From a103f5eefe6a06a86bf61c8aa9390e72b5f85dd7 Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Mon, 22 May 2023 14:32:33 +0100 Subject: [PATCH 1/6] Update actions/cache dependencies to fix vulnerabilities --- packages/cache/package-lock.json | 48 ++++++++++++++++---------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/packages/cache/package-lock.json b/packages/cache/package-lock.json index 5e6ffac8..dfb088da 100644 --- a/packages/cache/package-lock.json +++ b/packages/cache/package-lock.json @@ -112,9 +112,9 @@ "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" }, "node_modules/@azure/core-http": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@azure/core-http/-/core-http-3.0.0.tgz", - "integrity": "sha512-BxI2SlGFPPz6J1XyZNIVUf0QZLBKFX+ViFjKOkzqD18J1zOINIQ8JSBKKr+i+v8+MB6LacL6Nn/sP/TE13+s2Q==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@azure/core-http/-/core-http-3.0.1.tgz", + "integrity": "sha512-A3x+um3cAPgQe42Lu7Iv/x8/fNjhL/nIoEfqFxfn30EyxK6zC13n+OUxzZBRC0IzQqssqIbt4INf5YG7lYYFtw==", "dependencies": { "@azure/abort-controller": "^1.0.0", "@azure/core-auth": "^1.3.0", @@ -129,7 +129,7 @@ "tslib": "^2.2.0", "tunnel": "^0.0.6", "uuid": "^8.3.0", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" }, "engines": { "node": ">=14.0.0" @@ -248,19 +248,19 @@ "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" }, "node_modules/@azure/ms-rest-js": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/@azure/ms-rest-js/-/ms-rest-js-2.6.0.tgz", - "integrity": "sha512-4C5FCtvEzWudblB+h92/TYYPiq7tuElX8icVYToxOdggnYqeec4Se14mjse5miInKtZahiFHdl8lZA/jziEc5g==", + "version": "2.6.6", + "resolved": "https://registry.npmjs.org/@azure/ms-rest-js/-/ms-rest-js-2.6.6.tgz", + "integrity": "sha512-WYIda8VvrkZE68xHgOxUXvjThxNf1nnGPPe0rAljqK5HJHIZ12Pi3YhEDOn3Ge7UnwaaM3eFO0VtAy4nGVI27Q==", "dependencies": { "@azure/core-auth": "^1.1.4", "abort-controller": "^3.0.0", "form-data": "^2.5.0", - "node-fetch": "^2.6.0", + "node-fetch": "^2.6.7", "tough-cookie": "^3.0.1", "tslib": "^1.10.0", "tunnel": "0.0.6", "uuid": "^8.3.2", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" } }, "node_modules/@azure/ms-rest-js/node_modules/uuid": { @@ -591,9 +591,9 @@ } }, "node_modules/xml2js": { - "version": "0.4.23", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", - "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", "dependencies": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" @@ -695,9 +695,9 @@ } }, "@azure/core-http": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/@azure/core-http/-/core-http-3.0.0.tgz", - "integrity": "sha512-BxI2SlGFPPz6J1XyZNIVUf0QZLBKFX+ViFjKOkzqD18J1zOINIQ8JSBKKr+i+v8+MB6LacL6Nn/sP/TE13+s2Q==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@azure/core-http/-/core-http-3.0.1.tgz", + "integrity": "sha512-A3x+um3cAPgQe42Lu7Iv/x8/fNjhL/nIoEfqFxfn30EyxK6zC13n+OUxzZBRC0IzQqssqIbt4INf5YG7lYYFtw==", "requires": { "@azure/abort-controller": "^1.0.0", "@azure/core-auth": "^1.3.0", @@ -712,7 +712,7 @@ "tslib": "^2.2.0", "tunnel": "^0.0.6", "uuid": "^8.3.0", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" }, "dependencies": { "form-data": { @@ -819,19 +819,19 @@ } }, "@azure/ms-rest-js": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/@azure/ms-rest-js/-/ms-rest-js-2.6.0.tgz", - "integrity": "sha512-4C5FCtvEzWudblB+h92/TYYPiq7tuElX8icVYToxOdggnYqeec4Se14mjse5miInKtZahiFHdl8lZA/jziEc5g==", + "version": "2.6.6", + "resolved": "https://registry.npmjs.org/@azure/ms-rest-js/-/ms-rest-js-2.6.6.tgz", + "integrity": "sha512-WYIda8VvrkZE68xHgOxUXvjThxNf1nnGPPe0rAljqK5HJHIZ12Pi3YhEDOn3Ge7UnwaaM3eFO0VtAy4nGVI27Q==", "requires": { "@azure/core-auth": "^1.1.4", "abort-controller": "^3.0.0", "form-data": "^2.5.0", - "node-fetch": "^2.6.0", + "node-fetch": "^2.6.7", "tough-cookie": "^3.0.1", "tslib": "^1.10.0", "tunnel": "0.0.6", "uuid": "^8.3.2", - "xml2js": "^0.4.19" + "xml2js": "^0.5.0" }, "dependencies": { "uuid": { @@ -1089,9 +1089,9 @@ } }, "xml2js": { - "version": "0.4.23", - "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz", - "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", "requires": { "sax": ">=0.6.0", "xmlbuilder": "~11.0.0" From 