Fixed a bug where a misplaced = character could bypass heredoc-style processing. (#2627)

* Fixed a bug where a misplaced `=` character could bypass heredoc-style processing. Fixes https://github.com/github/c2c-actions/issues/6910 GitHub Docs for context: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings * Consolidate near-identical FileCommand-related unit test classes. (#2672)
2025-12-12 05:37:01 +00:00 · 2023-06-29 12:52:05 +02:00
parent c05e6748c3
commit 4ffd081aea
7 changed files with 659 additions and 1008 deletions
--- a/src/Test/L0/Worker/SetEnvFileCommandL0.cs
+++ b/src/Test/L0/Worker/SetEnvFileCommandL0.cs
@@ -1,43 +1,25 @@
 using System;
 using System.Collections.Generic;
-using System.Globalization;
-using System.IO;
 using System.Linq;
-using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
-using System.Runtime.CompilerServices;
-using GitHub.Runner.Common.Util;
-using GitHub.Runner.Sdk;
 using GitHub.Runner.Worker;
-using GitHub.Runner.Worker.Container;
-using GitHub.Runner.Worker.Handlers;
-using Moq;
 using Xunit;
-using DTWebApi = GitHub.DistributedTask.WebApi;

 namespace GitHub.Runner.Common.Tests.Worker
 {
-    public sealed class SetEnvFileCommandL0
+    public sealed class SetEnvFileCommandL0 : FileCommandTestBase<SetEnvFileCommand>
    {
-        private Mock<IExecutionContext> _executionContext;
-        private List<Tuple<DTWebApi.Issue, string>> _issues;
-        private string _rootDirectory;
-        private SetEnvFileCommand _setEnvFileCommand;
-        private ITraceWriter _trace;
+
+        protected override IDictionary<string, string> PostSetup()
+        {
+            return _executionContext.Object.Global.EnvironmentVariables;
+        }

        [Fact]
        [Trait("Level", "L0")]
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_DirectoryNotFound()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "directory-not-found", "env");
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(0, _executionContext.Object.Global.EnvironmentVariables.Count);
-            }
+            base.TestDirectoryNotFound();
        }

        [Fact]
@@ -45,13 +27,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_NotFound()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "file-not-found");
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(0, _executionContext.Object.Global.EnvironmentVariables.Count);
-            }
+            base.TestNotFound();
        }

        [Fact]
@@ -59,15 +35,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_EmptyFile()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "empty-file");
-                var content = new List<string>();
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(0, _executionContext.Object.Global.EnvironmentVariables.Count);
-            }
+            base.TestEmptyFile();
        }

        [Fact]
@@ -75,19 +43,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Simple()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "simple");
-                var content = new List<string>
-                {
-                    "MY_ENV=MY VALUE",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(1, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal("MY VALUE", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-            }
+            base.TestSimple();
        }

        [Fact]
@@ -95,24 +51,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Simple_SkipEmptyLines()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "simple");
-                var content = new List<string>
-                {
-                    string.Empty,
-                    "MY_ENV=my value",
-                    string.Empty,
-                    "MY_ENV_2=my second value",
-                    string.Empty,
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(2, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal("my value", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-                Assert.Equal("my second value", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_2"]);
-            }
+            base.TestSimple_SkipEmptyLines();
        }

        [Fact]
@@ -120,19 +59,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Simple_EmptyValue()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "simple-empty-value");
-                var content = new List<string>
-                {
-                    "MY_ENV=",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(1, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal(string.Empty, _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-            }
+            base.TestSimple_EmptyValue();
        }

        [Fact]
@@ -140,23 +67,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Simple_MultipleValues()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "simple");
-                var content = new List<string>
-                {
-                    "MY_ENV=my value",
-                    "MY_ENV_2=",
-                    "MY_ENV_3=my third value",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(3, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal("my value", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-                Assert.Equal(string.Empty, _executionContext.Object.Global.EnvironmentVariables["MY_ENV_2"]);
-                Assert.Equal("my third value", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_3"]);
-            }
+            base.TestSimple_MultipleValues();
        }

        [Fact]
@@ -164,23 +75,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Simple_SpecialCharacters()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "simple");
-                var content = new List<string>
-                {
-                    "MY_ENV==abc",
-                    "MY_ENV_2=def=ghi",
-                    "MY_ENV_3=jkl=",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(3, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal("=abc", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-                Assert.Equal("def=ghi", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_2"]);
-                Assert.Equal("jkl=", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_3"]);
-            }
+            base.TestSimple_SpecialCharacters();
        }

