mirror of
https://github.com/actions/setup-java.git
synced 2024-12-19 22:59:06 +00:00
sanitzie XML characters
This commit is contained in:
parent
9d56a3bd35
commit
551e2a2770
@ -82,4 +82,22 @@ describe('auth tests', () => {
|
||||
expect(fs.existsSync(m2Dir)).toBe(false);
|
||||
expect(fs.existsSync(settingsFile)).toBe(false);
|
||||
}, 100000);
|
||||
|
||||
it('escapes invalid XML inputs', () => {
|
||||
const id = 'packages';
|
||||
const username = 'bluebottle';
|
||||
const password = '&<>"\'\'"><&';
|
||||
|
||||
expect(auth.generate(id, username, password)).toEqual(`
|
||||
<settings>
|
||||
<servers>
|
||||
<server>
|
||||
<id>${id}</id>
|
||||
<username>${username}</username>
|
||||
<password>&<>"''"><&</password>
|
||||
</server>
|
||||
</servers>
|
||||
</settings>
|
||||
`);
|
||||
});
|
||||
});
|
||||
|
BIN
dist/index.js
vendored
BIN
dist/index.js
vendored
Binary file not shown.
15
src/auth.ts
15
src/auth.ts
@ -27,15 +27,24 @@ export async function configAuthentication(
|
||||
}
|
||||
}
|
||||
|
||||
function escapeXML(value: string) {
|
||||
return value
|
||||
.replace(/&/g, '&')
|
||||
.replace(/</g, '<')
|
||||
.replace(/>/g, '>')
|
||||
.replace(/"/g, '"')
|
||||
.replace(/'/g, ''');
|
||||
}
|
||||
|
||||
// only exported for testing purposes
|
||||
export function generate(id: string, username: string, password: string) {
|
||||
return `
|
||||
<settings>
|
||||
<servers>
|
||||
<server>
|
||||
<id>${id}</id>
|
||||
<username>${username}</username>
|
||||
<password>${password}</password>
|
||||
<id>${escapeXML(id)}</id>
|
||||
<username>${escapeXML(username)}</username>
|
||||
<password>${escapeXML(password)}</password>
|
||||
</server>
|
||||
</servers>
|
||||
</settings>
|
||||
|
Loading…
Reference in New Issue
Block a user