths = __importStar(require("./analysis-paths")); const codeql_1 = require("./codeql"); const configUtils = __importStar(require("./config-utils")); @@ -116,7 +117,7 @@ async function injectWindowsTracer(processName, processLevel, config, codeql, tr } const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1"); fs.writeFileSync(injectTracerPath, script); - await new toolrunnner.ToolRunner("powershell", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("powershell"), [ "-ExecutionPolicy", "Bypass", "-file", @@ -132,9 +133,7 @@ async function installPythonDeps(codeql, logger) { if (process.env["ImageOS"] !== undefined) { try { if (process.platform === "win32") { - await new toolrunnner.ToolRunner("powershell", [ - path.join(scriptsFolder, "install_tools.ps1"), - ]).exec(); + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("powershell"), [path.join(scriptsFolder, "install_tools.ps1")]).exec(); } else { await new toolrunnner.ToolRunner(path.join(scriptsFolder, "install_tools.sh")).exec(); @@ -152,7 +151,7 @@ async function installPythonDeps(codeql, logger) { try { const script = "auto_install_packages.py"; if (process.platform === "win32") { - await new toolrunnner.ToolRunner("py", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("py"), [ "-3", path.join(scriptsFolder, script), path.dirname(codeql.getPath()), diff --git a/lib/init.js.map b/lib/init.js.map index fb64b2d6d..23fe231a4 100644 --- a/lib/init.js.map +++ b/lib/init.js.map @@ -1 +1 @@ -{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAE5D,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,oBAAW,CAChD,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AAtBD,gCAsBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,IAAI,EACJ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAhCD,gCAgCC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EACpD,QAAQ,EACR,UAAU,CACX,CAAC;KACH;IAED,OAAO,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAnBD,0BAmBC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,YAAY,EACZ;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,2CAA2C;IAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE;QACxC,IAAI;YACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;gBAChC,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,YAAY,EAAE;oBAC7C,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;iBAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;aACX;iBAAM;gBACL,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;aACV;SACF;QAAC,OAAO,CAAC,EAAE;YACV,mGAAmG;YACnG,uDAAuD;YACvD,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,OAAO,CACZ,kLAAkL,CACnL,CAAC;YACF,OAAO;SACR;KACF;IAED,uBAAuB;IACvB,IAAI;QACF,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,EAAE;gBACrC,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBACjE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,+IAA+I,CAChJ,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAlDD,8CAkDC"} \ No newline at end of file +{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,0EAA4D;AAC5D,kEAAoD;AAEpD,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,oBAAW,CAChD,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AAtBD,gCAsBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,IAAI,EACJ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAhCD,gCAgCC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EACpD,QAAQ,EACR,UAAU,CACX,CAAC;KACH;IAED,OAAO,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAnBD,0BAmBC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,2CAA2C;IAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,SAAS,EAAE;QACxC,IAAI;YACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;gBAChC,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC,CAChD,CAAC,IAAI,EAAE,CAAC;aACV;iBAAM;gBACL,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;aACV;SACF;QAAC,OAAO,CAAC,EAAE;YACV,mGAAmG;YACnG,uDAAuD;YACvD,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,OAAO,CACZ,kLAAkL,CACnL,CAAC;YACF,OAAO;SACR;KACF;IAED,uBAAuB;IACvB,IAAI;QACF,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAChE,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBACjE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,+IAA+I,CAChJ,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAnDD,8CAmDC"} \ No newline at end of file diff --git a/lib/toolrunner-error-catcher.js b/lib/toolrunner-error-catcher.js index 1e995c555..f64e36e1d 100644 --- a/lib/toolrunner-error-catcher.js +++ b/lib/toolrunner-error-catcher.js @@ -8,6 +8,7 @@ var __importStar = (this && this.