        [Fact]
@@ -188,23 +83,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Heredoc()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<EOF",
-                    "line one",
-                    "line two",
-                    "line three",
-                    "EOF",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(1, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal($"line one{Environment.NewLine}line two{Environment.NewLine}line three", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-            }
+            base.TestHeredoc();
        }

        [Fact]
@@ -212,20 +91,7 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Heredoc_EmptyValue()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<EOF",
-                    "EOF",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(1, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal(string.Empty, _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-            }
+            base.TestHeredoc_EmptyValue();
        }

        [Fact]
@@ -233,73 +99,52 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Heredoc_SkipEmptyLines()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    string.Empty,
-                    "MY_ENV<<EOF",
-                    "hello",
-                    "world",
-                    "EOF",
-                    string.Empty,
-                    "MY_ENV_2<<EOF",
-                    "HELLO",
-                    "AGAIN",
-                    "EOF",
-                    string.Empty,
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(2, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal($"hello{Environment.NewLine}world", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-                Assert.Equal($"HELLO{Environment.NewLine}AGAIN", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_2"]);
-            }
+            base.TestHeredoc_SkipEmptyLines();
        }

        [Fact]
        [Trait("Level", "L0")]
        [Trait("Category", "Worker")]
-        public void SetEnvFileCommand_Heredoc_SpecialCharacters()
+        public void SetEnvFileCommand_Heredoc_EdgeCases()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<=EOF",
-                    "hello",
-                    "one",
-                    "=EOF",
-                    "MY_ENV_2<<<EOF",
-                    "hello",
-                    "two",
-                    "<EOF",
-                    "MY_ENV_3<<EOF",
-                    "hello",
-                    string.Empty,
-                    "three",
-                    string.Empty,
-                    "EOF",
-                    "MY_ENV_4<<EOF",
-                    "hello=four",
-                    "EOF",
-                    "MY_ENV_5<<EOF",
-                    " EOF",
-                    "EOF",
-                };
-                WriteContent(envFile, content);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(5, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal($"hello{Environment.NewLine}one", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-                Assert.Equal($"hello{Environment.NewLine}two", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_2"]);
-                Assert.Equal($"hello{Environment.NewLine}{Environment.NewLine}three{Environment.NewLine}", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_3"]);
-                Assert.Equal($"hello=four", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_4"]);
-                Assert.Equal($" EOF", _executionContext.Object.Global.EnvironmentVariables["MY_ENV_5"]);
-            }
+            base.TestHeredoc_EdgeCases();
+        }
+
+        [Theory]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Worker")]
+        // All of the following are not only valid, but quite plausible end markers.
+        // Most are derived straight from the example at https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+#pragma warning disable format
+        [InlineData("=EOF")][InlineData("==EOF")][InlineData("EO=F")][InlineData("EO==F")][InlineData("EOF=")][InlineData("EOF==")]
+        [InlineData("<EOF")][InlineData("<<EOF")][InlineData("EO<F")][InlineData("EO<<F")][InlineData("EOF<")][InlineData("EOF<<")]
+        [InlineData("+EOF")][InlineData("++EOF")][InlineData("EO+F")][InlineData("EO++F")][InlineData("EOF+")][InlineData("EOF++")]
+        [InlineData("/EOF")][InlineData("//EOF")][InlineData("EO/F")][InlineData("EO//F")][InlineData("EOF/")][InlineData("EOF//")]
+#pragma warning restore format
+        [InlineData("<<//++==")]
+        [InlineData("contrivedBase64==")]
+        [InlineData("khkIhPxsVA==")]
+        [InlineData("D+Y8zE/EOw==")]
+        [InlineData("wuOWG4S6FQ==")]
+        [InlineData("7wigCJ//iw==")]
+        [InlineData("uifTuYTs8K4=")]
+        [InlineData("M7N2ITg/04c=")]
+        [InlineData("Xhh+qp+Y6iM=")]
+        [InlineData("5tdblQajc/b+EGBZXo0w")]
+        [InlineData("jk/UMjIx/N0eVcQYOUfw")]
+        [InlineData("/n5lsw73Cwl35Hfuscdz")]
+        [InlineData("ZvnAEW+9O0tXp3Fmb3Oh")]
+        public void SetEnvFileCommand_Heredoc_EndMarkerVariations(string validEndMarker)
+        {
+            base.TestHeredoc_EndMarkerVariations(validEndMarker);
+        }
+
+        [Fact]
+        [Trait("Level", "L0")]
+        [Trait("Category", "Worker")]
+        public void SetEnvFileCommand_Heredoc_EqualBeforeMultilineIndicator()
+        {
+            base.TestHeredoc_EqualBeforeMultilineIndicator();
        }

