diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 6a2030ea9d..deb61dc07c 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -39,8 +39,8 @@ const core = __importStar(require("@actions/core")); const toolcache = __importStar(require("@actions/tool-cache")); const node_forge_1 = require("node-forge"); const actionsUtil = __importStar(require("./actions-util")); -const languages_1 = require("./languages"); const logging_1 = require("./logging"); +const start_proxy_1 = require("./start-proxy"); const util = __importStar(require("./util")); const UPDATEJOB_PROXY = "update-job-proxy"; const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727"; @@ -48,19 +48,6 @@ const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/rele const PROXY_USER = "proxy_user"; const KEY_SIZE = 2048; const KEY_EXPIRY_YEARS = 2; -const LANGUAGE_TO_REGISTRY_TYPE = { - java: "maven_repository", - csharp: "nuget_feed", - javascript: "npm_registry", - python: "python_index", - ruby: "rubygems_server", - rust: "cargo_registry", - // We do not have an established proxy type for these languages, thus leaving empty. - actions: "", - cpp: "", - go: "", - swift: "", -}; const CERT_SUBJECT = [ { name: "commonName", @@ -112,7 +99,7 @@ async function runWrapper() { const proxyLogFilePath = path.resolve(tempDir, "proxy.log"); core.saveState("proxy-log-file", proxyLogFilePath); // Get the configuration options - const credentials = getCredentials(logger); + const credentials = (0, start_proxy_1.getCredentials)(logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), actionsUtil.getOptionalInput("language")); logger.info(`Credentials loaded for the following registries:\n ${credentials .map((c) => credentialToStr(c)) .join("\n")}`); @@ -178,53 +165,6 @@ async function startProxy(binPath, config, logFilePath, logger) { core.setFailed(`start-proxy action failed: ${util.getErrorMessage(error)}`); } } -// getCredentials returns registry credentials from action inputs. -// It prefers `registries_credentials` over `registry_secrets`. -// If neither is set, it returns an empty array. -function getCredentials(logger) { - const registriesCredentials = actionsUtil.getOptionalInput("registries_credentials"); - const registrySecrets = actionsUtil.getOptionalInput("registry_secrets"); - const languageString = actionsUtil.getOptionalInput("language"); - const language = languageString ? (0, languages_1.parseLanguage)(languageString) : undefined; - const registryTypeForLanguage = language - ? LANGUAGE_TO_REGISTRY_TYPE[language] - : undefined; - let credentialsStr; - if (registriesCredentials !== undefined) { - logger.info(`Using registries_credentials input.`); - credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); - } - else if (registrySecrets !== undefined) { - logger.info(`Using registry_secrets input.`); - credentialsStr = registrySecrets; - } - else { - logger.info(`No credentials defined.`); - return []; - } - // Parse and validate the credentials - const parsed = JSON.parse(credentialsStr); - const out = []; - for (const e of parsed) { - if (e.url === undefined && e.host === undefined) { - throw new Error("Invalid credentials - must specify host or url"); - } - // Filter credentials based on language if specified. `type` is the registry type. - // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#. - if (e.type !== registryTypeForLanguage) { - continue; - } - out.push({ - type: e.type, - host: e.host, - url: e.url, - username: e.username, - password: e.password, - token: e.token, - }); - } - return out; -} // getProxyAuth returns the authentication information for the proxy itself. function getProxyAuth() { const proxy_password = actionsUtil.getOptionalInput("proxy_password"); diff --git a/lib/start-proxy-action.js.map b/lib/start-proxy-action.js.map index 5e4bbc8f79..c58df44d37 100644 --- a/lib/start-proxy-action.js.map +++ b/lib/start-proxy-action.js.map @@ -1 +1 @@ -{"version":3,"file":"start-proxy-action.js","sourceRoot":"","sources":["../src/start-proxy-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAoD;AACpD,2CAA6B;AAE7B,oDAAsC;AACtC,+DAAiD;AACjD,2CAAiC;AAEjC,4DAA8C;AAC9C,2CAAsD;AACtD,uCAAqD;AACrD,6CAA+B;AAE/B,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AACtD,MAAM,0BAA0B,GAC9B,kFAAkF,CAAC;AACrF,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,IAAI,CAAC;AACtB,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAE3B,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,EAAE,EAAE,EAAE;IACN,KAAK,EAAE,EAAE;CACD,CAAC;AA2BX,MAAM,YAAY,GAAG;IACnB;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,wBAAwB;KAChC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,aAAa;KACrB;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,IAAI;KACZ;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