From e817aa0d36f00f02ecd592eb8b2fa7db41817fbd Mon Sep 17 00:00:00 2001 From: rindeal Date: Tue, 3 Sep 2024 07:04:17 +0200 Subject: [PATCH] core: fix possible filesystem race condition Otherwise CodeQL complains when @actions/core is used in bundled scripts. --- packages/core/src/file-command.ts | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/packages/core/src/file-command.ts b/packages/core/src/file-command.ts index 832c2f0e..de2e7e03 100644 --- a/packages/core/src/file-command.ts +++ b/packages/core/src/file-command.ts @@ -15,13 +15,24 @@ export function issueFileCommand(command: string, message: any): void { `Unable to find environment variable for file command ${command}` ) } - if (!fs.existsSync(filePath)) { - throw new Error(`Missing file at path: ${filePath}`) - } - fs.appendFileSync(filePath, `${toCommandValue(message)}${os.EOL}`, { - encoding: 'utf8' - }) + // do not use appendFileSync() because of CodeQL js/file-system-race + let fd + try { + fd = fs.openSync(filePath, 'a') + } catch (err) { + if (err.code === 'ENOENT') { + throw new Error(`Missing file at path: ${filePath}`) + } else { + throw err + } + } + + try { + fs.writeSync(fd, `${toCommandValue(message)}${os.EOL}`, null, 'utf8') + } finally { + fs.closeSync(fd) + } } export function prepareKeyValueMessage(key: string, value: any): string {