step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-05 21:17:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Bug fixes

Browse source 
Update enterprise agent and don't show certain domains in markdown
This commit is contained in:
Varun Sharma 2024-07-19 16:15:13 -07:00
commit 89c04c1cae
No known key found for this signature in database
GPG key ID: CE30C1F427CE6272
9 changed files with 38 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

9
dist/index.js vendored
View file

@ -2866,8 +2866,13 @@ const processLogLine = (line, tableEntries) => {
const matches = line.match(/ip address:port ([\d.:]+), domain: ([\w.-]+), pid: (\d+), process: (\w+)/);
if (matches) {
const [ipAddress, domain, pid, process] = matches.slice(1);
// Check if all values are non-empty
if (pid && process && domain && ipAddress) {
// Check if all values are non-empty and domain does not end with specified patterns
if (pid &&
process &&
domain &&
ipAddress &&
!domain.endsWith(".actions.githubusercontent.com") &&
!domain.endsWith(".blob.core.windows.net")) {
const status = ipAddress.startsWith("54.185.253.63")
? "❌ Blocked"
: "✅ Allowed";

2
dist/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

9
dist/post/index.js vendored
View file

@ -2868,8 +2868,13 @@ const processLogLine = (line, tableEntries) => {
const matches = line.match(/ip address:port ([\d.:]+), domain: ([\w.-]+), pid: (\d+), process: (\w+)/);
if (matches) {
const [ipAddress, domain, pid, process] = matches.slice(1);
// Check if all values are non-empty
if (pid && process && domain && ipAddress) {
// Check if all values are non-empty and domain does not end with specified patterns
if (pid &&
process &&
domain &&
ipAddress &&
!domain.endsWith(".actions.githubusercontent.com") &&
!domain.endsWith(".blob.core.windows.net")) {
const status = ipAddress.startsWith("54.185.253.63")
? "❌ Blocked"
: "✅ Allowed";

2
dist/post/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

13
dist/pre/index.js vendored
View file

@ -71276,8 +71276,13 @@ const processLogLine = (line, tableEntries) => {
const matches = line.match(/ip address:port ([\d.:]+), domain: ([\w.-]+), pid: (\d+), process: (\w+)/);
if (matches) {
const [ipAddress, domain, pid, process] = matches.slice(1);
// Check if all values are non-empty
if (pid && process && domain && ipAddress) {
// Check if all values are non-empty and domain does not end with specified patterns
if (pid &&
process &&
domain &&
ipAddress &&
!domain.endsWith(".actions.githubusercontent.com") &&
!domain.endsWith(".blob.core.windows.net")) {
const status = ipAddress.startsWith("54.185.253.63")
? "❌ Blocked"
: "✅ Allowed";
@ -71401,7 +71406,7 @@ function verifyChecksum(downloadPath, is_tls) {
let expectedChecksum = "a9f1842e3d7f3d38c143dbe8ffe1948e6c8173cd04da072d9f9d128bb400844a"; // checksum for v0.13.7
if (is_tls) {
expectedChecksum =
"e45b85e29216eb1d217aad368bdb056bbd868a308925e7b2cf9133b06ab435d0"; // checksum for tls_agent
"fa9defcf9e125a62cb29747574d6a07aee4f04153e7bce4a3c7ce29681469e92"; // checksum for tls_agent
}
if (checksum !== expectedChecksum) {
lib_core.setFailed(`Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`);
@ -71814,7 +71819,7 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
let auth = `token ${token}`;
let downloadPath;
if (yield isTLSEnabled(github.context.repo.owner)) {
downloadPath = yield tool_cache.downloadTool("https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.2_linux_amd64.tar.gz");
downloadPath = yield tool_cache.downloadTool("https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.3_linux_amd64.tar.gz");
verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
}
else {

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

2
src/checksum.ts
View file

@ -14,7 +14,7 @@ export function verifyChecksum(downloadPath: string, is_tls: boolean) {
if (is_tls) {
expectedChecksum =
"e45b85e29216eb1d217aad368bdb056bbd868a308925e7b2cf9133b06ab435d0"; // checksum for tls_agent
"fa9defcf9e125a62cb29747574d6a07aee4f04153e7bce4a3c7ce29681469e92"; // checksum for tls_agent
}
if (checksum !== expectedChecksum) {

13
src/common.ts
View file

@ -35,8 +35,15 @@ export const processLogLine = (
if (matches) {
const [ipAddress, domain, pid, process] = matches.slice(1);
// Check if all values are non-empty
if (pid && process && domain && ipAddress) {
// Check if all values are non-empty and domain does not end with specified patterns
if (
pid &&
process &&
domain &&
ipAddress &&
!domain.endsWith(".actions.githubusercontent.com") &&
!domain.endsWith(".blob.core.windows.net")
) {
const status = ipAddress.startsWith("54.185.253.63")
? "❌ Blocked"
: "✅ Allowed";
@ -173,4 +180,4 @@ export const HARDEN_RUNNER_UNAVAILABLE_MESSAGE =
"Sorry, we are currently experiencing issues with the Harden Runner installation process. It is currently unavailable.";
export const ARC_RUNNER_MESSAGE =
"Workflow is currently being executed in ARC based runner";
"Workflow is currently being executed in ARC based runner";

2
src/setup.ts
View file

@ -234,7 +234,7 @@ interface MonitorResponse {
if (await isTLSEnabled(context.repo.owner)) {
downloadPath = await tc.downloadTool(
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.2_linux_amd64.tar.gz"
"https://packages.stepsecurity.io/github-hosted/harden-runner_1.2.3_linux_amd64.tar.gz"
);
verifyChecksum(downloadPath, true); // NOTE: verifying tls_agent's checksum, before extracting
} else {