,eAAe;KACvB;CACF,CAAC;AAEF,SAAS,4BAA4B;IACnC,MAAM,IAAI,GAAG,gBAAG,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,gBAAG,CAAC,iBAAiB,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACzB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAChC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,gBAAgB,CACzD,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3B,MAAM,GAAG,GAAG,gBAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,gBAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;IAEnD,gCAAgC;IAChC,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,CAAC,IAAI,CACT,sDAAsD,WAAW;SAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;SAC9B,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;IAEF,MAAM,EAAE,GAAG,4BAA4B,EAAE,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,MAAM,WAAW,GAAgB;QAC/B,eAAe,EAAE,WAAW;QAC5B,EAAE;QACF,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC5C,MAAM,UAAU,CAAC,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAmB,EACnB,WAAmB,EACnB,MAAc;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC;IACzB,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,UAAU,GAA6B,SAAS,CAAC;QACrD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,eAAe,GAAsB,SAAS,CAAC;QACnD,OAAO,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,eAAe,EAAE,CAAC;YACtD,UAAU,GAAG,IAAA,qBAAK,EAChB,OAAO,EACP,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,EACrE;gBACE,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACpC,CACF,CAAC;YACF,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,6FAA6F;oBAC7F,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;oBAC3D,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YAChD,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACxB,4CAA4C;YAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,+DAA+D;YAC/D,MAAM,eAAe,CAAC;QACxB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAEvD,MAAM,aAAa,GAAG,MAAM,CAAC,eAAe;aACzC,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,KAAK,SAAS,CAAC;aACpD,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACpB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,GAAG,EAAE,UAAU,CAAC,GAAG;SACpB,CAAC,CAAC,CAAC;QACN,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,8BAA8B,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,qBAAqB,GAAG,WAAW,CAAC,gBAAgB,CACxD,wBAAwB,CACzB,CAAC;IACF,MAAM,eAAe,GAAG,WAAW,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IAC1D,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YACvC,SAAS;QACX,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4EAA4E;AAC5E,SAAS,YAAY;IACnB,MAAM,cAAc,GAAG,WAAW,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;IACtE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,cAAc;SACzB,CAAC;IACJ,CAAC;IACD,OAAO;AACT,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,eAAe,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC;IAC5E,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC1B,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAC7B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,YAAY,GAAG,GAAG,eAAe,IAAI,QAAQ,SAAS,CAAC;IAC7D,MAAM,QAAQ,GAAG,GAAG,0BAA0B,GAAG,YAAY,EAAE,CAAC;IAEhE,IAAI,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,uBAAuB,CAAC,CAAC;IACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnD,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CACjC,SAAS,EACT,aAAa,EACb,uBAAuB,CACxB,CAAC;IACJ,CAAC;IACD,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC9C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,CAAa;IACpC,OAAO,SAAS,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,GAAG,cACpD,CAAC,CAAC,QACJ,eAAe,CAAC,CAAC,QAAQ,KAAK,SAAS,YAAY,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file +{"version":3,"file":"start-proxy-action.js","sourceRoot":"","sources":["../src/start-proxy-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAoD;AACpD,2CAA6B;AAE7B,oDAAsC;AACtC,+DAAiD;AACjD,2CAAiC;AAEjC,4DAA8C;AAC9C,uCAAqD;AACrD,+CAA2D;AAC3D,6CAA+B;AAE/B,MAAM,eAAe,GAAG,kBAAkB,CAAC;AAC3C,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AACtD,MAAM,0BAA0B,GAC9B,kFAAkF,CAAC;AACrF,MAAM,UAAU,GAAG,YAAY,CAAC;AAChC,MAAM,QAAQ,GAAG,IAAI,CAAC;AACtB,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAkB3B,MAAM,YAAY,GAAG;IACnB;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,wBAAwB;KAChC;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,aAAa;KACrB;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,IAAI;KACZ;IACD;QACE,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,YAAY;KACpB;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,eAAe;KACvB;CACF,CAAC;AAEF,SAAS,4BAA4B;IACnC,MAAM,IAAI,GAAG,gBAAG,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,gBAAG,CAAC,iBAAiB,EAAE,CAAC;IACrC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACzB,IAAI,CAAC