npm - setup-php - Versions diffs - 2.36.0 → 2.37.1 - Mend

setup-php 2.36.0 → 2.37.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/README.md +15 -12
package/lib/config.js +5 -2
package/lib/config.js.map +1 -1
package/lib/core.d.ts +8 -0
package/lib/core.js +55 -0
package/lib/core.js.map +1 -0
package/lib/extensions.js +9 -8
package/lib/extensions.js.map +1 -1
package/lib/fetch.js +25 -70
package/lib/fetch.js.map +1 -1
package/lib/install.js +3 -3
package/lib/install.js.map +1 -1
package/lib/tools.d.ts +50 -21
package/lib/tools.js +211 -150
package/lib/tools.js.map +1 -1
package/lib/utils.d.ts +3 -0
package/lib/utils.js +62 -26
package/lib/utils.js.map +1 -1
package/package.json +20 -20
package/src/config.ts +5 -2
package/src/configs/brew_extensions +19 -0
package/src/configs/composer-gh-auth-no-op +3 -0
package/src/configs/composer-gh-auth-warn +1 -0
package/src/configs/os_releases.csv +4 -1
package/src/core.ts +112 -0
package/src/extensions.ts +16 -15
package/src/fetch.ts +28 -42
package/src/install.ts +6 -3
package/src/scripts/darwin.sh +12 -6
package/src/scripts/extensions/couchbase.sh +13 -2
package/src/scripts/extensions/firebird.sh +6 -23
package/src/scripts/extensions/gearman.sh +1 -1
package/src/scripts/extensions/http.ps1 +7 -5
package/src/scripts/extensions/phalcon.ps1 +3 -21
package/src/scripts/extensions/phalcon.sh +2 -0
package/src/scripts/extensions/relay.sh +5 -2
package/src/scripts/extensions/source.sh +3 -1
package/src/scripts/extensions/sqlsrv.ps1 +2 -0
package/src/scripts/extensions/sqlsrv.sh +2 -0
package/src/scripts/linux.sh +49 -9
package/src/scripts/tools/add_tools.ps1 +75 -27
package/src/scripts/tools/add_tools.sh +67 -23
package/src/scripts/tools/blackfire.sh +1 -1
package/src/scripts/tools/brew.sh +130 -0
package/src/scripts/tools/grpc_php_plugin.sh +2 -2
package/src/scripts/tools/ppa.sh +5 -1
package/src/scripts/unix.sh +7 -3
package/src/scripts/win32.ps1 +17 -11
package/src/tools.ts +349 -203
package/src/utils.ts +81 -34

package/src/utils.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import fs from 'fs';
 import * as path from 'path';
-import * as core from '@actions/core';
+import * as core from './core';
 import * as fetch from './fetch';
 /**
@@ -62,15 +62,31 @@ export async function getManifestURLS(): Promise<string[]> {
  */
 export async function parseVersion(version: string): Promise<string> {
   switch (true) {
-    case /^(latest|lowest|highest|nightly|\d+\.x)$/.test(version):
+    case /^pre(-installed)?$/.test(version):
+      return 'pre';
+    case /^(latest|lowest|highest|nightly|master|\d+\.x)$/.test(version):
       for (const manifestURL of await getManifestURLS()) {
         const fetchResult = await fetch.fetch(manifestURL);
         if (fetchResult['data'] ?? false) {
-          return JSON.parse(fetchResult['data'])[version];
+          const resolved: string | undefined = JSON.parse(fetchResult['data'])[
+            version
+          ];
+          if (resolved === undefined) {
+            throw new Error(`Invalid PHP version: ${version.slice(0, 20)}`);
+          }
+          if (!/^\d+\.\d+$/.test(resolved)) {
+            throw new Error(
+              `Invalid PHP version in manifest: ${resolved.slice(0, 10)}`
+            );
+          }
+          return resolved;
         }
       }
       throw new Error(`Could not fetch the PHP version manifest.`);
     default:
+      if (!/^\d+(\.\d+){0,2}$/.test(version)) {
+        throw new Error(`Invalid PHP version: ${version.slice(0, 20)}`);
+      }
       switch (true) {
         case version.length > 1:
           return version.slice(0, 3);
@@ -86,20 +102,16 @@ export async function parseVersion(version: string): Promise<string> {
  * @param ini_file
  */
 export async function parseIniFile(ini_file: string): Promise<string> {
-  switch (true) {
-    case /^(production|development|none)$/.test(ini_file):
-      return ini_file;
-    case /php\.ini-(production|development)$/.test(ini_file):
-      return ini_file.split('-')[1];
-    default:
-      return 'production';
+  if (/^(production|development|none)$/.test(ini_file)) {
+    return ini_file;
   }
+  const match = ini_file.match(/php\.ini-(production|development)$/);
+  return match ? match[1] : 'production';
 }
 /**
- * Async foreach loop
+ * Async foreach loop using modern for...of pattern
  *
- * @author https://github.com/Atinux
  * @param array
  * @param callback
  */
@@ -111,8 +123,8 @@ export async function asyncForEach(
     array: Array<string>
   ) => Promise<void>
 ): Promise<void> {
-  for (let index = 0; index < array.length; index++) {
-    await callback(array[index], index, array);
+  for (const [index, element] of array.entries()) {
+    await callback(element, index, array);
   }
 }
@@ -173,10 +185,10 @@ export async function log(
