step-security/harden-runner
1
0
Fork 0
mirror of synced 2026-06-05 15:05:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Handle empty policy response as no policy found

Browse source 
API returns 200 with empty policy (no egress_policy, no endpoints)
when no policy exists for a repo. Treat this as no policy found and
default to audit mode. Update action.yml descriptions for policy store.
This commit is contained in:
Varun Sharma 2026-04-03 20:48:24 -07:00
commit 92af6d7ec3
4 changed files with 27 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
dist/pre/index.js vendored
View file

@ -85297,7 +85297,11 @@ function fetchPolicyFromStore(owner, repo, apiKey, workflow, runId, correlationI
if (response.statusCode === 404) {
return null;
}
return response.result;
const result = response.result;
if (!result || (!result.egress_policy && (!result.allowed_endpoints || result.allowed_endpoints.length === 0))) {
return null;
}
return result;
});
}
function mergeConfigs(localConfig, remoteConfig) {

2
dist/pre/index.js.map vendored
View file

File diff suppressed because one or more lines are too long

15
src/policy-utils.test.ts
View file

@ -191,6 +191,21 @@ test("fetchPolicyFromStore returns null when policy not found (404)", async () =
expect(result).toBeNull();
});
test("fetchPolicyFromStore returns null when API returns empty policy", async () => {
const owner = "test-owner";
const repo = "nonexistent-repo";
const workflow = "ci.yml";
const runId = "12345";
const correlationId = "abc-def";
nock(`${STEPSECURITY_API_URL}`)
.get(`/github/${owner}/${repo}/actions/policies/workflow-policy?${policyStoreQueryString(workflow, runId, correlationId)}`)
.reply(200, { allowed_endpoints: [], egress_policy: "", policy_name: "" });
const result = await fetchPolicyFromStore(owner, repo, "my-api-key", workflow, runId, correlationId);
expect(result).toBeNull();
});
test("fetchPolicyFromStore retries on failure and succeeds", async () => {
const owner = "test-owner";
const repo = "test-repo";

7
src/policy-utils.ts
View file

@ -101,7 +101,12 @@ export async function fetchPolicyFromStore(
return null;
}
return response.result;
const result = response.result;
if (!result || (!result.egress_policy && (!result.allowed_endpoints || result.allowed_endpoints.length === 0))) {
return null;
}
return result;
}
export function mergeConfigs(