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC;IACpC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAChC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,gBAAgB,CACzD,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE3B,MAAM,GAAG,GAAG,gBAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,gBAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,8BAA8B;IAC9B,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAC5D,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;IAEnD,gCAAgC;IAChC,MAAM,WAAW,GAAG,IAAA,4BAAc,EAChC,MAAM,EACN,WAAW,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,EAChD,WAAW,CAAC,gBAAgB,CAAC,wBAAwB,CAAC,EACtD,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,CACzC,CAAC;IACF,MAAM,CAAC,IAAI,CACT,sDAAsD,WAAW;SAC9D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;SAC9B,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;IAEF,MAAM,EAAE,GAAG,4BAA4B,EAAE,CAAC;IAC1C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IAEjC,MAAM,WAAW,GAAgB;QAC/B,eAAe,EAAE,WAAW;QAC5B,EAAE;QACF,UAAU,EAAE,SAAS;KACtB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAC;IAC5C,MAAM,UAAU,CAAC,QAAQ,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAmB,EACnB,WAAmB,EACnB,MAAc;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC;IACzB,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,UAAU,GAA6B,SAAS,CAAC;QACrD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,eAAe,GAAsB,SAAS,CAAC;QACnD,OAAO,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,eAAe,EAAE,CAAC;YACtD,UAAU,GAAG,IAAA,qBAAK,EAChB,OAAO,EACP,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,EACrE;gBACE,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACpC,CACF,CAAC;YACF,UAAU,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;gBACnB,IAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC/B,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,6FAA6F;oBAC7F,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;oBAC3D,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;YACH,CAAC,CAAC,CAAC;YACH,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;YAChD,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACxB,4CAA4C;YAC5C,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,eAAe,EAAE,CAAC;YACpB,+DAA+D;YAC/D,MAAM,eAAe,CAAC;QACxB,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,oBAAoB,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,sBAAsB,EAAE,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAEvD,MAAM,aAAa,GAAG,MAAM,CAAC,eAAe;aACzC,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,KAAK,SAAS,CAAC;aACpD,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YACpB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,GAAG,EAAE,UAAU,CAAC,GAAG;SACpB,CAAC,CAAC,CAAC;QACN,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,8BAA8B,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,SAAS,YAAY;IACnB,MAAM,cAAc,GAAG,WAAW,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;IACtE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;YACL,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,cAAc;SACzB,CAAC;IACJ,CAAC;IACD,OAAO;AACT,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,eAAe,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC;IAC5E,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC1B,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;YAC7B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,YAAY,GAAG,GAAG,eAAe,IAAI,QAAQ,SAAS,CAAC;IAC7D,MAAM,QAAQ,GAAG,GAAG,0BAA0B,GAAG,YAAY,EAAE,CAAC;IAEhE,IAAI,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,aAAa,EAAE,uBAAuB,CAAC,CAAC;IACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnD,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CACjC,SAAS,EACT,aAAa,EACb,uBAAuB,CACxB,CAAC;IACJ,CAAC;IACD,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC9C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,eAAe,CAAC,CAAa;IACpC,OAAO,SAAS,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,GAAG,cACpD,CAAC,CAAC,QACJ,eAAe,CAAC,CAAC,QAAQ,KAAK,SAAS,YAAY,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file diff --git a/lib/start-proxy.js b/lib/start-proxy.js new file mode 100644 index 0000000000..9bbcaeba9c --- /dev/null +++ b/lib/start-proxy.js @@ -0,0 +1,83 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.getCredentials = getCredentials; +const languages_1 = require("./languages"); +const util_1 = require("./util"); +const LANGUAGE_TO_REGISTRY_TYPE = { + java: "maven_repository", + csharp: "nuget_feed", + javascript: "npm_registry", + python: "python_index", + ruby: "rubygems_server", + rust: "cargo_registry", + // We do not have an established proxy type for these languages, thus leaving empty. + actions: "", + cpp: "", + go: "", + swift: "", +}; +// getCredentials returns registry credentials from action inputs. +// It prefers `registries_credentials` over `registry_secrets`. +// If neither is set, it returns an empty array. +function getCredentials(logger, registrySecrets, registriesCredentials, languageString) { + const language = languageString ? (0, languages_1.parseLanguage)(languageString) : undefined; + const registryTypeForLanguage = language + ? LANGUAGE_TO_REGISTRY_TYPE[language] + : undefined; + let credentialsStr; + if (registriesCredentials !