__importStar) || function (mod) { }; Object.defineProperty(exports, "__esModule", { value: true }); const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner")); +const safeWhich = __importStar(require("@chrisgavin/safe-which")); /** * Wrapper for toolrunner.Toolrunner which checks for specific return code and/or regex matches in console output. * Output will be streamed to the live console as well as captured for subsequent processing. @@ -50,7 +51,7 @@ async function toolrunnerErrorCatcher(commandLine, args, matchers, options) { // we capture the original return code or error so that if no match is found we can duplicate the behavior let returnState; try { - returnState = await new toolrunnner.ToolRunner(commandLine, args, { + returnState = await new toolrunnner.ToolRunner(await safeWhich.safeWhich(commandLine), args, { ...options, listeners, ignoreReturnCode: true, diff --git a/lib/toolrunner-error-catcher.js.map b/lib/toolrunner-error-catcher.js.map index 512e2d265..b5f08d640 100644 --- a/lib/toolrunner-error-catcher.js.map +++ b/lib/toolrunner-error-catcher.js.map @@ -1 +1 @@ -{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;AACA,0EAA4D;AAI5D;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,WAA2B,CAAC;IAChC,IAAI;QACF,WAAW,GAAG,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE;YAChE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAAC,OAAO,CAAC,EAAE;QACV,WAAW,GAAG,CAAC,CAAC;KACjB;IAED,mEAAmE;IACnE,IAAI,WAAW,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IAE1C,IAAI,QAAQ,EAAE;QACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;YAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,WAAW,WAChC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,WACjC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,EACjC;gBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;aAClC;SACF;KACF;IAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;QACnC,qFAAqF;QACrF,UAAI,OAAO,0CAAE,gBAAgB,EAAE;YAC7B,OAAO,WAAW,CAAC;SACpB;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,WAAW,EAAE,CACpE,CAAC;SACH;KACF;SAAM;QACL,MAAM,WAAW,CAAC;KACnB;AACH,CAAC;AArED,wDAqEC"} \ No newline at end of file +{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;AACA,0EAA4D;AAC5D,kEAAoD;AAIpD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,WAA2B,CAAC;IAChC,IAAI;QACF,WAAW,GAAG,MAAM,IAAI,WAAW,CAAC,UAAU,CAC5C,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI;SACvB,CACF,CAAC,IAAI,EAAE,CAAC;KACV;IAAC,OAAO,CAAC,EAAE;QACV,WAAW,GAAG,CAAC,CAAC;KACjB;IAED,mEAAmE;IACnE,IAAI,WAAW,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IAE1C,IAAI,QAAQ,EAAE;QACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;YAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,WAAW,WAChC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,WACjC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,EACjC;gBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;aAClC;SACF;KACF;IAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;QACnC,qFAAqF;QACrF,UAAI,OAAO,0CAAE,gBAAgB,EAAE;YAC7B,OAAO,WAAW,CAAC;SACpB;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,WAAW,EAAE,CACpE,CAAC;SACH;KACF;SAAM;QACL,MAAM,WAAW,CAAC;KACnB;AACH,CAAC;AAzED,wDAyEC"} \ No newline at end of file diff --git a/node_modules/@chrisgavin/safe-which/README.md b/node_modules/@chrisgavin/safe-which/README.md new file mode 100644 index 000000000..168eb14d6 --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/README.md @@ -0,0 +1,2 @@ +# safe-which +A NodeJS library to guard against Windows binary planting attacks. diff --git a/node_modules/@chrisgavin/safe-which/build/index.d.ts b/node_modules/@chrisgavin/safe-which/build/index.d.ts new file mode 100644 index 000000000..600c9885b --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.d.ts @@ -0,0 +1,2 @@ +export declare const isWindows: boolean; +export declare function safeWhich(program: string): Promise; diff --git a/node_modules/@chrisgavin/safe-which/build/index.js b/node_modules/@chrisgavin/safe-which/build/index.js new file mode 100644 index 000000000..39264dd32 --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.js @@ -0,0 +1,40 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.safeWhich = exports.isWindows = void 0; +const fs = require("fs"); +const path = require("path"); +exports.isWindows = process.platform === "win32"; +const pathSeparator = exports.isWindows ? ";" : ":"; +const defaultPathExt = exports.isWindows ? [".com", ".exe", ".bat", ".cmd"] : [""]; +async function safeWhich(program) { + if (program.includes("/") || (program.includes("\\") && exports.isWindows)) { + // If the path contains slashes it's either absolute or relative and should not be searched for. + return program; + } + let pathValue = process.env.PATH; + if (pathValue === undefined) { + throw new Error(`Could not resolve program ${program} because no PATH environment variable was set.