672c88ec4bab3fb451574b97919c36327c43943f Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Tue, 23 May 2023 12:23:56 +0100 Subject: [PATCH 2/6] Use postman-echo to replace httpbin --- packages/http-client/__tests__/auth.test.ts | 18 +-- packages/http-client/__tests__/basics.test.ts | 136 +++++++++--------- .../http-client/__tests__/headers.test.ts | 51 +++---- .../http-client/__tests__/keepalive.test.ts | 18 +-- packages/http-client/__tests__/proxy.test.ts | 24 ++-- 5 files changed, 126 insertions(+), 121 deletions(-) diff --git a/packages/http-client/__tests__/auth.test.ts b/packages/http-client/__tests__/auth.test.ts index 878fafe9..dadcbfb7 100644 --- a/packages/http-client/__tests__/auth.test.ts +++ b/packages/http-client/__tests__/auth.test.ts @@ -15,18 +15,18 @@ describe('auth', () => { bh ]) const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - const auth: string = obj.headers.Authorization + const auth: string = obj.headers.authorization const creds: string = Buffer.from( auth.substring('Basic '.length), 'base64' ).toString() expect(creds).toBe('johndoe:password') - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('does basic http get request with pat token auth', async () => { @@ -39,18 +39,18 @@ describe('auth', () => { ph ]) const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - const auth: string = obj.headers.Authorization + const auth: string = obj.headers.authorization const creds: string = Buffer.from( auth.substring('Basic '.length), 'base64' ).toString() expect(creds).toBe(`PAT:${token}`) - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('does basic http get request with pat token auth', async () => { @@ -61,13 +61,13 @@ describe('auth', () => { ph ]) const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - const auth: string = obj.headers.Authorization + const auth: string = obj.headers.authorization expect(auth).toBe(`Bearer ${token}`) - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) }) diff --git a/packages/http-client/__tests__/basics.test.ts b/packages/http-client/__tests__/basics.test.ts index 7732264a..1e715ce9 100644 --- a/packages/http-client/__tests__/basics.test.ts +++ b/packages/http-client/__tests__/basics.test.ts @@ -33,44 +33,44 @@ describe('basics', () => { // "args": {}, // "headers": { // "Connection": "close", - // "Host": "httpbin.org", - // "User-Agent": "typed-test-client-tests" + // "Host": "postman-echo.com", + // "user-agent": "typed-test-client-tests" // }, // "origin": "173.95.152.44", - // "url": "https://httpbin.org/get" + // "url": "https://postman-echo.com/get" // } it('does basic http get request', async () => { const res: httpm.HttpClientResponse = await _http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('http://httpbin.org/get') - expect(obj.headers['User-Agent']).toBeTruthy() + expect(obj.url).toBe('http://postman-echo.com/get') + expect(obj.headers['user-agent']).toBeTruthy() }) it('does basic http get request with no user agent', async () => { const http: httpm.HttpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('http://httpbin.org/get') - expect(obj.headers['User-Agent']).toBeFalsy() + expect(obj.url).toBe('http://postman-echo.com/get') + expect(obj.headers['user-agent']).toBeFalsy() }) it('does basic https get request', async () => { const res: httpm.HttpClientResponse = await _http.get( - 'https://httpbin.org/get' + 'https://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') + expect(obj.url).toBe('https://postman-echo.com/get') }) it('does basic http get request with default headers', async () => { @@ -85,14 +85,14 @@ describe('basics', () => { } ) const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.headers.Accept).toBe('application/json') - expect(obj.headers['Content-Type']).toBe('application/json') - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.headers.accept).toBe('application/json') + expect(obj.headers['content-type']).toBe('application/json') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('does basic http get request with merged headers', async () => { @@ -107,7 +107,7 @@ describe('basics', () => { } ) const res: httpm.HttpClientResponse = await