Debug

yoanm · Mar 20, 2024 · f315931 · f315931
1 parent 6a42239
commit f315931
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 14 deletions.
diff --git a/.github/actions/reports-group/create/dist/index.js b/.github/actions/reports-group/create/dist/index.js
diff --git a/.github/actions/reports-group/create/dist/index.js.map b/.github/actions/reports-group/create/dist/index.js.map
diff --git a/.github/actions/reports-group/create/index.js b/.github/actions/reports-group/create/index.js
@@ -70,7 +70,7 @@ async function run() {
                 reports: trustedReportsMap.map(v => v.filename),
                 flags: FLAG_LIST_INPUT
             };
-            core.info('Created');
+            core.info('metadata=' + JSON.stringify(trustedMetadata));
 
             return res;
         }
@@ -96,7 +96,7 @@ async function run() {
         'Create metadata file',
         async () => {
             const trustedFp = trustedPathHelper.trust(path.resolve(trustedGroupDirectory, SDK.METADATA_FILENAME));
-            core.info('Create metadata file at ' + trustedFp + ' with: ' + JSON.stringify(trustedMetadata));
+            core.info('Create metadata file at ' + trustedFp);
 
             fs.writeFileSync(trustedFp, JSON.stringify(trustedMetadata));
     });

diff --git a/.github/actions/reports-group/find/dist/index.js b/.github/actions/reports-group/find/dist/index.js
diff --git a/.github/actions/reports-group/find/dist/index.js.map b/.github/actions/reports-group/find/dist/index.js.map
diff --git a/.github/actions/reports-group/load-metadata/dist/index.js b/.github/actions/reports-group/load-metadata/dist/index.js
diff --git a/.github/actions/reports-group/load-metadata/dist/index.js.map b/.github/actions/reports-group/load-metadata/dist/index.js.map
diff --git a/.github/actions/reports-group/load-metadata/index.js b/.github/actions/reports-group/load-metadata/index.js
@@ -21,11 +21,17 @@ async function run() {
                 core.setFailed('Unable to retrieve any group. Something wrong most likely happened !');
             }
 
-            return trustedMetadataPathList.map(async (trustedGroupPath) => {
+            const res = trustedMetadataPathList.map((trustedGroupPath) => {
                 core.info('Load '+ trustedGroupPath);
 
-                return trustedPathConverter.trustedMetadataUnder(trustedGroupPath);
+                const innerRes = trustedPathConverter.trustedMetadataUnder(trustedGroupPath);
+                core.info('DEBUG innerRes='+JSON.stringify(innerRes));
+
+                return innerRes;
             });
+            core.info('DEBUG res='+JSON.stringify(res));
+
+            return res;
         }
     );
     core.debug('Group paths=' + JSON.stringify(trustedMetadataList));

diff --git a/.github/actions/reports-group/node-sdk/src/path.js b/.github/actions/reports-group/node-sdk/src/path.js
@@ -16,7 +16,7 @@ function avoidPoisonNullBytesAttack(untrustedPath) {
     }
 }
 function avoidRelativePathAttack(trustedRootPath, untrustedPath) {
-    const normalizedPath = path.normalize(path.resolve(untrustedPath));
+    const normalizedPath = path.resolve(untrustedPath);
     if (normalizedPath.indexOf(trustedRootPath) !== 0) {
         throw new Error(
             'Potential "Relative Path" attack detected !\n'
@@ -63,8 +63,10 @@ function trustFrom(workspacePath) {
             const trustedReportPaths = untrustedMetadata.reports.map(r => helpers.trust(r));
 
             return {
-                ...untrustedMetadata,
+                name: untrustedMetadata.name,
+                format: untrustedMetadata.format,
                 reports: trustedReportPaths,
+                flags: untrustedMetadata.flags,
                 path: trustedGroupPath,
                 reportPaths: trustedReportPaths.map(trustedFp => helpers.trust(path.join(trustedGroupPath, trustedFp))),
             };