Merge pull request #3 from Contrast-Security-OSS/PRODSEC-461-build

Migration build

Author: DavidMContrast

lib/index.js

@@ -3557,19 +3557,19 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // pkg/dist-src/index.js
-var dist_src_exports = {};
-__export(dist_src_exports, {
+var index_exports = {};
+__export(index_exports, {
   Octokit: () => Octokit
 });
-module.exports = __toCommonJS(dist_src_exports);
+module.exports = __toCommonJS(index_exports);
 var import_universal_user_agent = __nccwpck_require__(3843);
 var import_before_after_hook = __nccwpck_require__(2732);
 var import_request = __nccwpck_require__(8636);
 var import_graphql = __nccwpck_require__(7);
 var import_auth_token = __nccwpck_require__(7864);
 
 // pkg/dist-src/version.js
-var VERSION = "5.2.0";
+var VERSION = "5.2.1";
 
 // pkg/dist-src/index.js
 var noop = () => {
@@ -17139,7 +17139,7 @@ module.exports = {
 
 
 const { parseSetCookie } = __nccwpck_require__(8915)
-const { stringify, getHeadersList } = __nccwpck_require__(3834)
+const { stringify } = __nccwpck_require__(3834)
 const { webidl } = __nccwpck_require__(4222)
 const { Headers } = __nccwpck_require__(6349)
 
@@ -17215,14 +17215,13 @@ function getSetCookies (headers) {
 
   webidl.brandCheck(headers, Headers, { strict: false })
 
-  const cookies = getHeadersList(headers).cookies
+  const cookies = headers.getSetCookie()
 
   if (!cookies) {
     return []
   }
 
-  // In older versions of undici, cookies is a list of name:value.
-  return cookies.map((pair) => parseSetCookie(Array.isArray(pair) ? pair[1] : pair))
+  return cookies.map((pair) => parseSetCookie(pair))
 }
 
 /**
@@ -17650,14 +17649,15 @@ module.exports = {
 /***/ }),
 
 /***/ 3834:
-/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+/***/ ((module) => {
 
 "use strict";
 
 
-const assert = __nccwpck_require__(2613)
-const { kHeadersList } = __nccwpck_require__(6443)
-
+/**
+ * @param {string} value
+ * @returns {boolean}
+ */
 function isCTLExcludingHtab (value) {
   if (value.length === 0) {
     return false
@@ -17918,31 +17918,13 @@ function stringify (cookie) {
   return out.join('; ')
 }
 
-let kHeadersListNode
-
-function getHeadersList (headers) {
-  if (headers[kHeadersList]) {
-    return headers[kHeadersList]
-  }
-
-  if (!kHeadersListNode) {
-    kHeadersListNode = Object.getOwnPropertySymbols(headers).find(
-      (symbol) => symbol.description === 'headers list'
-    )
-
-    assert(kHeadersListNode, 'Headers cannot be parsed')
-  }
-
-  const headersList = headers[kHeadersListNode]
-  assert(headersList)
-
-  return headersList
-}
-
 module.exports = {
   isCTLExcludingHtab,
-  stringify,
-  getHeadersList
+  validateCookieName,
+  validateCookiePath,
+  validateCookieValue,
+  toIMFDate,
+  stringify
 }
 
 
@@ -21946,6 +21928,7 @@ const {
   isValidHeaderName,
   isValidHeaderValue
 } = __nccwpck_require__(5523)
+const util = __nccwpck_require__(9023)
 const { webidl } = __nccwpck_require__(4222)
 const assert = __nccwpck_require__(2613)
 
@@ -22499,6 +22482,9 @@ Object.defineProperties(Headers.prototype, {
   [Symbol.toStringTag]: {
     value: 'Headers',
     configurable: true
+  },
+  [util.inspect.custom]: {
+    enumerable: false
   }
 })
 
@@ -31675,6 +31661,20 @@ class Pool extends PoolBase {
       ? { ...options.interceptors }
       : undefined
     this[kFactory] = factory
+
+    this.on('connectionError', (origin, targets, error) => {
+      // If a connection error occurs, we remove the client from the pool,
+      // and emit a connectionError event. They will not be re-used.
+      // Fixes https://github.com/nodejs/undici/issues/3895
+      for (const target of targets) {
+        // Do not use kRemoveClient here, as it will close the client,
+        // but the client cannot be closed in this state.
+        const idx = this[kClients].indexOf(target)
+        if (idx !== -1) {
+          this[kClients].splice(idx, 1)
+        }
+      }
+    })
   }
 