== undefined) { + logger.info(`Using registries_credentials input.`); + credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); + } + else if (registrySecrets !== undefined) { + logger.info(`Using registry_secrets input.`); + credentialsStr = registrySecrets; + } + else { + logger.info(`No credentials defined.`); + return []; + } + // Parse and validate the credentials + let parsed; + try { + parsed = JSON.parse(credentialsStr); + } + catch { + // Don't log the error since it might contain sensitive information. + logger.error("Failed to parse the credentials data."); + throw new util_1.ConfigurationError("Invalid credentials format."); + } + const out = []; + for (const e of parsed) { + if (e.url === undefined && e.host === undefined) { + // The proxy needs one of these to work. If both are defined, the url has the precedence. + throw new util_1.ConfigurationError("Invalid credentials - must specify host or url"); + } + // Filter credentials based on language if specified. `type` is the registry type. + // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#. + if (registryTypeForLanguage && e.type !== registryTypeForLanguage) { + continue; + } + const isPrintable = (str) => { + return str ? /^[\x20-\x7E]*$/.test(str) : true; + }; + if (!isPrintable(e.type) || + !isPrintable(e.host) || + !isPrintable(e.url) || + !isPrintable(e.username) || + !isPrintable(e.password) || + !isPrintable(e.token)) { + throw new util_1.ConfigurationError("Invalid credentials - fields must contain only printable characters"); + } + out.push({ + type: e.type, + host: e.host, + url: e.url, + username: e.username, + password: e.password, + token: e.token, + }); + } + return out; +} +//# sourceMappingURL=start-proxy.js.map \ No newline at end of file diff --git a/lib/start-proxy.js.map b/lib/start-proxy.js.map new file mode 100644 index 0000000000..031deff1ab --- /dev/null +++ b/lib/start-proxy.js.map @@ -0,0 +1 @@ +{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,EAAE,EAAE,EAAE;IACN,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"} \ No newline at end of file diff --git a/lib/start-proxy.test.js b/lib/start-proxy.test.js new file mode 100644 index 0000000000..b4d53aad87 --- /dev/null +++ b/lib/start-proxy.test.js @@ -0,0 +1,99 @@ +"use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + var desc = Object.getOwnPropertyDescriptor(m, k); + if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { + desc = { enumerable: true, get: function() { return m[k]; } }; + } + Object.defineProperty(o, k2, desc); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || (function () { + var ownKeys = function(o) { + ownKeys = Object.getOwnPropertyNames || function (o) { + var ar = []; + for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; + return ar; + }; + return ownKeys(o); + }; + return function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); + __setModuleDefault(result, mod); + return result; + }; +})(); +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", { value: true }); +const ava_1 = __importDefault(require("ava")); +const logging_1 = require("./logging"); +const startProxyExports = __importStar(require("./start-proxy")); +const testing_utils_1 = require("./testing-utils"); +(0, testing_utils_1.setupTests)(ava_1.default); +(0, ava_1.default)("getCredentials prefers registriesCredentials over registrySecrets", async (t) => { + const registryCredentials = Buffer.from(JSON.stringify([ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + ])).toString("base64"); + const registrySecrets = JSON.stringify([ + { type: "npm_registry", host: "registry.npmjs.org", token: "def" }, + ]); + const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), registrySecrets, registryCredentials, undefined); + t.is(credentials.length, 1); + t.is(credentials[0].host, "npm.pkg.github.com"); +}); +(0, ava_1.default)("getCredentials throws error when credential missing host and url", async (t) => { + const registryCredentials = Buffer.from(JSON.stringify([{ type: "npm_registry", token: "abc" }])).toString("base64"); + t.throws(() => startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, registryCredentials, undefined), { + message: "Invalid credentials - must specify host or url", + }); +}); +(0, ava_1.default)("getCredentials