        [Fact]
@@ -307,43 +152,15 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Heredoc_MissingNewLine()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<EOF",
-                    "line one",
-                    "line two",
-                    "line three",
-                    "EOF",
-                };
-                WriteContent(envFile, content, " ");
-                var ex = Assert.Throws<Exception>(() => _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null));
-                Assert.Contains("Matching delimiter not found", ex.Message);
-            }
+            base.TestHeredoc_MissingNewLine();
        }

        [Fact]
        [Trait("Level", "L0")]
        [Trait("Category", "Worker")]
-        public void SetEnvFileCommand_Heredoc_MissingNewLineMultipleLinesEnv()
+        public void SetEnvFileCommand_Heredoc_MissingNewLineMultipleLines()
        {
-            using (var hostContext = Setup())
-            {
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<EOF",
-                    @"line one
-                    line two
-                    line three",
-                    "EOF",
-                };
-                WriteContent(envFile, content, " ");
-                var ex = Assert.Throws<Exception>(() => _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null));
-                Assert.Contains("EOF marker missing new line", ex.Message);
-            }
+            base.TestHeredoc_MissingNewLineMultipleLines();
        }

 #if OS_WINDOWS
@@ -352,87 +169,9 @@ namespace GitHub.Runner.Common.Tests.Worker
        [Trait("Category", "Worker")]
        public void SetEnvFileCommand_Heredoc_PreservesNewline()
        {
-            using (var hostContext = Setup())
-            {
-                var newline = "\n";
-                var envFile = Path.Combine(_rootDirectory, "heredoc");
-                var content = new List<string>
-                {
-                    "MY_ENV<<EOF",
-                    "hello",
-                    "world",
-                    "EOF",
-                };
-                WriteContent(envFile, content, newline: newline);
-                _setEnvFileCommand.ProcessCommand(_executionContext.Object, envFile, null);
-                Assert.Equal(0, _issues.Count);
-                Assert.Equal(1, _executionContext.Object.Global.EnvironmentVariables.Count);
-                Assert.Equal($"hello{newline}world", _executionContext.Object.Global.EnvironmentVariables["MY_ENV"]);
-            }
+            base.TestHeredoc_PreservesNewline();
        }
 #endif

-        private void WriteContent(
-            string path,
-            List<string> content,
-            string newline = null)
-        {
-            if (string.IsNullOrEmpty(newline))
-            {
-                newline = Environment.NewLine;
-            }
-
-            var encoding = new UTF8Encoding(true); // Emit BOM
-            var contentStr = string.Join(newline, content);
-            File.WriteAllText(path, contentStr, encoding);
-        }
-
-        private TestHostContext Setup([CallerMemberName] string name = "")
-        {
-            _issues = new List<Tuple<DTWebApi.Issue, string>>();
-
-            var hostContext = new TestHostContext(this, name);
-
-            // Trace
-            _trace = hostContext.GetTrace();
-
-            // Directory for test data
-            var workDirectory = hostContext.GetDirectory(WellKnownDirectory.Work);
-            ArgUtil.NotNullOrEmpty(workDirectory, nameof(workDirectory));
-            Directory.CreateDirectory(workDirectory);
-            _rootDirectory = Path.Combine(workDirectory, nameof(SetEnvFileCommandL0));
-            Directory.CreateDirectory(_rootDirectory);
-
-            // Execution context
-            _executionContext = new Mock<IExecutionContext>();
-            _executionContext.Setup(x => x.Global)
-                .Returns(new GlobalContext
-                {
-                    EnvironmentVariables = new Dictionary<string, string>(VarUtil.EnvironmentVariableKeyComparer),
-                    WriteDebug = true,
-                });
-            _executionContext.Setup(x => x.AddIssue(It.IsAny<DTWebApi.Issue>(), It.IsAny<ExecutionContextLogOptions>()))
-                .Callback((DTWebApi.Issue issue, ExecutionContextLogOptions logOptions) =>
-                {
-                    var resolvedMessage = issue.Message;
-                    if (logOptions.WriteToLog && !string.IsNullOrEmpty(logOptions.LogMessageOverride))
-                    {
-                        resolvedMessage = logOptions.LogMessageOverride;
-                    }
-                    _issues.Add(new(issue, resolvedMessage));
-                    _trace.Info($"Issue '{issue.Type}': {resolvedMessage}");
-                });
-            _executionContext.Setup(x => x.Write(It.IsAny<string>(), It.IsAny<string>()))
-                .Callback((string tag, string message) =>
-                {
-                    _trace.Info($"{tag}{message}");
-                });
-
-            // SetEnvFileCommand
-            _setEnvFileCommand = new SetEnvFileCommand();
-            _setEnvFileCommand.Initialize(hostContext);
-
-            return hostContext;
-        }
    }
 }