@@ -583658,25 +583658,54 @@ const stream_1 = __nccwpck_require__(2203);
583658583658const client_s3_1 = __nccwpck_require__(53711);
583659583659const nodejs_sdk_1 = __nccwpck_require__(6629);
583660583660const archiver_1 = __importDefault(__nccwpck_require__(99392));
583661+ /**
583662+ * Input validation utilities
583663+ */
583664+ function validateNumericInput(value, name, min, max) {
583665+ if (!value || value.trim() === '') {
583666+ return 0; // Return default for empty values
583667+ }
583668+ const parsed = Number.parseFloat(value.trim());
583669+ if (Number.isNaN(parsed)) {
583670+ throw new Error(`Invalid ${name}: "${value}" is not a valid number`);
583671+ }
583672+ if (min !== undefined && parsed < min) {
583673+ throw new Error(`Invalid ${name}: ${parsed} is below minimum value of ${min}`);
583674+ }
583675+ if (max !== undefined && parsed > max) {
583676+ throw new Error(`Invalid ${name}: ${parsed} exceeds maximum value of ${max}`);
583677+ }
583678+ return parsed;
583679+ }
583680+ function sanitizeInput(value) {
583681+ return (value === null || value === void 0 ? void 0 : value.trim()) || '';
583682+ }
583683+ function validateRequiredInput(value, name) {
583684+ const sanitized = sanitizeInput(value);
583685+ if (!sanitized) {
583686+ throw new Error(`Required input "${name}" is missing or empty`);
583687+ }
583688+ return sanitized;
583689+ }
583661583690;
583662583691async function run() {
583663583692 core.setCommandEcho(true);
583664583693 try {
583665583694 const inputs = {
583666- functionId: core.getInput("function_id", { required: true }),
583667- token: core.getInput("token", { required: true }),
583668- accessKeyId: core.getInput("accessKeyId", { required: false }),
583669- secretAccessKey: core.getInput("secretAccessKey", { required: false }),
583670- runtime: core.getInput("runtime", { required: true }),
583671- entrypoint: core.getInput("entrypoint", { required: true }),
583672- memory: core.getInput("memory", { required: false }),
583673- source: core.getInput("source", { required: false }),
583674- sourceIgnore: core.getInput("exclude", { required: false }),
583675- executionTimeout: core.getInput("execution_timeout", { required: false }),
583676- environment: core.getInput("environment", { required: false }),
583677- serviceAccount: core.getInput("service_account", { required: false }),
583678- bucket: core.getInput("bucket", { required: false }),
583679- description: core.getInput("description", { required: false }),
583695+ functionId: validateRequiredInput( core.getInput("function_id", { required: true }), "function_id" ),
583696+ token: validateRequiredInput( core.getInput("token", { required: true }), "token" ),
583697+ accessKeyId: sanitizeInput( core.getInput("accessKeyId", { required: false }) ),
583698+ secretAccessKey: sanitizeInput( core.getInput("secretAccessKey", { required: false }) ),
583699+ runtime: validateRequiredInput( core.getInput("runtime", { required: true }), "runtime" ),
583700+ entrypoint: validateRequiredInput( core.getInput("entrypoint", { required: true }), "entrypoint" ),
583701+ memory: sanitizeInput( core.getInput("memory", { required: false })) || "128" ,
583702+ source: sanitizeInput( core.getInput("source", { required: false })) || "." ,
583703+ sourceIgnore: sanitizeInput( core.getInput("exclude", { required: false }) ),
583704+ executionTimeout: sanitizeInput( core.getInput("execution_timeout", { required: false })) || "5" ,
583705+ environment: sanitizeInput( core.getInput("environment", { required: false }) ),
583706+ serviceAccount: sanitizeInput( core.getInput("service_account", { required: false }) ),
583707+ bucket: sanitizeInput( core.getInput("bucket", { required: false }) ),
583708+ description: sanitizeInput( core.getInput("description", { required: false }) ),
583680583709 };
583681583710 core.info("Function inputs set");
583682583711 const fileContents = await zipDirectory(inputs);
@@ -583697,8 +583726,7 @@ async function tryStoreObjectInBucket(inputs, fileContents) {
583697583726 if (!inputs.bucket)
583698583727 return;
583699583728 if (!inputs.accessKeyId || !inputs.secretAccessKey) {
583700- core.setFailed("Missing ACCESS_KEY_ID or SECRET_ACCESS_KEY");
583701- return;
583729+ throw new Error("Missing ACCESS_KEY_ID or SECRET_ACCESS_KEY when bucket is specified");
583702583730 }
583703583731 // setting object name
583704583732 const bucketObjectName = constructBucketObjectName(inputs);
@@ -583727,8 +583755,8 @@ function handleOperationError(operation) {
583727583755 if (operation.error) {
583728583756 const details = (_a = operation.error) === null || _a === void 0 ? void 0 : _a.details;
583729583757 if (details)
583730- throw Error(`${operation.error.code}: ${operation.error.message} (${details.join(", ")})`);
583731- throw Error(`${operation.error.code}: ${operation.error.message}`);
583758+ throw new Error(`${operation.error.code}: ${operation.error.message} (${details.join(", ")})`);
583759+ throw new Error(`${operation.error.code}: ${operation.error.message}`);
583732583760 }
583733583761}
583734583762async function getFunctionById(session, inputs) {
@@ -583742,7 +583770,7 @@ async function getFunctionById(session, inputs) {
583742583770 core.info(`Function found: "${foundFunction.id} (${foundFunction.name})"`);
583743583771 return foundFunction;
583744583772 }
583745- throw Error(" Failed to find Function by id" );
583773+ throw new Error(` Failed to find function with ID: ${inputs.functionId}` );
583746583774 }
583747583775 finally {
583748583776 core.endGroup();
@@ -583754,17 +583782,17 @@ async function createFunctionVersion(session, targetFunction, fileContents, inpu
583754583782 core.startGroup("Create function version");
583755583783 try {
583756583784 core.info(`Function ${inputs.functionId}`);
583757- //convert variables
583758- const memory = Number.parseFloat (inputs.memory);
583759- core.info(`Parsed memory: "${memory}"`);
583760- const executionTimeout = Number.parseFloat (inputs.executionTimeout);
583761- core.info(`Parsed timeout: "${executionTimeout}"`);
583785+ // Convert and validate variables
583786+ const memory = validateNumericInput (inputs.memory, "memory", 128, 4096); // 128MB to 4GB
583787+ core.info(`Parsed memory: "${memory}MB "`);
583788+ const executionTimeout = validateNumericInput (inputs.executionTimeout, "execution_timeout", 1, 900); // 1s to 15min
583789+ core.info(`Parsed timeout: "${executionTimeout}s "`);
583762583790 const request = CreateFunctionVersionRequest.fromPartial({
583763583791 functionId: targetFunction.id,
583764583792 runtime: inputs.runtime,
583765583793 entrypoint: inputs.entrypoint,
583766583794 resources: {
583767- memory: memory ? memory * 1024 * 1024 : undefined,
583795+ memory: memory > 0 ? memory * 1024 * 1024 : 128 * 1024 * 1024, // Default to 128MB
583768583796 },
583769583797 serviceAccountId: inputs.serviceAccount,
583770583798 description: inputs.description,
@@ -583800,8 +583828,7 @@ function constructBucketObjectName(inputs) {
583800583828 const { GITHUB_SHA } = process.env;
583801583829 // check SHA present
583802583830 if (!GITHUB_SHA) {
583803- core.setFailed("Missing GITHUB_SHA");
583804- return "";
583831+ throw new Error("Missing GITHUB_SHA environment variable");
583805583832 }
583806583833 return `${inputs.functionId}/${GITHUB_SHA}.zip`;
583807583834}
@@ -583827,7 +583854,7 @@ async function zipDirectory(inputs) {
583827583854 bufferStream.end();
583828583855 const buffer = await streamToBuffer(bufferStream);
583829583856 if (!buffer)
583830- throw Error("Failed to initialize Buffer ");
583857+ throw new Error("Failed to initialize buffer from stream ");
583831583858 core.info("Buffer object created");
583832583859 return buffer;
583833583860 }
@@ -583836,14 +583863,19 @@ async function zipDirectory(inputs) {
583836583863 }
583837583864}
583838583865function parseIgnoreGlobPatterns(ignoreString) {
583866+ if (!ignoreString || ignoreString.trim() === '') {
583867+ return [];
583868+ }
583839583869 const result = [];
583840583870 const patterns = ignoreString.split(",");
583841583871 patterns.forEach(pattern => {
583842- // only not empty patterns
583843- if ((pattern === null || pattern === void 0 ? void 0 : pattern.length) > 0)
583844- result.push(pattern);
583872+ const trimmed = pattern.trim();
583873+ // only non-empty patterns after trimming
583874+ if (trimmed.length > 0) {
583875+ result.push(trimmed);
583876+ }
583845583877 });
583846- core.info(`Source ignore pattern : "${JSON.stringify(result)}"`);
583878+ core.info(`Source ignore patterns : "${JSON.stringify(result)}"`);
583847583879 return result;
583848583880}
583849583881function streamToBuffer(stream) {
@@ -583855,16 +583887,30 @@ function streamToBuffer(stream) {
583855583887 });
583856583888}
583857583889function parseEnvironmentVariables(env) {
583858- core.info(`Environment string: "${env}"`);
583890+ if (!env || env.trim() === '') {
583891+ return {};
583892+ }
583893+ core.info(`Environment string provided: ${env.length} characters`);
583859583894 const envObject = {};
583860583895 const kvs = env.split(",");
583861- kvs.forEach(kv => {
583862- const eqIndex = kv.indexOf("=");
583863- const key = kv.substring(0, eqIndex);
583864- const value = kv.substring(eqIndex + 1);
583896+ kvs.forEach((kv, index) => {
583897+ const trimmed = kv.trim();
583898+ if (!trimmed)
583899+ return; // Skip empty entries
583900+ const eqIndex = trimmed.indexOf("=");
583901+ if (eqIndex === -1) {
583902+ core.warning(`Skipping invalid environment variable at index ${index}: "${trimmed}" (missing =)`);
583903+ return;
583904+ }
583905+ const key = trimmed.substring(0, eqIndex).trim();
583906+ const value = trimmed.substring(eqIndex + 1).trim();
583907+ if (!key) {
583908+ core.warning(`Skipping environment variable with empty key at index ${index}`);
583909+ return;
583910+ }
583865583911 envObject[key] = value;
583866583912 });
583867- core.info(`EnvObject: "${JSON.stringify (envObject)}" `);
583913+ core.info(`Parsed ${Object.keys (envObject).length} environment variables `);
583868583914 return envObject;
583869583915}
583870583916run();
0 commit comments