actions/ssh-agent
1
0
Fork 0
mirror of https://github.com/webfactory/ssh-agent.git synced 2025-04-24 06:52:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a potential security leak with ssh private keys and ignore empty keys

Browse source
This commit is contained in:
Pascal Martel 2021-08-02 07:41:07 -04:00
parent 5f066a372e
commit 5ba702de80
No known key found for this signature in database
GPG key ID: 1BB0F51FD70E58BD
2 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
dist/index.js vendored
View file

@ -166,11 +166,17 @@ try {
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key, index) {
if (!key) {
console.log(`Ignoring empty key at position ${index}.`);
return;
}
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
if (!parts) { if (!parts) {
console.log(`Comment for key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`); console.log(`Comment for key at position ${index} does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
return; return;
} }

10
index.js
View file

@ -49,11 +49,17 @@ try {
console.log('Configuring deployment key(s)'); console.log('Configuring deployment key(s)');
child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key) { child_process.execFileSync(sshAdd, ['-L']).toString().split(/\r?\n/).forEach(function(key, index) {
if (!key) {
console.log(`Ignoring empty key at position ${index}.`);
return;
}
const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i); const parts = key.match(/\bgithub\.com[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)/i);
if (!parts) { if (!parts) {
console.log(`Comment for key '${key}' does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`); console.log(`Comment for key at position ${index} does not match GitHub URL pattern. Not treating it as a GitHub deploy key.`);
return; return;
} }