`); + } + let searchPaths = pathValue.split(pathSeparator); + let pathExts = defaultPathExt; + if (exports.isWindows && process.env.PATHEXT !== undefined) { + pathExts = process.env.PATHEXT.split(pathSeparator); + } + for (let searchPath of searchPaths) { + for (let pathExt of pathExts) { + let completePath = path.join(searchPath, program + pathExt); + try { + await fs.promises.access(completePath, fs.constants.X_OK); + return completePath; + } + catch (err) { + if (err.code !== "ENOENT") { + throw err; + } + } + } + } + throw new Error(`Could not find program ${program} on PATH.`); +} +exports.safeWhich = safeWhich; +//# sourceMappingURL=index.js.map \ No newline at end of file diff --git a/node_modules/@chrisgavin/safe-which/build/index.js.map b/node_modules/@chrisgavin/safe-which/build/index.js.map new file mode 100644 index 000000000..efdb60e0d --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.js.map @@ -0,0 +1 @@ +{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAA6B;AAEhB,QAAA,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AACtD,MAAM,aAAa,GAAG,iBAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC5C,MAAM,cAAc,GAAG,iBAAS,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AAEpE,KAAK,UAAU,SAAS,CAAC,OAAe;IAC9C,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,iBAAS,CAAC,EAAE;QACnE,gGAAgG;QAChG,OAAO,OAAO,CAAC;KACf;IAED,IAAI,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;IACjC,IAAI,SAAS,KAAK,SAAS,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,gDAAgD,CAAC,CAAC;KACtG;IACD,IAAI,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACjD,IAAI,QAAQ,GAAG,cAAc,CAAC;IAC9B,IAAI,iBAAS,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE;QACnD,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;KACpD;IAED,KAAK,IAAI,UAAU,IAAI,WAAW,EAAE;QACnC,KAAK,IAAI,OAAO,IAAI,QAAQ,EAAE;YAC7B,IAAI,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC;YAC5D,IAAI;gBACH,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC1D,OAAO,YAAY,CAAC;aACpB;YACD,OAAO,GAAG,EAAE;gBACX,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE;oBAC1B,MAAM,GAAG,CAAC;iBACV;aACD;SACD;KACD;IAED,MAAM,IAAI,KAAK,CAAC,0BAA0B,OAAO,WAAW,CAAC,CAAC;AAC/D,CAAC;AAhCD,8BAgCC"} \ No newline at end of file diff --git a/node_modules/@chrisgavin/safe-which/build/index.test.d.ts b/node_modules/@chrisgavin/safe-which/build/index.test.d.ts new file mode 100644 index 000000000..cb0ff5c3b --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.test.d.ts @@ -0,0 +1 @@ +export {}; diff --git a/node_modules/@chrisgavin/safe-which/build/index.test.js b/node_modules/@chrisgavin/safe-which/build/index.test.js new file mode 100644 index 000000000..8c5d92e62 --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.test.js @@ -0,0 +1,75 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +const ava_1 = require("ava"); +const index_1 = require("./index"); +const path = require("path"); +const originalEnv = process.env; +const originalWorkingDirectory = process.cwd(); +const testResources = path.resolve(path.join("src", "index.test")); +ava_1.default.beforeEach(_ => { + process.env = { ...originalEnv }; +}); +ava_1.default.afterEach(_ => { + process.env = originalEnv; + process.chdir(originalWorkingDirectory); +}); +ava_1.default("relative path with forward-slash is returned as-is", async (t) => { + process.env.PATH = path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("./anything"), "./anything"); +}); +ava_1.default("absolute path with forward-slash is returned as-is", async (t) => { + process.env.PATH = path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("/usr/bin/anything"), "/usr/bin/anything"); +}); +ava_1.default("binaries in cwd are not returned", async (t) => { + process.env.PATH = path.join(testResources, "empty"); + process.chdir(path.join(testResources, "path")); + await t.throwsAsync(index_1.safeWhich("program")); + await t.throwsAsync(index_1.safeWhich("has-an-extension")); + await t.throwsAsync(index_1.safeWhich("has-an-extension.exe")); +}); +if (index_1.isWindows) { + ava_1.default("program is found if on path with correct extension preference", async (t) => { + process.env.PATH = path.join(testResources, "path"); + process.env.PATHEXT = ".com;.exe"; + t.deepEqual(await index_1.safeWhich("has-an-extension"), path.join(testResources, "path", "has-an-extension.com")); + process.env.PATHEXT = ".exe;.com"; + t.deepEqual(await index_1.safeWhich("has-an-extension"), path.join(testResources, "path", "has-an-extension.exe")); + }); + ava_1.default("program is not found if no extension", async (t) => { + process.env.PATH = path.join(testResources, "path"); + await t.throwsAsync(index_1.safeWhich("program")); + }); + ava_1.default("relative path with backward-slash is returned as-is", async (t) => { + process.env.PATH = path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich(".\\anything"), ".\\anything"); + }); + ava_1.default("absolute path with backward-slash is returned as-is", async (t) => { + process.env.PATH = path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("C:\\Python27\\python.exe"), "C:\\Python27\\python.exe"); + }); + ava_1.default("path order is respected", async (t) => { + process.env.PATHEXT = ".com;.exe;.bat"; + process.env.PATH = path.join(testResources, "path") + ";" + path.join(testResources, "second-path"); + t.deepEqual(await index_1.safeWhich("has-an-extension"), path.join(testResources, "path", "has-an-extension.com")); + process.env.PATH = path.join(testResources, "second-path") + ";" + path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("has-an-extension"), path.join(testResources, "second-path", "has-an-extension.bat")); + }); +} +else { + ava_1.default("program is found if on path and executable", async (t) => { + process.env.PATH = path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("program"), path.join(testResources, "path", "program")); + }); + ava_1.default("program is not found if not executable", async (t) => { + process.env.PATH = path.join(testResources, "path"); + await t.throwsAsync(index_1.safeWhich("non-executable-file")); + }); + ava_1.default("path order is respected", async (t) => { + process.env.PATH = path.join(testResources, "path") + ":" + path.join(testResources, "second-path"); + t.deepEqual(await index_1.safeWhich("program"), path.join(testResources, "path", "program")); + process.env.PATH = path.join(testResources, "second-path") + ":" + path.join(testResources, "path"); + t.deepEqual(await index_1.safeWhich("program"), path.join(testResources, "second-path", "program")); + }); +} +//# sourceMappingURL=index.test.js.map \ No newline at end of file diff --git a/node_modules/@chrisgavin/safe-which/build/index.test.js.map b/node_modules/@chrisgavin/safe-which/build/index.test.js.map new file mode 100644 index 000000000..17ae0bb76 --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/build/index.test.js.map @@ -0,0 +1 @@ +{"version":3,"file":"index.test.js","sourceRoot":"","sources":["../src/index.test.ts"],"names":[],"mappings":";;AAAA,6BAAuB;AACvB,mCAA+C;AAC/C,6BAA6B;AAE7B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;AAChC,MAAM,wBAAwB,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;AAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC;AAEnE,aAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;IACnB,OAAO,CAAC,GAAG,GAAG,EAAC,GAAG,WAAW,EAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;IAClB,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;IAC1B,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,oDAAoD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACtE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,oDAAoD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACtE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,kCAAkC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACrD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;IAChD,MAAM,CAAC,CAAC,WAAW,CAAC,iBAAS,CAAC,SAAS,CAAC,CAAC,CAAC;IAC1C,MAAM,CAAC,CAAC,WAAW,CAAC,iBAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACnD,MAAM,CAAC,CAAC,WAAW,CAAC,iBAAS,CAAC,sBAAsB,CAAC,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,IAAI,iBAAS,EAAE;IACd,aAAI,CAAC,+DAA+D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjF,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,WAAW,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC3G,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,WAAW,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;IAC5G,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,sCAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxD,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,WAAW,CAAC,iBAAS,