http.get( - 'http://httpbin.org/get', + 'http://postman-echo.com/get', { 'content-type': 'application/x-www-form-urlencoded' } @@ -115,22 +115,22 @@ describe('basics', () => { expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.headers.Accept).toBe('application/json') - expect(obj.headers['Content-Type']).toBe( + expect(obj.headers.accept).toBe('application/json') + expect(obj.headers['content-type']).toBe( 'application/x-www-form-urlencoded' ) - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('pipes a get request', async () => { return new Promise(async resolve => { const file = fs.createWriteStream(sampleFilePath) - ;(await _http.get('https://httpbin.org/get')).message + ;(await _http.get('https://postman-echo.com/get')).message .pipe(file) .on('close', () => { const body: string = fs.readFileSync(sampleFilePath).toString() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') + expect(obj.url).toBe('https://postman-echo.com/get') resolve() }) }) @@ -138,32 +138,32 @@ describe('basics', () => { it('does basic get request with redirects', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://httpbin.org/get' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://postman-echo.com/get' )}` ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') + expect(obj.url).toBe('https://postman-echo.com/get') }) it('does basic get request with redirects (303)', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://httpbin.org/get' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://postman-echo.com/get' )}&status_code=303` ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') + expect(obj.url).toBe('https://postman-echo.com/get') }) it('returns 404 for not found get request on redirect', async () => { const res: httpm.HttpClientResponse = await _http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://httpbin.org/status/404' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://postman-echo.com/status/404' )}&status_code=303` ) expect(res.message.statusCode).toBe(404) @@ -177,8 +177,8 @@ describe('basics', () => { {allowRedirects: false} ) const res: httpm.HttpClientResponse = await http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://httpbin.org/get' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://postman-echo.com/get' )}` ) expect(res.message.statusCode).toBe(302) @@ -191,8 +191,8 @@ describe('basics', () => { authorization: 'shhh' } const res: httpm.HttpClientResponse = await _http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://www.httpbin.org/get' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://www.postman-echo.com/get' )}`, headers ) @@ -201,10 +201,10 @@ describe('basics', () => { const body: string = await res.readBody() const obj = JSON.parse(body) // httpbin "fixes" the casing - expect(obj.headers['Accept']).toBe('application/json') + expect(obj.headers[httpm.Headers.Accept]).toBe('application/json') expect(obj.headers['Authorization']).toBeUndefined() expect(obj.headers['authorization']).toBeUndefined() - expect(obj.url).toBe('https://www.httpbin.org/get') + expect(obj.url).toBe('https://www.postman-echo.com/get') }) it('does not pass Auth with diff hostname redirects', async () => { @@ -213,8 +213,8 @@ describe('basics', () => { Authorization: 'shhh' } const res: httpm.HttpClientResponse = await _http.get( - `https://httpbin.org/redirect-to?url=${encodeURIComponent( - 'https://www.httpbin.org/get' + `https://postman-echo.com/redirect-to?url=${encodeURIComponent( + 'https://www.postman-echo.com/get' )}`, headers ) @@ -223,22 +223,22 @@ describe('basics', () => { const body: string = await res.readBody() const obj = JSON.parse(body) // httpbin "fixes" the casing - expect(obj.headers['Accept']).toBe('application/json') + expect(obj.headers[httpm.Headers.Accept]).toBe('application/json') expect(obj.headers['Authorization']).toBeUndefined() expect(obj.headers['authorization']).toBeUndefined() - expect(obj.url).toBe('https://www.httpbin.org/get') + expect(obj.url).toBe('https://www.postman-echo.com/get') }) it('does basic head request', async () => { const res: httpm.HttpClientResponse = await _http.head( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) }) it('does