Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update isGitHubHosted implementation #425

Merged
merged 1 commit into from
Jun 7, 2024
Merged

Update isGitHubHosted implementation #425

merged 1 commit into from
Jun 7, 2024

Conversation

varunsh-coder
Copy link
Member

No description provided.

Copy link
Contributor

@step-security-bot step-security-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find StepSecurity AI-CodeWise code comments below.

Code Comments

dist/pre/index.js

  • [High]Avoid exposing environment variables unnecessarily
    The code uses an environment variable to determine if the application is running on a Github-hosted environment. Instead of checking environment variables directly in the code, consider setting up an environment variable to indicate if the application is running on Github-hosted, and set its value accordingly. Use this environment variable in the code to check if the application is running on Github-hosted. This helps avoid exposing environment variables unnecessarily. For example, export GITHUB_HOSTED=true could be set in the environment where the application is running on Github-hosted, and the code can be updated as follows:

function isGithubHosted() {
const githubHosted = process.env.GITHUB_HOSTED === 'true';
return githubHosted;
}

  • [Low]Use triple equals for strict equality check
    The code uses double equals (==) for equality check. Replace all instances of == with === to enforce strict equality checks. For example, replace runnerEnvironment == 'github-hosted' with runnerEnvironment === 'github-hosted'.

dist/pre/index.js.map

I'm sorry, but there is no code included inside the XML tags for me to review. Can you please provide sample code for me to review?

src/tls-inspect.ts

  • [High]Do not trust environment variables
    Environment variables can be manipulated by an attacker. Hence, do not trust them blindly while making security decisions. Add additional verification to ensure the value of RUNNER_ENVIRONMENT is as expected.
  • [Medium]Use strict equality comparison operator
    Using the strict equality comparison operator '===' ensures type and value matches, hence avoids bugs in the code. Replace the 'startsWith' method with strict equality comparison operator '==='.
  • [Low]Use descriptive variables
    Descriptive variables improve code readability and make it easier to understand what the code is doing. Rename the variable 'runnerEnvironment' to a more descriptive name such as 'hostingEnvironment'.

Feedback

We appreciate your feedback in helping us improve the service! To provide feedback, please use emojis on this comment. If you find the comments helpful, give them a 👍. If they aren't useful, kindly express that with a 👎. If you have questions or detailed feedback, please create n GitHub issue in StepSecurity/AI-CodeWise.

Copy link

github-actions bot commented Jun 7, 2024

Test Results

7 tests  ±0   7 ✔️ ±0   13s ⏱️ -2s
4 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit bb112d0. ± Comparison against base commit f4f3f44.

Copy link
Member

@h0x0er h0x0er left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@varunsh-coder varunsh-coder merged commit 17d0e2b into main Jun 7, 2024
6 checks passed
ericwyles referenced this pull request in defenseunicorns/uds-package-mattermost Jun 11, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/dependency-review-action](https://togithub.com/actions/dependency-review-action)
| action | patch | `v4.3.2` -> `v4.3.3` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| | minor | `v0.4.5` -> `v0.5.0` |
|
[defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common)
| action | minor | `v0.4.5` -> `v0.5.0` |
| [golangci/golangci-lint](https://togithub.com/golangci/golangci-lint)
| repository | patch | `v1.59.0` -> `v1.59.1` |
|
[python-jsonschema/check-jsonschema](https://togithub.com/python-jsonschema/check-jsonschema)
| repository | patch | `0.28.4` -> `0.28.5` |
|
[renovatebot/pre-commit-hooks](https://togithub.com/renovatebot/pre-commit-hooks)
| repository | minor | `37.391.0` -> `37.399.9` |
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | patch | `v2.8.0` -> `v2.8.1` |

Note: The `pre-commit` manager in Renovate is not supported by the
`pre-commit` maintainers or community. Please do not report any problems
there, instead [create a Discussion in the Renovate
repository](https://togithub.com/renovatebot/renovate/discussions/new)
if you have any questions.