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,qDAAqD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,aAAa,CAAC,EAAE,aAAa,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,qDAAqD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvE,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,0BAA0B,CAAC,EAAE,0BAA0B,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3C,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,gBAAgB,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QACpG,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC3G,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpG,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,EAAE,sBAAsB,CAAC,CAAC,CAAC;IACnH,CAAC,CAAC,CAAC;CACH;KACI;IACJ,aAAI,CAAC,4CAA4C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9D,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,wCAAwC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1D,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,CAAC,CAAC,WAAW,CAAC,iBAAS,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3C,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;QACpG,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACpG,CAAC,CAAC,SAAS,CAAC,MAAM,iBAAS,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7F,CAAC,CAAC,CAAC;CACH"} \ No newline at end of file diff --git a/node_modules/@chrisgavin/safe-which/package.json b/node_modules/@chrisgavin/safe-which/package.json new file mode 100644 index 000000000..c1cb30621 --- /dev/null +++ b/node_modules/@chrisgavin/safe-which/package.json @@ -0,0 +1,32 @@ +{ + "name": "@chrisgavin/safe-which", + "version": "1.0.2", + "description": "A NodeJS library to guard against Windows binary planting attacks.", + "license": "MIT", + "homepage": "https://github.com/chrisgavin/safe-which/", + "publishConfig": { + "access": "public" + }, + "main": "./build/index.js", + "types": "./build/index.d.ts", + "scripts": { + "build": "tsc", + "pretest": "npm install && npm run build", + "test": "ava --verbose --serial ./src/**", + "prepublishOnly": "npm install && npm run build && npm version --allow-same-version=true --git-tag-version=false ${GITHUB_REF#refs/tags/}" + }, + "dependencies": {}, + "devDependencies": { + "@ava/typescript": "^1.1.1", + "@types/node": "^14.14.7", + "ava": "^3.13.0", + "typescript": "^3.8.3" + }, + "ava": { + "typescript": { + "rewritePaths": { + "./src/": "./build/" + } + } + } +} \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 2800c4980..bece37129 100644 --- a/package-lock.json +++ b/package-lock.json @@ -112,6 +112,11 @@ "js-tokens": "^4.0.0" } }, + "@chrisgavin/safe-which": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@chrisgavin/safe-which/-/safe-which-1.0.2.tgz", + "integrity": "sha512-xImXYK6iJvLEDMevGCs5s05iKoFn3ARFShBswRFeWeHp6P1Z0jlYmKcK5+M2TtDoWuz45ay1unmNvV/8t66F2g==" + }, "@concordance/react": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/@concordance/react/-/react-2.0.0.tgz", diff --git a/package.json b/package.json index 8f1880c64..454ab1927 100644 --- a/package.json +++ b/package.json @@ -24,6 +24,7 @@ "@actions/github": "^4.0.0", "@actions/http-client": "^1.0.8", "@actions/tool-cache": "^1.5.5", + "@chrisgavin/safe-which": "^1.0.2", "@octokit/plugin-retry": "^3.0.3", "@octokit/types": "^5.5.0", "commander": "^6.0.0", diff --git a/src/actions-util.ts b/src/actions-util.ts index e64bdb91f..775c09c5e 100644 --- a/src/actions-util.ts +++ b/src/actions-util.ts @@ -2,6 +2,7 @@ import * as path from "path"; import * as core from "@actions/core"; import * as toolrunnner from "@actions/exec/lib/toolrunner"; +import * as safeWhich from "@chrisgavin/safe-which"; import * as api from "./api-client"; import * as sharedEnv from "./shared-environment"; @@ -75,17 +76,21 @@ export const getCommitOid = async function (): Promise { // reported on the merge commit. try { let commitOid = ""; - await new toolrunnner.ToolRunner("git", ["rev-parse", "HEAD"], { - silent: true, - listeners: { - stdout: (data) => { - commitOid += data.toString(); + await new toolrunnner.ToolRunner( + await safeWhich.safeWhich("git"), + ["rev-parse", "HEAD"], + { + silent: true, + listeners: { + stdout: (data) => { + commitOid += data.toString(); + }, + stderr: (data) => { + process.stderr.write(data); + }, }, - stderr: (data) => { - process.stderr.write(data); - }, - }, - }).exec(); + } + ).exec(); return commitOid.trim(); } catch (e) { core.info( diff --git a/src/external-queries.test.ts b/src/external-queries.test.ts index 0ade92f62..2ca1e1f6d 