 export async function stepLog(message: string, os: string): Promise<string> {
   switch (os) {
     case 'win32':
-      return 'Step-Log "' + message + '"';
+      return 'Step-Log "' + escapeForShell(message, os) + '"';
     case 'linux':
     case 'darwin':
-      return 'step_log "' + message + '"';
+      return 'step_log "' + escapeForShell(message, os) + '"';
     default:
       return await log('Platform ' + os + ' is not supported', os, 'error');
   }
@@ -195,17 +207,40 @@ export async function addLog(
   message: string,
   os: string
 ): Promise<string> {
+  const sub = escapeForShell(subject, os);
+  const msg = escapeForShell(message, os);
   switch (os) {
     case 'win32':
-      return 'Add-Log "' + mark + '" "' + subject + '" "' + message + '"';
+      return `Add-Log "${mark}" "${sub}" "${msg}"`;
     case 'linux':
     case 'darwin':
-      return 'add_log "' + mark + '" "' + subject + '" "' + message + '"';
+      return `add_log "${mark}" "${sub}" "${msg}"`;
     default:
       return await log('Platform ' + os + ' is not supported', os, 'error');
   }
 }
+export function escapeForShell(value: string, os: string): string {
+  if (os === 'win32') {
+    return value.replace(/[`$"]/g, '`$&');
+  }
+  return value.replace(/[\\`$"]/g, '\\$&');
+}
+export function safeArg(value: string, os: string): string {
+  if (!/^[a-zA-Z0-9_./:@+,~^-]*$/.test(value)) {
+    return '"' + escapeForShell(value, os) + '"';
+  }
+  return value;
+}
+export function sanitizeShellInput(value: string, strict = false): string {
+  const pattern = strict
+    ? /[$`"';|&(){}[\]\\<>*?\n\r\t]/g
+    : /[$`"';|&(){}[\]\\\n\r\t]/g;
+  return value.replace(pattern, '');
+}
 /**
  * Function to break extension csv into an array
  *
@@ -225,11 +260,11 @@ export async function extensionArray(
           .split(',')
           .map(function (extension: string) {
+            extension = extension.trim().replace(/^\\\s*/, '');
             if (/.+-.+\/.+@.+/.test(extension)) {
               return extension;
             }
             return extension
-              .trim()
               .toLowerCase()
               .replace(/^(:)?(php[-_]|none|zend )|(-[^-]*)-/, '$1$3');
           })
@@ -432,22 +467,35 @@ export async function parseExtensionSource(
   );
 }
+const VERSION_INPUT_REGEX =
+  /^(latest|lowest|highest|nightly|master|pre|pre-installed|\d+\.x|\d+(\.\d+){0,2})$/;
+function validatePHPVersionInput(version: string, source: string): string {
+  if (!VERSION_INPUT_REGEX.test(version)) {
+    throw new Error(
+      `Invalid PHP version in ${source}: ${version.slice(0, 20)}`
+    );
+  }
+  return version;
+}
 /**
  * Read php version from input or file
  */
 export async function readPHPVersion(): Promise<string> {
   const version = await getInput('php-version', false);
   if (version) {
-    return version;
+    return validatePHPVersionInput(version, 'php-version input');
   }
   const versionFile =
     (await getInput('php-version-file', false)) || '.php-version';
   if (fs.existsSync(versionFile)) {
     const contents: string = fs.readFileSync(versionFile, 'utf8');
-    const match: RegExpMatchArray | null = contents.match(
-      /^(?:php\s)?(\d+\.\d+\.\d+)$/m
+    const match = contents.match(/^(?:php\s)?(\d+\.\d+\.\d+)$/m);
+    return validatePHPVersionInput(
+      match ? match[1] : contents.trim(),
+      versionFile
     );
-    return match ? match[1] : contents.trim();
   } else if (versionFile !== '.php-version') {
     throw new Error(`Could not find '${versionFile}' file.`);
   }
@@ -457,11 +505,11 @@ export async function readPHPVersion(): Promise<string> {
   if (fs.existsSync(composerLock)) {
     const lockFileContents = JSON.parse(fs.readFileSync(composerLock, 'utf8'));
     /* istanbul ignore next */
-    if (
-      lockFileContents['platform-overrides'] &&
-      lockFileContents['platform-overrides']['php']
-    ) {
-      return lockFileContents['platform-overrides']['php'];
+    if (lockFileContents['platform-overrides']?.['php']) {
+      return validatePHPVersionInput(
+        lockFileContents['platform-overrides']['php'],
+        'composer.lock platform-overrides.php'
+      );
     }
   }
@@ -471,12 +519,11 @@ export async function readPHPVersion(): Promise<string> {
       fs.readFileSync(composerJson, 'utf8')
     );
     /* istanbul ignore next */
-    if (
-      composerFileContents['config'] &&
-      composerFileContents['config']['platform'] &&
-      composerFileContents['config']['platform']['php']
-    ) {
-      return composerFileContents['config']['platform']['php'];
+    if (composerFileContents['config']?.['platform']?.['php']) {
+      return validatePHPVersionInput(
+        composerFileContents['config']['platform']['php'],
+        'composer.json config.platform.php'
+      );
     }
   }