Skip to content

Commit af5bb07

Browse files
authored
Revert "refactor: escape user input to prevent script injection (#56)" (#61)
This reverts commit c1bcacc.
1 parent c1bcacc commit af5bb07

4 files changed

Lines changed: 40 additions & 40 deletions

File tree

action.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,8 @@ runs:
3636
steps:
3737
- name: Set base and head SHAs used for nx affected
3838
id: setSHAs
39-
env:
40-
GITHUB_TOKEN: ${{ github.token }}
4139
shell: bash
42-
run: node $GITHUB_ACTION_PATH/dist/index.js
40+
run: node $GITHUB_ACTION_PATH/dist/index.js ${{ github.token }} ${{ inputs.main-branch-name }} ${{ inputs.error-on-no-successful-workflow }} ${{ inputs.last-successful-event }} ${{ inputs.working-directory }} ${{ inputs.workflow-id }}
4341

4442
- name: Log base and head SHAs used for nx affected
4543
shell: bash

dist/index.js

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -62798,11 +62798,12 @@ const { execSync } = __nccwpck_require__(3129);
6279862798
const { existsSync } = __nccwpck_require__(5747);
6279962799

6280062800
const { runId, repo: { repo, owner }, eventName } = github.context;
62801-
const mainBranchName = core.getInput('main-branch-name');
62802-
const errorOnNoSuccessfulWorkflow = core.getInput('error-on-no-successful-workflow');
62803-
const lastSuccessfulEvent = core.getInput('last-successful-event');
62804-
const workingDirectory = core.getInput('working-directory');
62805-
const workflowId = core.getInput('workflow-id');
62801+
process.env.GITHUB_TOKEN = process.argv[2];
62802+
const mainBranchName = process.argv[3];
62803+
const errorOnNoSuccessfulWorkflow = process.argv[4];
62804+
const lastSuccessfulEvent = process.argv[5];
62805+
const workingDirectory = process.argv[6];
62806+
const workflowId = process.argv[7];
6280662807
const defaultWorkingDirectory = '.';
6280762808

6280862809
let BASE_SHA;
@@ -62811,15 +62812,15 @@ let BASE_SHA;
6281162812
if (existsSync(workingDirectory)) {
6281262813
process.chdir(workingDirectory);
6281362814
} else {
62814-
core.warning('\n');
62815-
core.warning(`WARNING: Working directory '${workingDirectory}' doesn't exist.\n`);
62815+
process.stdout.write('\n');
62816+
process.stdout.write(`WARNING: Working directory '${workingDirectory}' doesn't exist.\n`);
6281662817
}
6281762818
}
6281862819

6281962820
const HEAD_SHA = execSync(`git rev-parse HEAD`, { encoding: 'utf-8' });
6282062821

6282162822
if (eventName === 'pull_request') {
62822-
BASE_SHA = execSync(`git merge-base origin/"${mainBranchName}" HEAD`, { encoding: 'utf-8' });
62823+
BASE_SHA = execSync(`git merge-base origin/${mainBranchName} HEAD`, { encoding: 'utf-8' });
6282362824
} else {
6282462825
try {
6282562826
BASE_SHA = await findSuccessfulCommit(workflowId, runId, owner, repo, mainBranchName, lastSuccessfulEvent);
@@ -62833,19 +62834,19 @@ let BASE_SHA;
6283362834
reportFailure(mainBranchName);
6283462835
return;
6283562836
} else {
62836-
core.warning('\n');
62837-
core.warning(`WARNING: Unable to find a successful workflow run on 'origin/${mainBranchName}'\n`);
62838-
core.warning(`We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'\n`);
62839-
core.warning('\n');
62840-
core.warning(`NOTE: You can instead make this a hard error by setting 'error-on-no-successful-workflow' on the action in your workflow.\n`);
62837+
process.stdout.write('\n');
62838+
process.stdout.write(`WARNING: Unable to find a successful workflow run on 'origin/${mainBranchName}'\n`);
62839+
process.stdout.write(`We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'\n`);
62840+
process.stdout.write('\n');
62841+
process.stdout.write(`NOTE: You can instead make this a hard error by setting 'error-on-no-successful-workflow' on the action in your workflow.\n`);
6284162842

6284262843
BASE_SHA = execSync(`git rev-parse HEAD~1`, { encoding: 'utf-8' });
6284362844
core.setOutput('noPreviousBuild', 'true');
6284462845
}
6284562846
} else {
62846-
core.info('\n');
62847-
core.info(`Found the last successful workflow run on 'origin/${mainBranchName}'\n`);
62848-
core.info(`Commit: ${BASE_SHA}\n`);
62847+
process.stdout.write('\n');
62848+
process.stdout.write(`Found the last successful workflow run on 'origin/${mainBranchName}'\n`);
62849+
process.stdout.write(`Commit: ${BASE_SHA}\n`);
6284962850
}
6285062851
}
6285162852

