diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index f188b1944c..a4ef1115dd 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1b11349bfd..a69f58cf1c 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 663cacfcd4..524e0b7cc6 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ee4568d5d8..184f3de1f3 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/init-action.js b/lib/init-action.js index 9d3500a155..9e7483492a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -100314,6 +100314,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100378,6 +100383,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100515,6 +100521,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100620,7 +100629,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100769,6 +100778,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString3(value) { return typeof value === "string" || value instanceof String; } @@ -100781,6 +100793,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index c5eac5c99f..ec5c2398d7 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index edac4b0d27..fb26f2499e 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index f5fff59c70..d79c20a047 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -158271,6 +158271,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -158335,6 +158340,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -158472,6 +158478,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -158577,7 +158586,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -158726,6 +158735,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -158738,6 +158750,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a1bb4fa6a8..ed610a34de 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 47c47703a0..979edc2026 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -158271,6 +158271,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -158335,6 +158340,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -158472,6 +158478,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -158577,7 +158586,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -158726,6 +158735,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -158738,6 +158750,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f7a4b626c7..4a79647c24 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -100163,6 +100163,11 @@ var require_follow_redirects = __commonJS({ } catch (error3) { useNativeURL = error3.code === "ERR_INVALID_URL"; } + var sensitiveHeaders = [ + "Authorization", + "Proxy-Authorization", + "Cookie" + ]; var preservedUrlFields = [ "auth", "host", @@ -100227,6 +100232,7 @@ var require_follow_redirects = __commonJS({ self2.emit("error", cause instanceof RedirectionError ? cause : new RedirectionError({ cause })); } }; + this._headerFilter = new RegExp("^(?:" + sensitiveHeaders.concat(options.sensitiveHeaders).map(escapeRegex).join("|") + ")$", "i"); this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); @@ -100364,6 +100370,9 @@ var require_follow_redirects = __commonJS({ if (!options.headers) { options.headers = {}; } + if (!isArray(options.sensitiveHeaders)) { + options.sensitiveHeaders = []; + } if (options.host) { if (!options.hostname) { options.hostname = options.host; @@ -100469,7 +100478,7 @@ var require_follow_redirects = __commonJS({ this._isRedirect = true; spreadUrlObject(redirectUrl, this._options); if (redirectUrl.protocol !== currentUrlParts.protocol && redirectUrl.protocol !== "https:" || redirectUrl.host !== currentHost && !isSubdomain(redirectUrl.host, currentHost)) { - removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); + removeMatchingHeaders(this._headerFilter, this._options.headers); } if (isFunction(beforeRedirect)) { var responseDetails = { @@ -100618,6 +100627,9 @@ var require_follow_redirects = __commonJS({ var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } + function isArray(value) { + return value instanceof Array; + } function isString2(value) { return typeof value === "string" || value instanceof String; } @@ -100630,6 +100642,9 @@ var require_follow_redirects = __commonJS({ function isURL(value) { return URL2 && value instanceof URL2; } + function escapeRegex(regex) { + return regex.replace(/[\]\\/()*+?.$]/g, "\\$&"); + } module2.exports = wrap({ http, https: https2 }); module2.exports.wrap = wrap; } diff --git a/package-lock.json b/package-lock.json index cec7caa6d2..8fba501228 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,7 +25,7 @@ "@octokit/plugin-retry": "^8.1.0", "archiver": "^7.0.1", "fast-deep-equal": "^3.1.3", - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "get-folder-size": "^5.0.0", "https-proxy-agent": "^7.0.6", "js-yaml": "^4.1.1", @@ -5841,9 +5841,9 @@ "license": "ISC" }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "funding": [ { "type": "individual", diff --git a/package.json b/package.json index 4330f05a8b..068d298540 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "@octokit/plugin-retry": "^8.1.0", "archiver": "^7.0.1", "fast-deep-equal": "^3.1.3", - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "get-folder-size": "^5.0.0", "https-proxy-agent": "^7.0.6", "js-yaml": "^4.1.1",