aws-actions/configure-aws-credentials
1
0
Fork 0
mirror of https://github.com/aws-actions/configure-aws-credentials.git synced 2026-03-12 18:07:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate region input string (#44)

Browse Source
This commit is contained in:
Clare Liguori
2020-03-06 14:29:46 -08:00
committed by GitHub
parent 75aa8f1e41
commit 3d568d2c43
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
index.js
View File

@@ -10,6 +10,7 @@ const USER_AGENT = 'configure-aws-credentials-for-github-actions';
const MAX_TAG_VALUE_LENGTH = 256;
const SANITIZATION_CHARACTER = '_';
const ROLE_SESSION_NAME = 'GitHubActions';
const REGION_REGEX = /^[a-z0-9-]+$/g;
async function assumeRole(params) {
// Assume a role to get short-lived credentials using longer-lived credentials.
@@ -151,6 +152,10 @@ async function run() {
const roleDurationSeconds = core.getInput('role-duration-seconds', {required: false}) || MAX_ACTION_RUNTIME;
const roleSessionName = core.getInput('role-session-name', { required: false }) || ROLE_SESSION_NAME;
if (!region.match(REGION_REGEX)) {
throw new Error(`Region is not valid: ${region}`);
}
exportRegion(region);
// Always export the source credentials and account ID.

13
index.test.js
View File

@@ -154,6 +154,19 @@ describe('Configure AWS Credentials', () => {
expect(core.setSecret).toHaveBeenCalledWith(FAKE_ACCOUNT_ID);
});
test('validates region name', async () => {
process.env.SHOW_STACK_TRACE = 'false';
const mockInputs = {...CREDS_INPUTS, 'aws-region': '$AWS_REGION'};
core.getInput = jest
.fn()
.mockImplementation(mockGetInput(mockInputs));
await run();
expect(core.setFailed).toHaveBeenCalledWith('Region is not valid: $AWS_REGION');
});
test('can opt out of masking account ID', async () => {
const mockInputs = {...CREDS_INPUTS, 'aws-region': 'us-east-1', 'mask-aws-account-id': 'false'};
core.getInput = jest