basic http delete request', async () => { const res: httpm.HttpClientResponse = await _http.del( - 'http://httpbin.org/delete' + 'http://postman-echo.com/delete' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() @@ -248,32 +248,32 @@ describe('basics', () => { it('does basic http post request', async () => { const b = 'Hello World!' const res: httpm.HttpClientResponse = await _http.post( - 'http://httpbin.org/post', + 'http://postman-echo.com/post', b ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) expect(obj.data).toBe(b) - expect(obj.url).toBe('http://httpbin.org/post') + expect(obj.url).toBe('http://postman-echo.com/post') }) it('does basic http patch request', async () => { const b = 'Hello World!' const res: httpm.HttpClientResponse = await _http.patch( - 'http://httpbin.org/patch', + 'http://postman-echo.com/patch', b ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) expect(obj.data).toBe(b) - expect(obj.url).toBe('http://httpbin.org/patch') + expect(obj.url).toBe('http://postman-echo.com/patch') }) it('does basic http options request', async () => { const res: httpm.HttpClientResponse = await _http.options( - 'http://httpbin.org' + 'http://postman-echo.com' ) expect(res.message.statusCode).toBe(200) await res.readBody() @@ -281,28 +281,30 @@ describe('basics', () => { it('returns 404 for not found get request', async () => { const res: httpm.HttpClientResponse = await _http.get( - 'http://httpbin.org/status/404' + 'http://postman-echo.com/status/404' ) expect(res.message.statusCode).toBe(404) await res.readBody() }) it('gets a json object', async () => { - const jsonObj = await _http.getJson('https://httpbin.org/get') + const jsonObj = await _http.getJson( + 'https://postman-echo.com/get' + ) expect(jsonObj.statusCode).toBe(200) expect(jsonObj.result).toBeDefined() - expect(jsonObj.result?.url).toBe('https://httpbin.org/get') - expect(jsonObj.result?.headers['Accept']).toBe( + expect(jsonObj.result?.url).toBe('https://postman-echo.com/get') + expect(jsonObj.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson ) - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.headers['content-type']).toContain( httpm.MediaTypes.ApplicationJson ) }) it('getting a non existent json object returns null', async () => { const jsonObj = await _http.getJson( - 'https://httpbin.org/status/404' + 'https://postman-echo.com/status/404' ) expect(jsonObj.statusCode).toBe(404) expect(jsonObj.result).toBeNull() @@ -311,20 +313,20 @@ describe('basics', () => { it('posts a json object', async () => { const res = {name: 'foo'} const restRes = await _http.postJson( - 'https://httpbin.org/post', + 'https://postman-echo.com/post', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://httpbin.org/post') + expect(restRes.result?.url).toBe('https://postman-echo.com/post') expect(restRes.result?.json.name).toBe('foo') - expect(restRes.result?.headers['Accept']).toBe( + expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.result?.headers['Content-Type']).toBe( + expect(restRes.result?.headers['content-type']).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.headers[httpm.Headers.ContentType]).toBe( + expect(restRes.headers['content-type']).toContain( httpm.MediaTypes.ApplicationJson ) }) @@ -332,21 +334,21 @@ describe('basics', () => { it('puts a json object', async () => { const res = {name: 'foo'} const restRes = await _http.putJson( - 'https://httpbin.org/put', + 'https://postman-echo.com/put', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://httpbin.org/put') + expect(restRes.result?.url).toBe('https://postman-echo.com/put') expect(restRes.result?.json.name).toBe('foo') - expect(restRes.result?.headers['Accept']).toBe( + expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.result?.headers['Content-Type']).toBe( + expect(restRes.result?.headers['content-type']).