---

### Release Notes

<details>
<summary>actions/dependency-review-action
(actions/dependency-review-action)</summary>

###
[`v4.3.3`](https://togithub.com/actions/dependency-review-action/releases/tag/v4.3.3):
Notes for v4.3.3

[Compare
Source](https://togithub.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3)

#### What's Changed

- Allow slashes in purl package names by
[@&#8203;juxtin](https://togithub.com/juxtin) in
[https://github.com/actions/dependency-review-action/pull/765](https://togithub.com/actions/dependency-review-action/pull/765)
- use the v3 version of the deps.dev API by
[@&#8203;josieang](https://togithub.com/josieang) in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- PR with suggestions - \[Improvement]: Help streamline / simplify
dependency review action README by
[@&#8203;am-stead](https://togithub.com/am-stead) in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- fix show-openssf-scorecard-levels input by
[@&#8203;ramann](https://togithub.com/ramann) in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)
- Updates to the contribution guidelines by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/778](https://togithub.com/actions/dependency-review-action/pull/778)
- Create issue templates by
[@&#8203;jonjanego](https://togithub.com/jonjanego) in
[https://github.com/actions/dependency-review-action/pull/777](https://togithub.com/actions/dependency-review-action/pull/777)
- Fix the max comment length issue by
[@&#8203;jhutchings1](https://togithub.com/jhutchings1) and
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/767](https://togithub.com/actions/dependency-review-action/pull/767)
- Bump project version to 4.3.3 in prep for a release by
[@&#8203;elireisman](https://togithub.com/elireisman) in
[https://github.com/actions/dependency-review-action/pull/781](https://togithub.com/actions/dependency-review-action/pull/781)

#### New Contributors

- [@&#8203;josieang](https://togithub.com/josieang) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/741](https://togithub.com/actions/dependency-review-action/pull/741)
- [@&#8203;am-stead](https://togithub.com/am-stead) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/773](https://togithub.com/actions/dependency-review-action/pull/773)
- [@&#8203;ramann](https://togithub.com/ramann) made their first
contribution in
[https://github.com/actions/dependency-review-action/pull/776](https://togithub.com/actions/dependency-review-action/pull/776)

**Full Changelog**:
actions/dependency-review-action@v4.3.2...v4.3.3

</details>

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.5.0`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.5.0)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.6...v0.5.0)

##### ⚠ BREAKING CHANGES

- update publish to take architecture as an input
([#&#8203;143](https://togithub.com/defenseunicorns/uds-common/issues/143))

##### Miscellaneous

- update publish to take architecture as an input
([#&#8203;143](https://togithub.com/defenseunicorns/uds-common/issues/143))
([62620f5](https://togithub.com/defenseunicorns/uds-common/commit/62620f59c14c773e5f6f07aaafc70ae34cff36bd))

###
[`v0.4.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.4.6)

[Compare
Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.4.5...v0.4.6)

##### Bug Fixes

- renovate incorrectly matching oci helm charts for helm datasources
([#&#8203;141](https://togithub.com/defenseunicorns/uds-common/issues/141))
([2761f2a](https://togithub.com/defenseunicorns/uds-common/commit/2761f2a5f69bae3967bb8a9ff6d392007f90a21b))

##### Miscellaneous

- allow debug logs to continue through failure
([#&#8203;146](https://togithub.com/defenseunicorns/uds-common/issues/146))
([bec4fc3](https://togithub.com/defenseunicorns/uds-common/commit/bec4fc330d720673f645bda7e56006218ec96aad))
- **deps:** update uds common support dependencies to v0.22.1
([#&#8203;144](https://togithub.com/defenseunicorns/uds-common/issues/144))
([d618bd2](https://togithub.com/defenseunicorns/uds-common/commit/d618bd2be3f75d62346594cb8d6d8c339b074f93))

</details>

<details>
<summary>golangci/golangci-lint (golangci/golangci-lint)</summary>

###
[`v1.59.1`](https://togithub.com/golangci/golangci-lint/releases/tag/v1.59.1)

[Compare
Source](https://togithub.com/golangci/golangci-lint/compare/v1.59.0...v1.59.1)

`golangci-lint` is a free and open-source project built by volunteers.