100644 --- a/src/external-queries.test.ts +++ b/src/external-queries.test.ts @@ -2,6 +2,7 @@ import * as fs from "fs"; import * as path from "path"; import * as toolrunnner from "@actions/exec/lib/toolrunner"; +import * as safeWhich from "@chrisgavin/safe-which"; import test from "ava"; import * as externalQueries from "./external-queries"; @@ -36,17 +37,21 @@ test("checkoutExternalQueries", async (t) => { ]; console.log(`Running: git ${command.join(" ")}`); try { - await new toolrunnner.ToolRunner("git", command, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); + await new toolrunnner.ToolRunner( + await safeWhich.safeWhich("git"), + command, + { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + }, }, - stderr: (data) => { - stderr += data.toString(); - }, - }, - }).exec(); + } + ).exec(); } catch (e) { console.log(`Command failed: git ${command.join(" ")}`); process.stderr.write(stderr); diff --git a/src/external-queries.ts b/src/external-queries.ts index 3a272b40d..c5ac413cf 100644 --- a/src/external-queries.ts +++ b/src/external-queries.ts @@ -2,6 +2,7 @@ import * as fs from "fs"; import * as path from "path"; import * as toolrunnner from "@actions/exec/lib/toolrunner"; +import * as safeWhich from "@chrisgavin/safe-which"; import { Logger } from "./logging"; @@ -28,12 +29,12 @@ export async function checkoutExternalRepository( if (!fs.existsSync(checkoutLocation)) { const repoURL = `${githubUrl}/${repository}`; - await new toolrunnner.ToolRunner("git", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [ "clone", repoURL, checkoutLocation, ]).exec(); - await new toolrunnner.ToolRunner("git", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [ `--work-tree=${checkoutLocation}`, `--git-dir=${checkoutLocation}/.git`, "checkout", diff --git a/src/init.ts b/src/init.ts index 5638720b4..fd69358a4 100644 --- a/src/init.ts +++ b/src/init.ts @@ -2,6 +2,7 @@ import * as fs from "fs"; import * as path from "path"; import * as toolrunnner from "@actions/exec/lib/toolrunner"; +import * as safeWhich from "@chrisgavin/safe-which"; import * as analysisPaths from "./analysis-paths"; import { CodeQL, setupCodeQL } from "./codeql"; @@ -172,7 +173,7 @@ export async function injectWindowsTracer( fs.writeFileSync(injectTracerPath, script); await new toolrunnner.ToolRunner( - "powershell", + await safeWhich.safeWhich("powershell"), [ "-ExecutionPolicy", "Bypass", @@ -198,9 +199,10 @@ export async function installPythonDeps(codeql: CodeQL, logger: Logger) { if (process.env["ImageOS"] !== undefined) { try { if (process.platform === "win32") { - await new toolrunnner.ToolRunner("powershell", [ - path.join(scriptsFolder, "install_tools.ps1"), - ]).exec(); + await new toolrunnner.ToolRunner( + await safeWhich.safeWhich("powershell"), + [path.join(scriptsFolder, "install_tools.ps1")] + ).exec(); } else { await new toolrunnner.ToolRunner( path.join(scriptsFolder, "install_tools.sh") @@ -221,7 +223,7 @@ export async function installPythonDeps(codeql: CodeQL, logger: Logger) { try { const script = "auto_install_packages.py"; if (process.platform === "win32") { - await new toolrunnner.ToolRunner("py", [ + await new toolrunnner.ToolRunner(await safeWhich.safeWhich("py"), [ "-3", path.join(scriptsFolder, script), path.dirname(codeql.getPath()), diff --git a/src/toolrunner-error-catcher.ts b/src/toolrunner-error-catcher.ts index 277ea4261..864da5e82 100644 --- a/src/toolrunner-error-catcher.ts +++ b/src/toolrunner-error-catcher.ts @@ -1,5 +1,6 @@ import * as im from "@actions/exec/lib/interfaces"; import * as toolrunnner from "@actions/exec/lib/toolrunner"; +import * as safeWhich from "@chrisgavin/safe-which"; import { ErrorMatcher } from "./error-matcher"; @@ -47,11 +48,15 @@ export async function toolrunnerErrorCatcher( // we capture the original return code or error so that if no match is found we can duplicate the behavior let returnState: Error | number; try { - returnState = await new toolrunnner.ToolRunner(commandLine, args, { - ...options, // we want to override the original options, so include them first - listeners, - ignoreReturnCode: true, // so we can check for specific codes using the matchers - }).exec(); + returnState = await new toolrunnner.ToolRunner( + await safeWhich.safeWhich(commandLine), + args, + { + ...options, // we want to override the original options, so include them first + listeners, + ignoreReturnCode: true, // so we can check for specific codes using the matchers + } + ).exec(); } catch (e) { returnState = e; }