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.headers[httpm.Headers.ContentType]).toBe( + expect(restRes.headers['content-type']).toContain( httpm.MediaTypes.ApplicationJson ) }) @@ -354,20 +356,20 @@ describe('basics', () => { it('patch a json object', async () => { const res = {name: 'foo'} const restRes = await _http.patchJson( - 'https://httpbin.org/patch', + 'https://postman-echo.com/patch', res ) expect(restRes.statusCode).toBe(200) expect(restRes.result).toBeDefined() - expect(restRes.result?.url).toBe('https://httpbin.org/patch') + expect(restRes.result?.url).toBe('https://postman-echo.com/patch') expect(restRes.result?.json.name).toBe('foo') - expect(restRes.result?.headers['Accept']).toBe( + expect(restRes.result?.headers[httpm.Headers.Accept]).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.result?.headers['Content-Type']).toBe( + expect(restRes.result?.headers['content-type']).toBe( httpm.MediaTypes.ApplicationJson ) - expect(restRes.headers[httpm.Headers.ContentType]).toBe( + expect(restRes.headers['content-type']).toContain( httpm.MediaTypes.ApplicationJson ) }) diff --git a/packages/http-client/__tests__/headers.test.ts b/packages/http-client/__tests__/headers.test.ts index 0af9563c..c1ca0ec3 100644 --- a/packages/http-client/__tests__/headers.test.ts +++ b/packages/http-client/__tests__/headers.test.ts @@ -12,11 +12,11 @@ describe('headers', () => { it('preserves existing headers on getJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.getJson( - 'https://httpbin.org/get', + 'https://postman-echo.com/get', additionalHeaders ) - expect(jsonObj.result.headers['Accept']).toBe('foo') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) @@ -26,9 +26,9 @@ describe('headers', () => { [httpm.Headers.Accept]: 'baz' } } - jsonObj = await httpWithHeaders.getJson('https://httpbin.org/get') - expect(jsonObj.result.headers['Accept']).toBe('baz') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + jsonObj = await httpWithHeaders.getJson('https://postman-echo.com/get') + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) }) @@ -36,12 +36,12 @@ describe('headers', () => { it('preserves existing headers on postJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.postJson( - 'https://httpbin.org/post', + 'https://postman-echo.com/post', {}, additionalHeaders ) - expect(jsonObj.result.headers['Accept']).toBe('foo') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) @@ -52,11 +52,11 @@ describe('headers', () => { } } jsonObj = await httpWithHeaders.postJson( - 'https://httpbin.org/post', + 'https://postman-echo.com/post', {} ) - expect(jsonObj.result.headers['Accept']).toBe('baz') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) }) @@ -64,12 +64,12 @@ describe('headers', () => { it('preserves existing headers on putJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.putJson( - 'https://httpbin.org/put', + 'https://postman-echo.com/put', {}, additionalHeaders ) - expect(jsonObj.result.headers['Accept']).toBe('foo') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) @@ -79,9 +79,12 @@ describe('headers', () => { [httpm.Headers.Accept]: 'baz' } } - jsonObj = await httpWithHeaders.putJson('https://httpbin.org/put', {}) - expect(jsonObj.result.headers['Accept']).toBe('baz') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + jsonObj = await httpWithHeaders.putJson( + 'https://postman-echo.com/put', + {} + ) + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) }) @@ -89,12 +92,12 @@ describe('headers', () => { it('preserves existing headers on patchJson', async () => { const additionalHeaders = {[httpm.Headers.Accept]: 'foo'} let jsonObj = await _http.patchJson( - 'https://httpbin.org/patch', + 'https://postman-echo.com/patch', {}, additionalHeaders ) - expect(jsonObj.result.headers['Accept']).toBe('foo') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('foo') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) @@ -105,11 +108,11 @@ describe('headers', () => { } } jsonObj = await httpWithHeaders.patchJson( - 'https://httpbin.org/patch', + 'https://postman-echo.com/patch', {} ) - expect(jsonObj.result.headers['Accept']).toBe('baz') - expect(jsonObj.headers[httpm.Headers.ContentType]).toBe( + expect(jsonObj.result.headers[httpm.Headers.Accept]).toBe('baz') + expect(jsonObj.headers[httpm.Headers.ContentType]).toContain( httpm.MediaTypes.ApplicationJson ) }) diff --git a/packages/http-client/__tests__/keepalive.test.ts b/packages/http-client/__tests__/keepalive.test.ts index ed55be20..1faff5ff 100644 --- a/packages/http-client/__tests__/keepalive.test.ts +++ b/packages/http-client/__tests__/keepalive.test.ts @@ -13,24 +13,24 @@ describe('basics', () => { it('does basic http get request with keepAlive true', async () => { const res: httpm.HttpClientResponse = await _http.