mirror of
https://github.com/actions/setup-java.git
synced 2024-12-19 22:59:06 +00:00
sanitzie XML characters
This commit is contained in:
parent
9d56a3bd35
commit
551e2a2770
@ -82,4 +82,22 @@ describe('auth tests', () => {
|
|||||||
expect(fs.existsSync(m2Dir)).toBe(false);
|
expect(fs.existsSync(m2Dir)).toBe(false);
|
||||||
expect(fs.existsSync(settingsFile)).toBe(false);
|
expect(fs.existsSync(settingsFile)).toBe(false);
|
||||||
}, 100000);
|
}, 100000);
|
||||||
|
|
||||||
|
it('escapes invalid XML inputs', () => {
|
||||||
|
const id = 'packages';
|
||||||
|
const username = 'bluebottle';
|
||||||
|
const password = '&<>"\'\'"><&';
|
||||||
|
|
||||||
|
expect(auth.generate(id, username, password)).toEqual(`
|
||||||
|
<settings>
|
||||||
|
<servers>
|
||||||
|
<server>
|
||||||
|
<id>${id}</id>
|
||||||
|
<username>${username}</username>
|
||||||
|
<password>&<>"''"><&</password>
|
||||||
|
</server>
|
||||||
|
</servers>
|
||||||
|
</settings>
|
||||||
|
`);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
BIN
dist/index.js
vendored
BIN
dist/index.js
vendored
Binary file not shown.
15
src/auth.ts
15
src/auth.ts
@ -27,15 +27,24 @@ export async function configAuthentication(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function escapeXML(value: string) {
|
||||||
|
return value
|
||||||
|
.replace(/&/g, '&')
|
||||||
|
.replace(/</g, '<')
|
||||||
|
.replace(/>/g, '>')
|
||||||
|
.replace(/"/g, '"')
|
||||||
|
.replace(/'/g, ''');
|
||||||
|
}
|
||||||
|
|
||||||
// only exported for testing purposes
|
// only exported for testing purposes
|
||||||
export function generate(id: string, username: string, password: string) {
|
export function generate(id: string, username: string, password: string) {
|
||||||
return `
|
return `
|
||||||
<settings>
|
<settings>
|
||||||
<servers>
|
<servers>
|
||||||
<server>
|
<server>
|
||||||
<id>${id}</id>
|
<id>${escapeXML(id)}</id>
|
||||||
<username>${username}</username>
|
<username>${escapeXML(username)}</username>
|
||||||
<password>${password}</password>
|
<password>${escapeXML(password)}</password>
|
||||||
</server>
|
</server>
|
||||||
</servers>
|
</servers>
|
||||||
</settings>
|
</settings>
|
||||||
|
Loading…
Reference in New Issue
Block a user