filters by language when specified", async (t) => { + const mixedCredentials = [ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + { type: "maven_repository", host: "maven.pkg.github.com", token: "def" }, + { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" }, + ]; + const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, Buffer.from(JSON.stringify(mixedCredentials)).toString("base64"), "java"); + t.is(credentials.length, 1); + t.is(credentials[0].type, "maven_repository"); +}); +(0, ava_1.default)("getCredentials returns all credentials when no language specified", async (t) => { + const mixedCredentials = [ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + { type: "maven_repository", host: "maven.pkg.github.com", token: "def" }, + { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" }, + ]; + const credentialsInput = Buffer.from(JSON.stringify(mixedCredentials)).toString("base64"); + const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, credentialsInput, undefined); + t.is(credentials.length, 3); +}); +(0, ava_1.default)("getCredentials throws an error when non-printable characters are used", async (t) => { + const invalidCredentials = [ + { type: "nuget_feed", host: "1nuget.pkg.github.com", token: "abc\u0000" }, // Non-printable character in token + { type: "nuget_feed", host: "2nuget.pkg.github.com\u0001" }, // Non-printable character in host + { + type: "nuget_feed", + host: "3nuget.pkg.github.com", + password: "ghi\u0002", + }, // Non-printable character in password + { type: "nuget_feed", host: "4nuget.pkg.github.com", password: "ghi\x00" }, // Non-printable character in password + ]; + for (const invalidCredential of invalidCredentials) { + const credentialsInput = Buffer.from(JSON.stringify([invalidCredential])).toString("base64"); + t.throws(() => startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, credentialsInput, undefined), { + message: "Invalid credentials - fields must contain only printable characters", + }); + } +}); +//# sourceMappingURL=start-proxy.test.js.map \ No newline at end of file diff --git a/lib/start-proxy.test.js.map b/lib/start-proxy.test.js.map new file mode 100644 index 0000000000..c9ca771a5c --- /dev/null +++ b/lib/start-proxy.test.js.map @@ -0,0 +1 @@ +{"version":3,"file":"start-proxy.test.js","sourceRoot":"","sources":["../src/start-proxy.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,uCAA4C;AAC5C,iEAAmD;AACnD,mDAA6C;AAE7C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC;QACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CACH,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;QACrC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,eAAe,EACf,mBAAmB,EACnB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kEAAkE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CACzD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,mBAAmB,EACnB,SAAS,CACV,EACH;QACE,OAAO,EAAE,gDAAgD;KAC1D,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mDAAmD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpE,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC;IAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAChE,MAAM,CACP,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC;IACF,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CACjC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uEAAuE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxF,MAAM,kBAAkB,GAAG;QACzB,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,mCAAmC;QAC9G,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,6BAA6B,EAAE,EAAE,kCAAkC;QAC/F;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,uBAAuB;YAC7B,QAAQ,EAAE,WAAW;SACtB,EAAE,sCAAsC;QACzC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sCAAsC;KACnH,CAAC;IAEF,KAAK,MAAM,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;QACnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC,CACpC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,EACH;YACE,OAAO,EACL,qEAAqE;SACxE,CACF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC"} \ No newline at end of file diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 0cbfcf7173..013b237bad 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -6,8 +6,8 @@ import * as toolcache from "@actions/tool-cache"; import { pki } from "node-forge"; import * as actionsUtil from "./actions-util"; -import { Language, parseLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; +import { Credential, getCredentials } from "./start-proxy"; import * as util from "./util"; const UPDATEJOB_PROXY = "update-job-proxy"; @@ -18,34 +18,11 @@ const PROXY_USER = "proxy_user"; const KEY_SIZE = 2048; const KEY_EXPIRY_YEARS = 2; -const LANGUAGE_TO_REGISTRY_TYPE: Record = { - java: "maven_repository", - csharp: "nuget_feed", - javascript: "npm_registry", - python: "python_index", - ruby: "rubygems_server", - rust: "cargo_registry", - // We do not have an established proxy type for these languages, thus leaving empty. - actions: "", - cpp: "", - go: "", - swift: "", -} as const; - type CertificateAuthority = { cert: string; key: string; }; -type Credential = { - type: string; - host?: string; - url?: string; - username?: string; - password?: string; - token?: string; -}; - type BasicAuthCredentials = { username: string; password: string; @@ -117,7 +94,12 @@ async function runWrapper() { core.saveState("proxy-log-file", proxyLogFilePath); // Get the configuration options - const credentials = getCredentials(logger); + const credentials = getCredentials( + logger, + actionsUtil.getOptionalInput("registry_secrets"), + actionsUtil.getOptionalInput("registries_credentials"), + actionsUtil.getOptionalInput("language"), + ); logger.info( `Credentials loaded for the following registries:\n ${credentials .map((c) => credentialToStr(c)) @@ -199,58 +181,6 @@ async function startProxy( } } -// getCredentials returns registry credentials from action inputs. -// It prefers `registries_credentials` over `registry_secrets`. -// If neither is set, it returns an empty array. -function getCredentials(logger: Logger): Credential[] { - const registriesCredentials = actionsUtil.getOptionalInput( - "registries_credentials", - ); - const registrySecrets = actionsUtil.getOptionalInput("registry_secrets"); - const languageString = actionsUtil.getOptionalInput("language"); - const language = languageString ? parseLanguage(languageString) : undefined; - const registryTypeForLanguage = language - ? LANGUAGE_TO_REGISTRY_TYPE[language] - : undefined; - - let credentialsStr: string; - if (registriesCredentials !== undefined) { - logger.info(`Using registries_credentials input.`); - credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); - } else if (registrySecrets !== undefined) { - logger.info(`Using registry_secrets input.`); - credentialsStr = registrySecrets; - } else { - logger.info(`No credentials defined.`); - return []; - } - - // Parse and validate the credentials - const parsed = JSON.parse(credentialsStr) as Credential[]; - const out: Credential[] = []; - for (const e of parsed) { - if (e.url === undefined && e.host === undefined) { - throw new Error("Invalid credentials - must specify host or url"); - } - - // Filter credentials based on language if specified. `type` is the registry type. - // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#. - if (e.type !== registryTypeForLanguage) { - continue; - } - - out.push({ - type: e.type, - host: e.host, - url: e.url, - username: e.username, - password: e.password, - token: e.token, - }); - } - return out; -} - // getProxyAuth returns the authentication information for the proxy itself. function getProxyAuth(): BasicAuthCredentials | undefined { const proxy_password = actionsUtil.getOptionalInput("proxy_password"); diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts new file mode 100644 index 0000000000..cb84833cc6 --- /dev/null +++ b/src/start-proxy.test.ts @@ -0,0 +1,115 @@ +import test from "ava"; + +import { getRunnerLogger } from "./logging"; +import * as startProxyExports from "./start-proxy"; +import { setupTests } from "./testing-utils"; + +setupTests(test); + +test("getCredentials prefers registriesCredentials over registrySecrets", async (t) => { + const registryCredentials = Buffer.from( + JSON.stringify([ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + ]), + ).toString("base64"); + const registrySecrets = JSON.stringify([ + { type: "npm_registry", host: "registry.npmjs.org", token: "def" }, + ]); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + registrySecrets, + registryCredentials, + undefined, + ); + t.is(credentials.length, 1); + t.is(credentials[0].host, "npm.pkg.github.com"); +}); + +test("getCredentials throws error when credential missing host and url", async (t) => { + const registryCredentials = Buffer.from( + JSON.stringify([{ type: "npm_registry", token: "abc" }]), + ).toString("base64"); + + t.throws( + () => + startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + registryCredentials, + undefined, + ), + { + message: "Invalid credentials - must specify host or url", + }, + ); +}); + +test("getCredentials filters by language when specified", async (t) => { + const mixedCredentials = [ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + { type: "maven_repository", host: "maven.pkg.github.com", token: "def" }, + { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" }, + ]; + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + Buffer.from(JSON.stringify(mixedCredentials)).toString("base64"), + "java", + ); + t.is(credentials.length, 