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') }) it('does basic head request with keepAlive true', async () => { const res: httpm.HttpClientResponse = await _http.head( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) }) it('does basic http delete request with keepAlive true', async () => { const res: httpm.HttpClientResponse = await _http.del( - 'http://httpbin.org/delete' + 'http://postman-echo.com/delete' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() @@ -40,32 +40,32 @@ describe('basics', () => { it('does basic http post request with keepAlive true', async () => { const b = 'Hello World!' const res: httpm.HttpClientResponse = await _http.post( - 'http://httpbin.org/post', + 'http://postman-echo.com/post', b ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) expect(obj.data).toBe(b) - expect(obj.url).toBe('http://httpbin.org/post') + expect(obj.url).toBe('http://postman-echo.com/post') }) it('does basic http patch request with keepAlive true', async () => { const b = 'Hello World!' const res: httpm.HttpClientResponse = await _http.patch( - 'http://httpbin.org/patch', + 'http://postman-echo.com/patch', b ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) expect(obj.data).toBe(b) - expect(obj.url).toBe('http://httpbin.org/patch') + expect(obj.url).toBe('http://postman-echo.com/patch') }) it('does basic http options request with keepAlive true', async () => { const res: httpm.HttpClientResponse = await _http.options( - 'http://httpbin.org' + 'http://postman-echo.com' ) expect(res.message.statusCode).toBe(200) await res.readBody() diff --git a/packages/http-client/__tests__/proxy.test.ts b/packages/http-client/__tests__/proxy.test.ts index 98d85c86..e38d5a2d 100644 --- a/packages/http-client/__tests__/proxy.test.ts +++ b/packages/http-client/__tests__/proxy.test.ts @@ -192,26 +192,26 @@ describe('proxy', () => { process.env['http_proxy'] = _proxyUrl const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('http://httpbin.org/get') - expect(_proxyConnects).toEqual(['httpbin.org:80']) + expect(obj.url).toBe('http://postman-echo.com/get') + expect(_proxyConnects).toEqual(['postman-echo.com:80']) }) it('HttoClient does basic http get request when bypass proxy', async () => { process.env['http_proxy'] = _proxyUrl - process.env['no_proxy'] = 'httpbin.org' + process.env['no_proxy'] = 'postman-echo.com' const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'http://httpbin.org/get' + 'http://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('http://httpbin.org/get') + expect(obj.url).toBe('http://postman-echo.com/get') expect(_proxyConnects).toHaveLength(0) }) @@ -219,26 +219,26 @@ describe('proxy', () => { process.env['https_proxy'] = _proxyUrl const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'https://httpbin.org/get' + 'https://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') - expect(_proxyConnects).toEqual(['httpbin.org:443']) + expect(obj.url).toBe('https://postman-echo.com/get') + expect(_proxyConnects).toEqual(['postman-echo.com:443']) }) it('HttpClient does basic https get request when bypass proxy', async () => { process.env['https_proxy'] = _proxyUrl - process.env['no_proxy'] = 'httpbin.org' + process.env['no_proxy'] = 'postman-echo.com' const httpClient = new httpm.HttpClient() const res: httpm.HttpClientResponse = await httpClient.get( - 'https://httpbin.org/get' + 'https://postman-echo.com/get' ) expect(res.message.statusCode).toBe(200) const body: string = await res.readBody() const obj = JSON.parse(body) - expect(obj.url).toBe('https://httpbin.org/get') + expect(obj.url).toBe('https://postman-echo.com/get') expect(_proxyConnects).toHaveLength(0) }) From bbab4bec578e94c5b4d3fa4ec6e5a021acb7e7e1 Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Tue, 23 May 2023 13:10:40 +0100 Subject: [PATCH 3/6] Update packages/http-client/__tests__/proxy.test.ts Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> --- packages/http-client/__tests__/proxy.