mirror of
https://github.com/gradle/gradle-build-action.git
synced 2024-12-26 13:36:20 +08:00
c295a4096e
Logging of the AZURE_LOG_LEVEL env var value is considered a security issue, since any environment variable value could contain sensitive information. In this case, logging the value is not really necessary.
30 lines
1.5 KiB
Diff
30 lines
1.5 KiB
Diff
# Patch removes logging of the AZURE_LOG_LEVEL env var value
|
|
# This logging triggers a high severity Warning from CodeQL, which can prevent organizational users from adopting the action.
|
|
|
|
diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
|
|
index 116b59e..cf87f3c 100644
|
|
--- a/node_modules/@azure/logger/dist-esm/src/index.js
|
|
+++ b/node_modules/@azure/logger/dist-esm/src/index.js
|
|
@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
|
|
setLogLevel(logLevelFromEnv);
|
|
}
|
|
else {
|
|
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
|
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
|
}
|
|
}
|
|
/**
|
|
diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
|
|
index 327fbdb..4432d73 100644
|
|
--- a/node_modules/@azure/logger/dist/index.js
|
|
+++ b/node_modules/@azure/logger/dist/index.js
|
|
@@ -122,7 +122,7 @@ if (logLevelFromEnv) {
|
|
setLogLevel(logLevelFromEnv);
|
|
}
|
|
else {
|
|
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
|
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
|
}
|
|
}
|
|
/**
|