From 7865bf720f0f02481e5404521331641b353cef3a Mon Sep 17 00:00:00 2001 From: Ludy Date: Wed, 22 Jan 2025 11:41:34 +0100 Subject: [PATCH] Security: file name restriction (#2768) # Description of Changes This PR updates the `check_properties.yml` workflow to refine the file-matching regex for properties files. ### **What was changed:** - Modified the regex used in two locations: 1. In the GitHub CLI (`gh`) command to filter changed files: ```diff - '^src/main/resources/messages_[a-zA-Z_]+\.properties$' + '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' ``` 2. In the code to match relevant property files: ```diff - /^src\/main\/resources\/messages_[a-zA-Z_]+\.properties$/ + /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/ ``` ### **Why the change was made:** - The previous regex matched any property files with loosely defined patterns, including invalid or unintended formats. - The updated regex ensures stricter matching of valid locale patterns: - Locale codes in the format `xx_XX` where: - `xx` represents a 2-character language code. - `XX` represents a 2-7 character region code. ### **Challenges encountered:** - Ensuring compatibility across both the GitHub CLI command. - Avoiding edge cases where valid property files might be excluded unintentionally. Closes # (issue_number) --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [x] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [x] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --- .github/workflows/check_properties.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 591a033f..853252e0 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -58,7 +58,7 @@ jobs: run: | echo "Fetching PR changed files..." echo "Getting list of changed files from PR..." - gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > changed_files.txt # Filter only matching property files + gh pr view ${{ steps.get-pr-data.outputs.pr_number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$' > changed_files.txt # Filter only matching property files - name: Determine reference file test id: determine-file @@ -99,7 +99,7 @@ jobs: // Filter for relevant files based on the PR changes const changedFiles = files .map(file => file.filename) - .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]+\.properties$/.test(file)); + .filter(file => /^src\/main\/resources\/messages_[a-zA-Z_]{2}_[a-zA-Z_]{2,7}\.properties$/.test(file)); console.log("Changed files:", changedFiles);