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/http-client/__tests__/proxy.test.ts b/packages/http-client/__tests__/proxy.test.ts index e38d5a2d..97cf7853 100644 --- a/packages/http-client/__tests__/proxy.test.ts +++ b/packages/http-client/__tests__/proxy.test.ts @@ -201,7 +201,7 @@ describe('proxy', () => { expect(_proxyConnects).toEqual(['postman-echo.com:80']) }) - it('HttoClient does basic http get request when bypass proxy', async () => { + it('HttpClient does basic http get request when bypass proxy', async () => { process.env['http_proxy'] = _proxyUrl process.env['no_proxy'] = 'postman-echo.com' const httpClient = new httpm.HttpClient() From 59851786d4b0778a530c50e795b0070d681e9edf Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Thu, 25 May 2023 10:59:41 +0100 Subject: [PATCH 4/6] Add tests to ensure secrets are escaped --- packages/core/__tests__/core.test.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/core/__tests__/core.test.ts b/packages/core/__tests__/core.test.ts index 5011fcc8..09bc587b 100644 --- a/packages/core/__tests__/core.test.ts +++ b/packages/core/__tests__/core.test.ts @@ -161,7 +161,11 @@ describe('@actions/core', () => { it('setSecret produces the correct command', () => { core.setSecret('secret val') - assertWriteCalls([`::add-mask::secret val${os.EOL}`]) + core.setSecret('multi\nline\r\nsecret') + assertWriteCalls([ + `::add-mask::secret val${os.EOL}`, + `::add-mask::multi%0Aline%0D%0Asecret${os.EOL}` + ]) }) it('prependPath produces the correct commands and sets the env', () => { From f481b8c8dcbe245318cd220b0016650b3d1b1e1c Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Thu, 25 May 2023 11:00:25 +0100 Subject: [PATCH 5/6] Update docs for setSecret --- docs/commands.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/commands.md b/docs/commands.md index c711368a..5af0f319 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -50,7 +50,18 @@ function setSecret(secret: string): void {} Now, future logs containing BAR will be masked. E.g. running `echo "Hello FOO BAR World"` will now print `Hello FOO **** World`. -**WARNING** The add-mask and setSecret commands only support single line secrets. To register a multiline secrets you must register each line individually otherwise it will not be masked. +**WARNING** The add-mask and setSecret commands only support single-line +secrets or multi-line secrets that have been escaped. `@actions/core` +`setSecret` will escape the string you provide by default. When an escaped +multi-line string is provided the whole string and each of its lines +individually will be masked. For example you can mask `first\nsecond\r\nthird` +using: + +```sh +echo "::add-mask::first%0Asecond%0D%0Athird" +``` + +This will mask `first%0Asecond%0D%0Athird`, `first`, `second` and `third`. **WARNING** Do **not** mask short values if you can avoid it, it could render your output unreadable (and future steps' output as well). For example, if you mask the letter `l`, running `echo "Hello FOO BAR World"` will now print `He*********o FOO BAR Wor****d` From ae9272d5cbda0eae6e26ff14ccb0b7a6b98a6d3d Mon Sep 17 00:00:00 2001 From: Francesco Renzi Date: Thu, 25 May 2023 11:07:37 +0100 Subject: [PATCH 6/6] Update docs/commands.md Co-authored-by: JoannaaKL --- docs/commands.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/commands.md b/docs/commands.md index 5af0f319..15f18e84 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -50,7 +50,7 @@ function setSecret(secret: string): void {} Now, future logs containing BAR will be masked. E.g. running `echo "Hello FOO BAR World"` will now print `Hello FOO **** World`. -**WARNING** The add-mask and setSecret commands only support single-line +**WARNING** The add-mask and setSecret commands only support single-line secrets or multi-line secrets that have been escaped. `@actions/core` `setSecret` will escape the string you provide by default. When an escaped multi-line string is provided the whole string and each of its lines