If you value it, consider supporting us, the
[maintainers](https://opencollective.com/golangci-lint) and [linter
authors](https://golangci-lint.run/product/thanks/).

We appreciate it! ❤️

For key updates, see the
[changelog](https://golangci-lint.run/product/changelog/#&#8203;1591).

#### Changelog

-
[`f738736`](https://togithub.com/golangci/golangci-lint/commit/f7387361)
build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1
([#&#8203;4759](https://togithub.com/golangci/golangci-lint/issues/4759))
-
[`44b3cdd`](https://togithub.com/golangci/golangci-lint/commit/44b3cdd1)
build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1
to 2.0.0
([#&#8203;4788](https://togithub.com/golangci/golangci-lint/issues/4788))
-
[`1a55854`](https://togithub.com/golangci/golangci-lint/commit/1a55854a)
build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0
([#&#8203;4804](https://togithub.com/golangci/golangci-lint/issues/4804))
-
[`9a7a1ad`](https://togithub.com/golangci/golangci-lint/commit/9a7a1ad4)
build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2
([#&#8203;4785](https://togithub.com/golangci/golangci-lint/issues/4785))
-
[`aaff918`](https://togithub.com/golangci/golangci-lint/commit/aaff9184)
build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to
1.26.0
([#&#8203;4801](https://togithub.com/golangci/golangci-lint/issues/4801))
-
[`a0d2c83`](https://togithub.com/golangci/golangci-lint/commit/a0d2c830)
build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5
([#&#8203;4782](https://togithub.com/golangci/golangci-lint/issues/4782))
-
[`2042b1f`](https://togithub.com/golangci/golangci-lint/commit/2042b1f1)
build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1
([#&#8203;4784](https://togithub.com/golangci/golangci-lint/issues/4784))
-
[`327a78a`](https://togithub.com/golangci/golangci-lint/commit/327a78a8)
build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0
([#&#8203;4802](https://togithub.com/golangci/golangci-lint/issues/4802))
-
[`e1a8055`](https://togithub.com/golangci/golangci-lint/commit/e1a80557)
fix: SARIF format require issue column >= 1
([#&#8203;4775](https://togithub.com/golangci/golangci-lint/issues/4775))
-
[`88f60c8`](https://togithub.com/golangci/golangci-lint/commit/88f60c8c)
fix: gomnd deprecated configuration compatibility
([#&#8203;4768](https://togithub.com/golangci/golangci-lint/issues/4768))
-
[`8173166`](https://togithub.com/golangci/golangci-lint/commit/81731668)
fix: init empty result slice for SARIF printer
([#&#8203;4758](https://togithub.com/golangci/golangci-lint/issues/4758))
-
[`02740ea`](https://togithub.com/golangci/golangci-lint/commit/02740ea1)
intrange: add style preset
([#&#8203;4797](https://togithub.com/golangci/golangci-lint/issues/4797))
-
[`615b873`](https://togithub.com/golangci/golangci-lint/commit/615b873d)
unparam: bump to HEAD
([#&#8203;4786](https://togithub.com/golangci/golangci-lint/issues/4786))

</details>

<details>
<summary>python-jsonschema/check-jsonschema
(python-jsonschema/check-jsonschema)</summary>

###
[`v0.28.5`](https://togithub.com/python-jsonschema/check-jsonschema/blob/HEAD/CHANGELOG.rst#0285)

[Compare
Source](https://togithub.com/python-jsonschema/check-jsonschema/compare/0.28.4...0.28.5)

