mirror of
https://github.com/gradle/gradle-build-action.git
synced 2024-11-22 09:02:50 +00:00
Patch @azure/logger to fix CodeQL warning
Logging of the AZURE_LOG_LEVEL env var value is considered a security issue, since any environment variable value could contain sensitive information. In this case, logging the value is not really necessary.
This commit is contained in:
parent
74a56b60ce
commit
c295a4096e
5 changed files with 33 additions and 4 deletions
2
dist/main/index.js
vendored
2
dist/main/index.js
vendored
|
@ -19822,7 +19822,7 @@ if (logLevelFromEnv) {
|
||||||
setLogLevel(logLevelFromEnv);
|
setLogLevel(logLevelFromEnv);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
|
|
2
dist/main/index.js.map
vendored
2
dist/main/index.js.map
vendored
File diff suppressed because one or more lines are too long
2
dist/post/index.js
vendored
2
dist/post/index.js
vendored
|
@ -18925,7 +18925,7 @@ if (logLevelFromEnv) {
|
||||||
setLogLevel(logLevelFromEnv);
|
setLogLevel(logLevelFromEnv);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
|
|
2
dist/post/index.js.map
vendored
2
dist/post/index.js.map
vendored
File diff suppressed because one or more lines are too long
29
patches/@azure+logger+1.0.3.patch
Normal file
29
patches/@azure+logger+1.0.3.patch
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# Patch removes logging of the AZURE_LOG_LEVEL env var value
|
||||||
|
# This logging triggers a high severity Warning from CodeQL, which can prevent organizational users from adopting the action.
|
||||||
|
|
||||||
|
diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
|
||||||
|
index 116b59e..cf87f3c 100644
|
||||||
|
--- a/node_modules/@azure/logger/dist-esm/src/index.js
|
||||||
|
+++ b/node_modules/@azure/logger/dist-esm/src/index.js
|
||||||
|
@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
|
||||||
|
setLogLevel(logLevelFromEnv);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
|
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
|
||||||
|
index 327fbdb..4432d73 100644
|
||||||
|
--- a/node_modules/@azure/logger/dist/index.js
|
||||||
|
+++ b/node_modules/@azure/logger/dist/index.js
|
||||||
|
@@ -122,7 +122,7 @@ if (logLevelFromEnv) {
|
||||||
|
setLogLevel(logLevelFromEnv);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
- console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
|
+ console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/**
|
Loading…
Reference in a new issue