@@ -62882,8 +62883,8 @@ async function findSuccessfulCommit(workflow_id, run_id, owner, repo, branch, la
6288262883
branch,
6288362884
run_id
6288462885
}).then(({ data: { workflow_id } }) => workflow_id);
62885-
core.info('\n');
62886-
core.info(`Workflow Id not provided. Using workflow '${workflow_id}'\n`);
62886+
process.stdout.write('\n');
62887+
process.stdout.write(`Workflow Id not provided. Using workflow '${workflow_id}'\n`);
6288762888
}
6288862889
// fetch all workflow runs on a given repo/branch/workflow with push and success
6288962890
const shas = await octokit.request(`GET /repos/${owner}/${repo}/actions/workflows/${workflow_id}/runs`, {

find-successful-workflow.js

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,12 @@ const { execSync } = require('child_process');
55
const { existsSync } = require('fs');
66

77
const { runId, repo: { repo, owner }, eventName } = github.context;
8-
const mainBranchName = core.getInput('main-branch-name');
9-
const errorOnNoSuccessfulWorkflow = core.getInput('error-on-no-successful-workflow');
10-
const lastSuccessfulEvent = core.getInput('last-successful-event');
11-
const workingDirectory = core.getInput('working-directory');
12-
const workflowId = core.getInput('workflow-id');
8+
process.env.GITHUB_TOKEN = process.argv[2];
9+
const mainBranchName = process.argv[3];
10+
const errorOnNoSuccessfulWorkflow = process.argv[4];
11+
const lastSuccessfulEvent = process.argv[5];
12+
const workingDirectory = process.argv[6];
13+
const workflowId = process.argv[7];
1314
const defaultWorkingDirectory = '.';
1415

1516
let BASE_SHA;
@@ -18,15 +19,15 @@ let BASE_SHA;
1819
if (existsSync(workingDirectory)) {
1920
process.chdir(workingDirectory);
2021
} else {
21-
core.warning('\n');
22-
core.warning(`WARNING: Working directory '${workingDirectory}' doesn't exist.\n`);
22+
process.stdout.write('\n');
23+
process.stdout.write(`WARNING: Working directory '${workingDirectory}' doesn't exist.\n`);
2324
}
2425
}
2526

2627
const HEAD_SHA = execSync(`git rev-parse HEAD`, { encoding: 'utf-8' });
2728

2829
if (eventName === 'pull_request') {
29-
BASE_SHA = execSync(`git merge-base origin/"${mainBranchName}" HEAD`, { encoding: 'utf-8' });
30+
BASE_SHA = execSync(`git merge-base origin/${mainBranchName} HEAD`, { encoding: 'utf-8' });
3031
} else {
3132
try {
3233
BASE_SHA = await findSuccessfulCommit(workflowId, runId, owner, repo, mainBranchName, lastSuccessfulEvent);
@@ -40,19 +41,19 @@ let BASE_SHA;
4041
reportFailure(mainBranchName);
4142
return;
4243
} else {
43-
core.warning('\n');
44-
core.warning(`WARNING: Unable to find a successful workflow run on 'origin/${mainBranchName}'\n`);
45-
core.warning(`We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'\n`);
46-
core.warning('\n');
47-
core.warning(`NOTE: You can instead make this a hard error by setting 'error-on-no-successful-workflow' on the action in your workflow.\n`);
44+
process.stdout.write('\n');
45+
process.stdout.write(`WARNING: Unable to find a successful workflow run on 'origin/${mainBranchName}'\n`);
46+
process.stdout.write(`We are therefore defaulting to use HEAD~1 on 'origin/${mainBranchName}'\n`);
47+
process.stdout.write('\n');
48+
process.stdout.write(`NOTE: You can instead make this a hard error by setting 'error-on-no-successful-workflow' on the action in your workflow.\n`);
4849

4950
BASE_SHA = execSync(`git rev-parse HEAD~1`, { encoding: 'utf-8' });
5051
core.setOutput('noPreviousBuild', 'true');
5152
}
5253
} else {
53-
core.info('\n');
54-
core.info(`Found the last successful workflow run on 'origin/${mainBranchName}'\n`);
55-
core.info(`Commit: ${BASE_SHA}\n`);
54+
process.stdout.write('\n');
55+
process.stdout.write(`Found the last successful workflow run on 'origin/${mainBranchName}'\n`);
56+
process.stdout.write(`Commit: ${BASE_SHA}\n`);
5657
}
5758
}
5859

@@ -89,8 +90,8 @@ async function findSuccessfulCommit(workflow_id, run_id, owner, repo, branch, la
8990
branch,
9091
run_id
9192
}).then(({ data: { workflow_id } }) => workflow_id);
92-
core.info('\n');
93-
core.info(`Workflow Id not provided. Using workflow '${workflow_id}'\n`);
93+
process.stdout.write('\n');
94+
process.stdout.write(`Workflow Id not provided. Using workflow '${workflow_id}'\n`);
9495
}
9596
// fetch all workflow runs on a given repo/branch/workflow with push and success
9697
const shas = await octokit.request(`GET /repos/${owner}/${repo}/actions/workflows/${workflow_id}/runs`, {

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"private": true,
3-
"version": "2.2.6",
3+
"version": "2.2.5",
44
"license": "MIT",
55
"description": "This package.json is here purely to control the version of the Action, in combination with https://github.com/JamesHenry/publish-shell-action",
66
"scripts": {

0 commit comments

Comments
 (0)