actions/add-to-project
1
0
Fork 0
mirror of https://github.com/actions/add-to-project.git synced 2025-12-12 13:07:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4afe1bcb60f227068f0afa5db5442d6c18d898af
add-to-project/fix-regex.js
Mardav Wala 4afe1bcb60 Fix both code scanning alerts 
1. Fixed misleading operator precedence by adding proper grouping:
   - Changed /^text\/|charset=utf-8$/ to /^(text\/|charset=utf-8)$/
   - This removes the misleading precedence warning

2. Fixed file system race condition in fix-regex.js:
   - Removed fs.existsSync() check followed by file operations
   - Now uses try/catch with proper ENOENT error handling
   - Eliminates potential TOCTOU vulnerability

All tests pass and regex functionality is preserved.
2025-08-15 17:03:48 +00:00

49 lines
1.7 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env node
/**
* Fix for misleading operator precedence in @octokit/request regex
* Changes /^text\/|charset=utf-8$/ to /^(text\/|charset=utf-8)$/
*/
const fs = require('fs')
const filesToFix = [
'node_modules/@actions/github/node_modules/@octokit/request/dist-src/fetch-wrapper.js',
'node_modules/@actions/github/node_modules/@octokit/request/dist-node/index.js',
'node_modules/@actions/github/node_modules/@octokit/request/dist-web/index.js',
]
process.stdout.write('🔧 Applying regex fix for @octokit/request...\n')
let filesFixed = 0
for (const filePath of filesToFix) {
try {
let content = fs.readFileSync(filePath, 'utf8')
const originalContent = content
// Fix the problematic regex pattern - add proper grouping to fix operator precedence
content = content.replace(/\/\^text\\?\/\|charset=utf-8\$?\//g, '/^(text\\/|charset=utf-8)$/')
content = content.replace(/\/\^text\/\|charset=utf-8\$?\//g, '/^(text/|charset=utf-8)$/')
if (content !== originalContent) {
fs.writeFileSync(filePath, content, 'utf8')
process.stdout.write(`✅ Fixed: ${filePath}\n`)
filesFixed++
} else {
process.stdout.write(` No changes needed: ${filePath}\n`)
}
} catch (error) {
if (error.code === 'ENOENT') {
process.stdout.write(`⚠️ File not found: ${filePath}\n`)
} else {
process.stderr.write(`❌ Error fixing ${filePath}: ${error.message}\n`)
}
}
}
process.stdout.write(`\n🎉 Fix complete! ${filesFixed} files updated.\n`)
if (filesFixed > 0) {
process.stdout.write('Run "npm run build:package" to rebuild with the fix.\n')
}
Reference in New Issue View Git Blame Copy Permalink