   [kGetDispatcher] () {
@@ -38808,16 +38808,16 @@ const github = __nccwpck_require__(847);
 function getFilesInCommit(commit, token) {
     return __awaiter(this, void 0, void 0, function* () {
         const repo = github.context.payload.repository;
-        console.log('repo : ' + repo);
+        console.log("repo : " + repo);
         const owner = repo === null || repo === void 0 ? void 0 : repo.owner;
-        console.log('owner : ' + owner);
+        console.log("owner : " + owner);
         const allFiles = [];
         const args = { owner: (owner === null || owner === void 0 ? void 0 : owner.name) || (owner === null || owner === void 0 ? void 0 : owner.login), repo: repo === null || repo === void 0 ? void 0 : repo.name };
         args.ref = commit.id || commit.sha;
         const octokit = github.getOctokit(token);
-        console.log('octokit : ' + octokit);
-        const result = yield octokit.repos.getCommit(args);
-        console.log('result : ' + result);
+        console.log("octokit : " + octokit);
+        const result = yield octokit.rest.repos.getCommit(args);
+        console.log("result : " + result);
         if (result && result.data && result.data.files) {
             const files = result.data.files;
             files
@@ -38894,19 +38894,19 @@ const core = __nccwpck_require__(7484);
 class Action {
     constructor(actionString) {
         actionString = actionString.toLowerCase();
-        let as = actionString.split('/');
+        let as = actionString.split("/");
         this.author = as[0];
-        let action = as[1].split('@');
+        let action = as[1].split("@");
         this.name = action[0];
-        this.ref = (action.length > 1) ? action[1] : "*";
+        this.ref = action.length > 1 ? action[1] : "*";
     }
     toString() {
         return `${this.author}/${this.name}@${this.ref}`;
     }
 }
 exports.Action = Action;
 function isPolicyResponse(obj) {
-    return typeof obj === 'object' && obj !== null && Array.isArray(obj.actions);
+    return typeof obj === "object" && obj !== null && Array.isArray(obj.actions);
 }
 function run(context) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -38930,22 +38930,22 @@ function run(context) {
                     // Get the pull request number
                     const prNumber = (_a = github.context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.number;
                     if (prNumber) {
-                        console.log('prNumber : ' + prNumber);
+                        console.log("prNumber : " + prNumber);
                         // Fetch the pull request details to get the commits_url
-                        const prDetails = yield client.pulls.get({
+                        const prDetails = yield client.rest.pulls.get({
                             owner: github.context.repo.owner,
                             repo: github.context.repo.repo,
                             pull_number: prNumber,
                         });
-                        console.log('prDetails : ' + prDetails);
+                        console.log("prDetails : " + prDetails);
                         // Use the commits_url to fetch commits related to the pull request
                         const url = prDetails.data.commits_url;
-                        console.log('url : ' + url);
+                        console.log("url : " + url);
                         commits = yield client.paginate(`GET ${url}`, {
                             owner: github.context.repo.owner,
                             repo: github.context.repo.repo,
                         });
-                        console.log('commits : ' + commits);
+                        console.log("commits : " + commits);
                     }
                     else {
                         console.error("Pull request number not found in payload.");
@@ -38956,22 +38956,22 @@ function run(context) {
                     // Get the pull request number
                     const prNumber2 = (_b = github.context.payload.pull_request) === null || _b === void 0 ? void 0 : _b.number;
                     if (prNumber2) {
-                        console.log('prNumber2 : ' + prNumber2);
+                        console.log("prNumber2 : " + prNumber2);
                         // Fetch the pull request details to get the commits_url
-                        const prDetails2 = yield client.pulls.get({
+                        const prDetails2 = yield client.rest.pulls.get({
                             owner: github.context.repo.owner,
                             repo: github.context.repo.repo,
                             pull_number: prNumber2,
                         });
-                        console.log('prDetails : ' + prDetails2);
+                        console.log("prDetails : " + prDetails2);
                         // Use the commits_url to fetch commits related to the pull request
                         const url2 = prDetails2.data.commits_url;
-                        console.log('url2 : ' + url2);
+                        console.log("url2 : " + url2);
                         commits = yield client.paginate(`GET ${url2}`, {
                             owner: github.context.repo.owner,
                             repo: github.context.repo.repo,
                         });
-                        console.log('commits : ' + commits);
+                        console.log("commits : " + commits);
                     }
                     else {
                         console.error("Pull request number not found in payload.");
@@ -38983,7 +38983,7 @@ function run(context) {
             }
             for (let i = 0; i < commits.length; i++) {
                 var f = yield ghf.getFilesInCommit(commits[i], gitHubToken);
-                f.forEach(element => allFiles.add(element));
+                f.forEach((element) => allFiles.add(element));
             }
             let actionPolicyList = new Array();
             let actionViolations = new Array();
@@ -38992,8 +38992,9 @@ function run(context) {
             //look for any workflow file updates
             allFiles.forEach((file) => {
                 let filePath = path_1.default.parse(file);
-                console.log('filePath : ' + filePath);
-                if ((filePath.ext.toLowerCase() == ".yaml" || filePath.ext.toLowerCase() == ".yml") &&
+                console.log("filePath : " + filePath);
+                if ((filePath.ext.toLowerCase() == ".yaml" ||
+                    filePath.ext.toLowerCase() == ".yml") &&
                     filePath.dir.toLowerCase() == ".github/workflows") {
                     workflowFilePaths.push(file);
                 }
@@ -39005,28 +39006,29 @@ function run(context) {
             }
             // Load up the remote policy list
             yield (0, node_fetch_1.default)(policyUrl)
-                .then(response => response.json())
+                .then((response) => response.json())
                 .then((json) => {
-                json.actions.forEach(as => {
+                // json is now correctly typed as PolicyResponse
+                json.actions.forEach((as) => {
                     actionPolicyList.push(new Action(as));
                 });
             })
-                .catch(error => {
-                console.error('Error fetching or parsing policy:', error);
+                .catch((error) => {
+                console.error("Error fetching or parsing policy:", error);
                 // Handle the error appropriately (e.g., throw an error, set a default policy)
             });
             console.log("\nACTION POLICY LIST");
             console.log(line);
             actionPolicyList.forEach((item) => {
                 console.log(item.toString());
             });
-            workflowFilePaths.forEach(wf => {
+            workflowFilePaths.forEach((wf) => {
                 let workflow = { filePath: wf, actions: Array() };
                 workflowFiles.push(workflow);
                 try {
                     let yaml = js_yaml_1.default.load(fs_1.default.readFileSync(workflow.filePath, "utf-8"));
                     let actionStrings = getPropertyValues(yaml, "uses");
-                    actionStrings.forEach(as => {
+                    actionStrings.forEach((as) => {
                         workflow.actions.push(new Action(as));
                     });
                 }
@@ -39047,12 +39049,15 @@ function run(context) {
             workflowFiles.forEach((workflow) => {
                 console.log(`\nEvaluating '${workflow.filePath}'`);
                 console.log(line);
-                let violation = { filePath: workflow.filePath, actions: Array() };
+                let violation = {
+                    filePath: workflow.filePath,
+                    actions: Array(),
+                };
                 workflow.actions.forEach((action) => {
                     console.log(` - ${action.toString()}`);
                     if (action.author == ".")
                         return;
-                    let match = actionPolicyList.find(policy => policy.author === action.author &&
+                    let match = actionPolicyList.find((policy) => policy.author === action.author &&
                         (policy.name === "*" || action.name === policy.name) &&
                         (policy.ref === "*" || action.ref == policy.ref));
                     if (policyType == "allow") {
@@ -39077,9 +39082,9 @@ function run(context) {
                 core.setOutput("violations", actionViolations);
                 console.log("\n!!! ACTION POLICY VIOLATIONS DETECTED !!!");
                 console.log(line);
-                actionViolations.forEach(workflow => {
+                actionViolations.forEach((workflow) => {
                     console.log(`Workflow: ${workflow.filePath}`);
-                    workflow.actions.forEach(action => {
+                    workflow.actions.forEach((action) => {
                         console.log(` - ${action.toString()}`);
                     });
                     console.log();