- Update vendored schemas: bitbucket-pipelines, dependabot,
github-actions,
    github-workflows, gitlab-ci, readthedocs, renovate (2024-06-10)
-   Update bitbucket schema to use the option from the
intellij-bitbucket-references-plugin . For more details on this
decision, see
:issue:`440` . Thanks
[@&#8203;blade2005](https://togithub.com/blade2005) for the PR!
(:pr:`442`)

</details>

<details>
<summary>renovatebot/pre-commit-hooks
(renovatebot/pre-commit-hooks)</summary>

###
[`v37.399.9`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.9)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.8...37.399.9)

See https://github.com/renovatebot/renovate/releases/tag/37.399.9 for
more changes

###
[`v37.399.8`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.8)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.6...37.399.8)

See https://github.com/renovatebot/renovate/releases/tag/37.399.8 for
more changes

###
[`v37.399.6`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.6)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.5...37.399.6)

See https://github.com/renovatebot/renovate/releases/tag/37.399.6 for
more changes

###
[`v37.399.5`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.5)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.3...37.399.5)

See https://github.com/renovatebot/renovate/releases/tag/37.399.5 for
more changes

###
[`v37.399.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.399.0...37.399.3)

See https://github.com/renovatebot/renovate/releases/tag/37.399.3 for
more changes

###
[`v37.399.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.399.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.2...37.399.0)

See https://github.com/renovatebot/renovate/releases/tag/37.399.0 for
more changes

###
[`v37.398.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.1...37.398.2)

See https://github.com/renovatebot/renovate/releases/tag/37.398.2 for
more changes

###
[`v37.398.1`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.1)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.398.0...37.398.1)

See https://github.com/renovatebot/renovate/releases/tag/37.398.1 for
more changes

###
[`v37.398.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.398.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.397.0...37.398.0)

See https://github.com/renovatebot/renovate/releases/tag/37.398.0 for
more changes

###
[`v37.397.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.397.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.396.0...37.397.0)

See https://github.com/renovatebot/renovate/releases/tag/37.397.0 for
more changes

###
[`v37.396.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.396.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.395.0...37.396.0)

See https://github.com/renovatebot/renovate/releases/tag/37.396.0 for
more changes

###
[`v37.395.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.395.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.393.0...37.395.0)

See https://github.com/renovatebot/renovate/releases/tag/37.395.0 for
more changes

###
[`v37.393.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.393.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.392.0...37.393.0)

See https://github.com/renovatebot/renovate/releases/tag/37.393.0 for
more changes

###
[`v37.392.0`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.392.0)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.3...37.392.0)

See https://github.com/renovatebot/renovate/releases/tag/37.392.0 for
more changes

###
[`v37.391.3`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.3)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.2...37.391.3)

See https://github.com/renovatebot/renovate/releases/tag/37.391.3 for
more changes

###
[`v37.391.2`](https://togithub.com/renovatebot/pre-commit-hooks/releases/tag/37.391.2)

[Compare
Source](https://togithub.com/renovatebot/pre-commit-hooks/compare/37.391.0...37.391.2)

See https://github.com/renovatebot/renovate/releases/tag/37.391.2 for
more changes

</details>

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1)

##### What's Changed

- Bug fix: Update isGitHubHosted implementation by
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425)
The previous implementation incorrectly identified large GitHub-hosted
runners as self-hosted runners. As a result, harden-runner was not
executing on these large GitHub-hosted runners.

**Full Changelog**:
step-security/harden-runner@v2...v2.8.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-package-mattermost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODguMSIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
karfau referenced this pull request in xmldom/xmldom Jun 19, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | patch | `v2.8.0` -> `v2.8.1` |

---

### Release Notes

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1)

##### What's Changed

- Bug fix: Update isGitHubHosted implementation by
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425)
The previous implementation incorrectly identified large GitHub-hosted
runners as self-hosted runners. As a result, harden-runner was not
executing on these large GitHub-hosted runners.

**Full Changelog**:
step-security/harden-runner@v2...v2.8.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/xmldom/xmldom).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQxMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants