Merge pull request #74 from andylockran/codeql

CodeQL Fixes
andylockran · Dec 29, 2023 · ef092fd · ef092fd
2 parents 2aa870d + 01336ba
commit ef092fd
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 51,676 deletions.
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -10,6 +10,28 @@ on:
     branches: [ "main" ]
 
 jobs:
+  security-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Checkov GitHub Action
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          # This will add both a CLI output to the console and create a results.sarif file
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+
+        # Results are generated only on a success or failure
+        # this is required since GitHub by default won't run the next step
+        # when the previous one has failed. Security checks that do not pass will 'fail'.
+        # An alternative is to add `continue-on-error: true` to the previous step
+        # Or 'soft_fail: true' to checkov.
+        if: success() || failure()
+        with:
+          sarif_file: results.sarif
   build:
 
     runs-on: ubuntu-latest

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -56,23 +56,3 @@ jobs:
       - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
-
-  # Removing publishing to GH for now, given that I've got a package already on npm
-  # publish-gpr:
-  #   needs: build
-  #   runs-on: ubuntu-latest
-  #   permissions:
-  #     contents: read
-  #     packages: write
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - uses: actions/setup-node@v3
-  #       with:
-  #         node-version: 16.x
-  #         registry-url: https://npm.pkg.github.com/
-  #         scope: '@andylockran'
-  #     - run: npm i
-  #     - run: npm run build
-  #     - run: npm publish
-  #       env:
-  #         NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/examples/petstore_aws.yaml b/examples/petstore_aws.yaml
@@ -193,4 +193,11 @@ components:
       content:
         application/json:
           schema:
-            $ref: '#/components/schemas/Error'
+            $ref: '#/components/schemas/Error'
+  securitySchemes:
+    encryptedScheme:
+      type: oauth2
+
+security:
+  - oauth2: []
+
diff --git a/functions/draft4.js b/functions/draft4.js
@@ -547,7 +547,7 @@ var require_codegen = __commonJS({
     var Else = class extends BlockNode {
     };
     Else.kind = "else";
-    var If = class extends BlockNode {
+    var If = class _If extends BlockNode {
       constructor(condition, nodes) {
         super(nodes);
         this.condition = condition;
@@ -570,10 +570,10 @@ var require_codegen = __commonJS({
         }
         if (e) {
           if (cond === false)
-            return e instanceof If ? e : e.nodes;
+            return e instanceof _If ? e : e.nodes;
           if (this.nodes.length)
             return this;
-          return new If(not(cond), e instanceof If ? [e] : e.nodes);
+          return new _If(not(cond), e instanceof _If ? [e] : e.nodes);
         }
         if (cond === false || !this.nodes.length)
           return void 0;