src/github_files.ts

@@ -1,33 +1,34 @@
-const github = require('@actions/github');
+const github = require("@actions/github");
 
-export async function getFilesInCommit(commit: any, token: string): Promise<string[]> {
+export async function getFilesInCommit(
+  commit: any,
+  token: string,
+): Promise<string[]> {
+  const repo = github.context.payload.repository;
+  console.log("repo : " + repo);
+  const owner = repo?.owner;
+  console.log("owner : " + owner);
+  const allFiles: string[] = [];
 
-    const repo = github.context.payload.repository;
-    console.log('repo : ' + repo);
-    const owner = repo?.owner;
-    console.log('owner : ' + owner);
-    const allFiles: string[] = [];
+  const args: any = { owner: owner?.name || owner?.login, repo: repo?.name };
+  args.ref = commit.id || commit.sha;
 
-    const args: any = { owner: owner?.name || owner?.login, repo: repo?.name };
-    args.ref = commit.id || commit.sha;
+  const octokit = github.getOctokit(token);
+  console.log("octokit : " + octokit);
+  const result = await octokit.rest.repos.getCommit(args);
+  console.log("result : " + result);
 
-    const octokit = github.getOctokit(token);
-    console.log('octokit : ' + octokit);
-    const result = await octokit.rest.repos.getCommit(args);
-    console.log('result : ' + result);
+  if (result && result.data && result.data.files) {
+    const files = result.data.files;
 
-    if (result && result.data && result.data.files) {
-        const files = result.data.files;
-        
+    files
+      .filter(
+        (file: { status: string; filename: string }) =>
+          file.status == "modified" || file.status == "added",
+      )
+      .map((file: { filename: string }) => file.filename)
+      .forEach((filename: string) => allFiles.push(filename));
+  }
 
-        files
-            .filter(
-              (file: { status: string; filename: string }) =>
-                file.status == "modified" || file.status == "added",
-            )
-            .map((file: { filename: string }) => file.filename)
-            .forEach((filename: string) => allFiles.push(filename));
-    }
-
-    return allFiles;
+  return allFiles;
 }