Security: file name restriction (#2768)

# Description of Changes This PR updates the `check_properties.yml` workflow to refine the file-matching regex for properties files. ### **What was changed:** - Modified the regex used in two locations: 1. In the GitHub CLI (`gh`) command to filter changed files: ```diff - '^src/main/resources/messages_[a-zA-Z_]+\.properties$' + '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' ``` 2. In the code to match relevant property files: ```diff - /^src\/main\/resources\/messages_[a-zA-Z_]+\.properties$/ + /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/ ``` ### **Why the change was made:** - The previous regex matched any property files with loosely defined patterns, including invalid or unintended formats. - The updated regex ensures stricter matching of valid locale patterns: - Locale codes in the format `xx_XX` where: - `xx` represents a 2-character language code. - `XX` represents a 2-7 character region code. ### **Challenges encountered:** - Ensuring compatibility across both the GitHub CLI command. - Avoiding edge cases where valid property files might be excluded unintentionally. Closes # (issue_number) --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [x] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [x] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details.
2025-01-23 00:06:08 +01:00 · 2025-01-22 11:41:34 +01:00 · 2025-01-22 11:41:34 +01:00 · 7865bf720f
commit 7865bf720f
parent 06abc82fbc
1 changed files with 2 additions and 2 deletions
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@ -58,7 +58,7 @@ jobs:
        run: |
          echo "Fetching PR changed files..."
          echo "Getting list of changed files from PR..."
-          gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > changed_files.txt # Filter only matching property files
+          gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt # Filter only matching property files

      - name: Determine reference file test
        id: determine-file
@ -99,7 +99,7 @@ jobs:
            // Filter for relevant files based on the PR changes
            const changedFiles = files
              .map(file => file.filename)
-              .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]+\.properties$/.test(file));
+              .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file));

            console.log("Changed files:", changedFiles);