1); + t.is(credentials[0].type, "maven_repository"); +}); + +test("getCredentials returns all credentials when no language specified", async (t) => { + const mixedCredentials = [ + { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" }, + { type: "maven_repository", host: "maven.pkg.github.com", token: "def" }, + { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" }, + ]; + const credentialsInput = Buffer.from( + JSON.stringify(mixedCredentials), + ).toString("base64"); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + undefined, + ); + t.is(credentials.length, 3); +}); + +test("getCredentials throws an error when non-printable characters are used", async (t) => { + const invalidCredentials = [ + { type: "nuget_feed", host: "1nuget.pkg.github.com", token: "abc\u0000" }, // Non-printable character in token + { type: "nuget_feed", host: "2nuget.pkg.github.com\u0001" }, // Non-printable character in host + { + type: "nuget_feed", + host: "3nuget.pkg.github.com", + password: "ghi\u0002", + }, // Non-printable character in password + { type: "nuget_feed", host: "4nuget.pkg.github.com", password: "ghi\x00" }, // Non-printable character in password + ]; + + for (const invalidCredential of invalidCredentials) { + const credentialsInput = Buffer.from( + JSON.stringify([invalidCredential]), + ).toString("base64"); + + t.throws( + () => + startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + undefined, + ), + { + message: + "Invalid credentials - fields must contain only printable characters", + }, + ); + } +}); diff --git a/src/start-proxy.ts b/src/start-proxy.ts new file mode 100644 index 0000000000..51c6f2fc07 --- /dev/null +++ b/src/start-proxy.ts @@ -0,0 +1,106 @@ +import { parseLanguage, Language } from "./languages"; +import { Logger } from "./logging"; +import { ConfigurationError } from "./util"; + +export type Credential = { + type: string; + host?: string; + url?: string; + username?: string; + password?: string; + token?: string; +}; + +const LANGUAGE_TO_REGISTRY_TYPE: Record = { + java: "maven_repository", + csharp: "nuget_feed", + javascript: "npm_registry", + python: "python_index", + ruby: "rubygems_server", + rust: "cargo_registry", + // We do not have an established proxy type for these languages, thus leaving empty. + actions: "", + cpp: "", + go: "", + swift: "", +} as const; + +// getCredentials returns registry credentials from action inputs. +// It prefers `registries_credentials` over `registry_secrets`. +// If neither is set, it returns an empty array. +export function getCredentials( + logger: Logger, + registrySecrets: string | undefined, + registriesCredentials: string | undefined, + languageString: string | undefined, +): Credential[] { + const language = languageString ? parseLanguage(languageString) : undefined; + const registryTypeForLanguage = language + ? LANGUAGE_TO_REGISTRY_TYPE[language] + : undefined; + + let credentialsStr: string; + if (registriesCredentials !== undefined) { + logger.info(`Using registries_credentials input.`); + credentialsStr = Buffer.from(registriesCredentials, "base64").toString(); + } else if (registrySecrets !== undefined) { + logger.info(`Using registry_secrets input.`); + credentialsStr = registrySecrets; + } else { + logger.info(`No credentials defined.`); + return []; + } + + // Parse and validate the credentials + let parsed: Credential[]; + try { + parsed = JSON.parse(credentialsStr) as Credential[]; + } catch { + // Don't log the error since it might contain sensitive information. + logger.error("Failed to parse the credentials data."); + throw new ConfigurationError("Invalid credentials format."); + } + + const out: Credential[] = []; + for (const e of parsed) { + if (e.url === undefined && e.host === undefined) { + // The proxy needs one of these to work. If both are defined, the url has the precedence. + throw new ConfigurationError( + "Invalid credentials - must specify host or url", + ); + } + + // Filter credentials based on language if specified. `type` is the registry type. + // E.g., "maven_feed" for Java/Kotlin, "nuget_repository" for C#. + if (registryTypeForLanguage && e.type !== registryTypeForLanguage) { + continue; + } + + const isPrintable = (str: string | undefined): boolean => { + return str ? /^[\x20-\x7E]*$/.test(str) : true; + }; + + if ( + !isPrintable(e.type) || + !isPrintable(e.host) || + !isPrintable(e.url) || + !isPrintable(e.username) || + !isPrintable(e.password) || + !isPrintable(e.token) + ) { + throw new ConfigurationError( + "Invalid credentials - fields must contain only printable characters", + ); + } + + out.push({ + type: e.type, + host: e.host, + url: e.url, + username: e.username, + password: e.password, + token: e.token, + }); + } + return out; +}