tianzixuan/gradle-build-action
1
0
Fork 0
mirror of https://github.com/gradle/gradle-build-action.git synced 2025-11-04 09:58:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Patch @azure/logger to fix CodeQL warning

Browse Source 
Logging of the AZURE_LOG_LEVEL env var value is considered a security issue,
since any environment variable value could contain sensitive information.
In this case, logging the value is not really necessary.
This commit is contained in:
Daz DeBoer
2022-09-22 09:56:08 -06:00
parent 74a56b60ce
commit c295a4096e
5 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/main/index.js vendored
View File

@@ -19822,7 +19822,7 @@ if (logLevelFromEnv) {
setLogLevel(logLevelFromEnv); setLogLevel(logLevelFromEnv);
} }
else { else {
console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`); console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
} }
} }
/** /**

2
dist/main/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

2
dist/post/index.js vendored
View File

@@ -18925,7 +18925,7 @@ if (logLevelFromEnv) {
setLogLevel(logLevelFromEnv); setLogLevel(logLevelFromEnv);
} }
else { else {
console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`); console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
} }
} }
/** /**

2
dist/post/index.js.map vendored
View File

File diff suppressed because one or more lines are too long

29
patches/@azure+logger+1.0.3.patch Normal file
View File

@@ -0,0 +1,29 @@
# Patch removes logging of the AZURE_LOG_LEVEL env var value
# This logging triggers a high severity Warning from CodeQL, which can prevent organizational users from adopting the action.
diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
index 116b59e..cf87f3c 100644
--- a/node_modules/@azure/logger/dist-esm/src/index.js
+++ b/node_modules/@azure/logger/dist-esm/src/index.js
@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
setLogLevel(logLevelFromEnv);
}
else {
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
}
}
/**
diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
index 327fbdb..4432d73 100644
--- a/node_modules/@azure/logger/dist/index.js
+++ b/node_modules/@azure/logger/dist/index.js
@@ -122,7 +122,7 @@ if (logLevelFromEnv) {
setLogLevel(logLevelFromEnv);
}
else {
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
}
}
/**