step-security/harden-runner
1
0
Fork 0
mirror of https://github.com/step-security/harden-runner.git synced 2026-06-06 12:17:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed the issues

Browse source
This commit is contained in:
h0x0er 2022-01-19 10:51:52 +05:30
commit ea0742e62d
3 changed files with 5 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
action.yml
View file

@ -9,10 +9,6 @@ inputs:
description: 'Policy for outbound traffic, can be either audit or block'
required: false
default: 'block'
expected_checksum:
description: 'Expected sha256 checksum of latest agent.tar.gz file'
default: "a5f466fc5c8a9b809afd421e0f32903da98908feab5a245c734d3775e2e10032"
required: true
branding:
icon: 'check-square'
color: 'green'

7
src/checksum_verify.ts → src/checksum.ts
View file

@ -2,17 +2,16 @@ import * as core from "@actions/core";
import * as crypto from "crypto"
import * as fs from "fs"
export function checksumVerify(downloadPath: string){
export function verifyChecksum(downloadPath: string){
const fileBuffer:Buffer = fs.readFileSync(downloadPath)
const checksum: string = crypto.createHash("sha256").update(fileBuffer).digest('hex'); // checksum of downloaded file
const expectedChecksum: string = core.getInput("expected_checksum") // default checksum
const expectedChecksum: string = "a5f466fc5c8a9b809afd421e0f32903da98908feab5a245c734d3775e2e10032" // default checksum
if(checksum !== expectedChecksum){
core.error(`Checksum verification failed.`)
core.setFailed(`Checksum expected ${expectedChecksum} instead got ${checksum}`)
core.setFailed(`Checksum verification failed, expected ${expectedChecksum} instead got ${checksum}`)
}
core.debug("Checksum verification passed.")

4
src/setup.ts
View file

@ -6,7 +6,7 @@ import * as path from "path";
import { v4 as uuidv4 } from "uuid";
import { printInfo } from "./common";
import * as tc from "@actions/tool-cache";
import {checksumVerify} from "./checksum_verify"
import {verifyChecksum} from "./checksum"
(async () => {
try {
if (process.platform !== "linux") {
@ -57,7 +57,7 @@ import {checksumVerify} from "./checksum_verify"
"https://github.com/step-security/agent/releases/download/v0.8.6/agent_0.8.6_linux_amd64.tar.gz"
);
checksumVerify(downloadPath) // NOTE: verifying agent's checksum, before extracting
verifyChecksum(downloadPath) // NOTE: verifying agent's checksum, before extracting
const extractPath = await tc.extractTar(downloadPath);
console.log(`Step Security Job Correlation ID: ${correlation_id}`);