mirror of https://github.com/actions/toolkit
Strip INPUT_* env variables from subprocesses
Luke Tomlinson
parent
3491e2eeea
commit
fad1bf5141
|
|
@ -1,4 +1,5 @@
|
||||||
import * as exec from '../src/exec'
|
import * as exec from '../src/exec'
|
||||||
|
import * as tr from '../src/toolrunner'
|
||||||
import * as im from '../src/interfaces'
|
import * as im from '../src/interfaces'
|
||||||
|
|
||||||
import * as childProcess from 'child_process'
|
import * as childProcess from 'child_process'
|
||||||
|
|
@ -620,6 +621,14 @@ describe('@actions/exec', () => {
|
||||||
expect(output.trim()).toBe(`args[0]: "hello"${os.EOL}args[1]: "world"`)
|
expect(output.trim()).toBe(`args[0]: "hello"${os.EOL}args[1]: "world"`)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('tool runner strips INPUT_ params from environment for child process', () => {
|
||||||
|
const env = {INPUT_TEST: 'input value', SOME_OTHER_ENV: 'some other value'}
|
||||||
|
const sanitizedEnv = tr.stripInputEnvironmentVariables(env)
|
||||||
|
|
||||||
|
expect(sanitizedEnv).not.toHaveProperty('INPUT_TEST')
|
||||||
|
expect(sanitizedEnv).toHaveProperty('SOME_OTHER_ENV')
|
||||||
|
})
|
||||||
|
|
||||||
if (IS_WINDOWS) {
|
if (IS_WINDOWS) {
|
||||||
it('Exec roots relative tool path using process.cwd (Windows path separator)', async () => {
|
it('Exec roots relative tool path using process.cwd (Windows path separator)', async () => {
|
||||||
let exitCode: number
|
let exitCode: number
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ export interface ExecOptions {
|
||||||
/** optional working directory. defaults to current */
|
/** optional working directory. defaults to current */
|
||||||
cwd?: string
|
cwd?: string
|
||||||
|
|
||||||
/** optional envvar dictionary. defaults to current process's env */
|
/** optional envvar dictionary. defaults to current process's env with `INPUT_*` variables removed */
|
||||||
env?: {[key: string]: string}
|
env?: {[key: string]: string}
|
||||||
|
|
||||||
/** optional. defaults to false */
|
/** optional. defaults to false */
|
||||||
|
|
|
||||||
|
|
@ -377,7 +377,7 @@ export class ToolRunner extends events.EventEmitter {
|
||||||
options = options || <im.ExecOptions>{}
|
options = options || <im.ExecOptions>{}
|
||||||
const result = <child.SpawnOptions>{}
|
const result = <child.SpawnOptions>{}
|
||||||
result.cwd = options.cwd
|
result.cwd = options.cwd
|
||||||
result.env = options.env
|
result.env = options.env || stripInputEnvironmentVariables(process.env)
|
||||||
result['windowsVerbatimArguments'] =
|
result['windowsVerbatimArguments'] =
|
||||||
options.windowsVerbatimArguments || this._isCmdFile()
|
options.windowsVerbatimArguments || this._isCmdFile()
|
||||||
if (options.windowsVerbatimArguments) {
|
if (options.windowsVerbatimArguments) {
|
||||||
|
|
@ -600,6 +600,16 @@ export function argStringToArray(argString: string): string[] {
|
||||||
return args
|
return args
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Strips INPUT_ environment variables to prevent them leaking to child processes
|
||||||
|
export function stripInputEnvironmentVariables(env: NodeJS.ProcessEnv): NodeJS.ProcessEnv {
|
||||||
|
return Object.entries(env).filter(([key, value]) => {
|
||||||
|
return !key.startsWith('INPUT_')
|
||||||
|
}).reduce((obj: NodeJS.ProcessEnv, [key, value]) => {
|
||||||
|
obj[key] = value
|
||||||
|
return obj
|
||||||
|
}, {})
|
||||||
|
}
|
||||||
|
|
||||||
class ExecState extends events.EventEmitter {
|
class ExecState extends events.EventEmitter {
|
||||||
constructor(options: im.ExecOptions, toolPath: string) {
|
constructor(options: im.ExecOptions, toolPath: string) {
|
||||||
super()
|
super()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue