Merge pull request #287 from codecov/update-validation-regex

Update validation regex, pull checksums into script, and bump to 1.4.1
Lint
2025-12-08 16:16:24 +00:00 · 2021-04-20 08:59:13 -04:00 · 2021-04-20 08:38:33 -04:00 · 2021-04-20 08:35:56 -04:00 · 2021-04-19 21:23:35 -04:00 · 2021-04-16 12:54:26 -04:00
9 changed files with 322 additions and 78 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,26 +1,33 @@
-## 1.3.1
+## 1.4.1
+## Fixes
+- #287 Update VERSION regex to restrict on digits and dot and move checksums into script

+## 1.4.0
+### Features
+- #282 Add checksum verification of bash script
+
+## 1.3.2
+### Fixes
+- #264 Overwrites pr number for pull_request_target events
+
+## 1.3.1
 ### Fixes
 - #253 Add `network_filter` to action manifest

 ## 1.3.0
-
 ### Features
 - #252 Add "network_filter" input

 ## 1.2.2
-
 ### Fixes
 - #241 pass root_dir using proper bash arg
 - #244 Overwrite the commit on pull_request* events

 ## 1.2.1
-
 ### Fixes
 - #196 Add parameters to the action.yml

 ## 1.2.0
-
 ### Features
 - #193 Add all the bash params

@@ -28,13 +35,11 @@
 - #193 Fixes issue with working-directory

 ## 1.1.1
-
 ### Fixes
 - #184 Add automations ensure proper builds and deployments
 - #184 Fixes verbose flag

 ## 1.1.0
-
 ### Features
 - #110 Add "working-directory:" input
 - #174 Support Xcode specificed parameters
--- a/action.yml
+++ b/action.yml
@@ -59,6 +59,9 @@ inputs:
  name:
    description: 'User defined upload name. Visible in Codecov UI'
    required: false
+  network_filter:
+    description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)'
+    required: false
  override_branch:
    description: 'Specify the branch name'
    required: false
@@ -74,9 +77,6 @@ inputs:
  override_tag:
    description: 'Specify the git tag'
    required: false
-  network_filter:
-    description: 'Used to restrict the set of git/hg files that can be matched with filenames in the coverage report. This is useful for monorepos or other setups where a full filepath may not be specified in the coverage report, and that shortened filepath may appear multiple times in a directory structure (e.g. __init__.py)'
-    required: false
  path_to_write_report:
    description: 'Write upload file to path before uploading'
    required: false
--- a/dist/index.js
+++ b/dist/index.js
@@ -13152,12 +13152,49 @@ module.exports = {"$id":"log.json#","$schema":"http://json-schema.org/draft-06/s

 "use strict";

+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
 exports.__esModule = true;
 var core = __webpack_require__(470);
 var exec = __webpack_require__(986);
 var fs = __webpack_require__(747);
 var request = __webpack_require__(335);
 var buildExec_1 = __webpack_require__(983);
+var validate_1 = __webpack_require__(743);
 var failCi;
 try {
    request({
@@ -13165,49 +13202,61 @@ try {
        maxAttempts: 10,
        timeout: 3000,
        url: 'https://codecov.io/bash',
-    }, function (error, response, body) {
-        var _a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi;
-        try {
-            if (error && failCi) {
-                throw error;
-            }
-            else if (error) {
-                core.warning("Codecov warning: " + error.message);
-            }
-            fs.writeFile(filepath, body, function (err) {
-                if (err && failCi) {
-                    throw err;
+    }, function (error, response, body) { return __awaiter(void 0, void 0, void 0, function () {
+        var _a, execArgs, options, filepath, failCi, isValid, failure;
+        return __generator(this, function (_b) {
+            _a = buildExec_1["default"](), execArgs = _a.execArgs, options = _a.options, filepath = _a.filepath, failCi = _a.failCi;
+            try {
+                isValid = validate_1["default"](body);
+                if (!isValid) {
+                    failure = 'Codecov failure: ' +
+                        'Bash script checksums do not match published values. ' +
+                        'Please contact security@codecov.io immediately.';
+                    core.setFailed(failure);
+                    throw new Error(failure);
                }
-                else if (err) {
-                    core.warning("Codecov warning: " + err.message);
+                if (error && failCi) {
+                    throw error;
                }
-                exec.exec('bash', execArgs, options)["catch"](function (err) {
-                    if (failCi) {
-                        core.setFailed("Codecov failed with the following error: " + err.message);
+                else if (error) {
+                    core.warning("Codecov warning: " + error.message);
+                }
+                fs.writeFile(filepath, body, function (err) {
+                    if (err && failCi) {
+                        throw err;
                    }
-                    else {
+                    else if (err) {
                        core.warning("Codecov warning: " + err.message);
                    }
-                })
-                    .then(function () {
-                    unlinkFile();
-                });
-                var unlinkFile = function () {
-                    fs.unlink(filepath, function (err) {
-                        if (err && failCi) {
-                            throw err;
+                    exec.exec('bash', execArgs, options)["catch"](function (err) {
+                        if (failCi) {
+                            core.setFailed("Codecov failed with the following error: " + err.message);
                        }
-                        else if (err) {
+                        else {
                            core.warning("Codecov warning: " + err.message);
                        }
+                    })
+                        .then(function () {
+                        unlinkFile();
                    });
-                };
-            });
-        }
-        catch (error) {
-            core.setFailed("Codecov failed with the following error: " + error.message);
-        }
-    });
+                    var unlinkFile = function () {
+                        fs.unlink(filepath, function (err) {
+                            if (err && failCi) {
+                                throw err;
+                            }
+                            else if (err) {
+                                core.warning("Codecov warning: " + err.message);
+                            }
+                        });
+                    };
+                });
+            }
+            catch (error) {
+                core.setFailed("Codecov failed with the following error: " + error.message);
+            }
+            return [2 /*return*/];
+        });
+    }); });
 }
 catch (error) {
    if (failCi) {
@@ -49116,7 +49165,69 @@ module.exports = function (data, opts) {


 /***/ }),
-/* 743 */,
+/* 743 */
+/***/ (function(__unusedmodule, exports, __webpack_require__) {
+
+"use strict";
+
+exports.__esModule = true;
+exports.retrieveChecksum = void 0;
+var crypto = __webpack_require__(417);
+var core = __webpack_require__(470);
+var validateUploader = function (body) {
+    var version = getVersion(body);
+    if (version === null) {
+        core.warning('Codecov could not identify the bash uploader version.');
+        return false;
+    }
+    for (var _i = 0, _a = [1, 256, 512]; _i < _a.length; _i++) {
+        var i = _a[_i];
+        var publicChecksum = exports.retrieveChecksum(version, i);
+        var uploaderChecksum = calculateChecksum(body, i);
+        if (uploaderChecksum !== publicChecksum) {
+            core.warning("Codecov " + version + " checksums for SHA" + i + " failed to match.\n" +
+                ("Public checksum:   " + publicChecksum) +
+                ("Uploader checksum: " + uploaderChecksum));
+            return false;
+        }
+    }
+    return true;
+};
+var retrieveChecksum = function (version, encryption) {
+    var checksums = {
+        '1.0.1': {
+            '1': '0ddc61a9408418c73b19a1375f63bb460dc947a8',
+            '256': '89c658e261d5f25533598a222fd96cf17a5fa0eb3772f2defac754d9970b2ec8',
+            '512': 'd075b412a362a9a2b7aedfec3b8b9a9a927b3b99e98c7c15a2b76ef09862ae' +
+                'b005e91d76a5fd71b511141496d0fd23d1b42095f722ebcd509d768fba030f159e',
+        },
+        '1.0.2': {
+            '1': '537069158a6f72b145cfe5f782dceb608d9ef594',
+            '256': 'd6aa3207c4908d123bd8af62ec0538e3f2b9f257c3de62fad4e29cd3b59b41d9',
+            '512': 'b6492196dd844cd81a688536bb42463d28bd666448335c4a8fc7f8f9b9b9af' +
+                'c346a467e3401e3fc49e6047442a30d93a4adfaa1590101224a186013c6179c48d',
+        },
+    };
+    if (version in checksums && encryption in checksums[version]) {
+        return checksums[version][encryption];
+    }
+    return null;
+};
+exports.retrieveChecksum = retrieveChecksum;
+var calculateChecksum = function (body, i) {
+    var shasum = crypto.createHash("sha" + i);
+    shasum.update(body);
+    return "" + shasum.digest('hex');
+};
+var getVersion = function (body) {
+    var regex = /VERSION="([\d\.]+)"/g;
+    var match = regex.exec(body);
+    return match ? match[1] : null;
+};
+exports["default"] = validateUploader;
+
+
+/***/ }),
 /* 744 */
 /***/ (function(module) {

@@ -59636,6 +59747,9 @@ var buildExec = function () {
    if (overridePr) {
        execArgs.push('-P', "" + overridePr);
    }
+    else if ("" + context.eventName == 'pull_request_target') {
+        execArgs.push('-P', "" + context.payload.number);
+    }
    if (overrideTag) {
        execArgs.push('-T', "" + overrideTag);
    }
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codecov-action",
-  "version": "1.3.1",
+  "version": "1.4.1",
  "lockfileVersion": 1,
  "requires": true,
  "dependencies": {
@@ -1284,41 +1284,41 @@
      }
    },
    "@typescript-eslint/parser": {
-      "version": "4.16.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.16.1.tgz",
-      "integrity": "sha512-/c0LEZcDL5y8RyI1zLcmZMvJrsR6SM1uetskFkoh3dvqDKVXPsXI+wFB/CbVw7WkEyyTKobC1mUNp/5y6gRvXg==",
+      "version": "4.20.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.20.0.tgz",
+      "integrity": "sha512-m6vDtgL9EABdjMtKVw5rr6DdeMCH3OA1vFb0dAyuZSa3e5yw1YRzlwFnm9knma9Lz6b2GPvoNSa8vOXrqsaglA==",
      "dev": true,
      "requires": {
-        "@typescript-eslint/scope-manager": "4.16.1",
-        "@typescript-eslint/types": "4.16.1",
-        "@typescript-eslint/typescript-estree": "4.16.1",
+        "@typescript-eslint/scope-manager": "4.20.0",
+        "@typescript-eslint/types": "4.20.0",
+        "@typescript-eslint/typescript-estree": "4.20.0",
        "debug": "^4.1.1"
      },
      "dependencies": {
        "@typescript-eslint/scope-manager": {
-          "version": "4.16.1",
-          "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.16.1.tgz",
-          "integrity": "sha512-6IlZv9JaurqV0jkEg923cV49aAn8V6+1H1DRfhRcvZUrptQ+UtSKHb5kwTayzOYTJJ/RsYZdcvhOEKiBLyc0Cw==",
+          "version": "4.20.0",
+          "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.20.0.tgz",
+          "integrity": "sha512-/zm6WR6iclD5HhGpcwl/GOYDTzrTHmvf8LLLkwKqqPKG6+KZt/CfSgPCiybshmck66M2L5fWSF/MKNuCwtKQSQ==",
          "dev": true,
          "requires": {
-            "@typescript-eslint/types": "4.16.1",
-            "@typescript-eslint/visitor-keys": "4.16.1"
+            "@typescript-eslint/types": "4.20.0",
+            "@typescript-eslint/visitor-keys": "4.20.0"
          }
        },
        "@typescript-eslint/types": {
-          "version": "4.16.1",
-          "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.16.1.tgz",
-          "integrity": "sha512-nnKqBwMgRlhzmJQF8tnFDZWfunXmJyuXj55xc8Kbfup4PbkzdoDXZvzN8//EiKR27J6vUSU8j4t37yUuYPiLqA==",
+          "version": "4.20.0",
+          "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.20.0.tgz",
+          "integrity": "sha512-cYY+1PIjei1nk49JAPnH1VEnu7OYdWRdJhYI5wiKOUMhLTG1qsx5cQxCUTuwWCmQoyriadz3Ni8HZmGSofeC+w==",
          "dev": true
        },
        "@typescript-eslint/typescript-estree": {
-          "version": "4.16.1",
-          "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.16.1.tgz",
-          "integrity": "sha512-m8I/DKHa8YbeHt31T+UGd/l8Kwr0XCTCZL3H4HMvvLCT7HU9V7yYdinTOv1gf/zfqNeDcCgaFH2BMsS8x6NvJg==",
+          "version": "4.20.0",
+          "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.20.0.tgz",
+          "integrity": "sha512-Knpp0reOd4ZsyoEJdW8i/sK3mtZ47Ls7ZHvD8WVABNx5Xnn7KhenMTRGegoyMTx6TiXlOVgMz9r0pDgXTEEIHA==",
          "dev": true,
          "requires": {
-            "@typescript-eslint/types": "4.16.1",
-            "@typescript-eslint/visitor-keys": "4.16.1",
+            "@typescript-eslint/types": "4.20.0",
+            "@typescript-eslint/visitor-keys": "4.20.0",
            "debug": "^4.1.1",
            "globby": "^11.0.1",
            "is-glob": "^4.0.1",
@@ -1327,19 +1327,19 @@
          }
        },
        "@typescript-eslint/visitor-keys": {
-          "version": "4.16.1",
-          "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.16.1.tgz",
-          "integrity": "sha512-s/aIP1XcMkEqCNcPQtl60ogUYjSM8FU2mq1O7y5cFf3Xcob1z1iXWNB6cC43Op+NGRTFgGolri6s8z/efA9i1w==",
+          "version": "4.20.0",
+          "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.20.0.tgz",
+          "integrity": "sha512-NXKRM3oOVQL8yNFDNCZuieRIwZ5UtjNLYtmMx2PacEAGmbaEYtGgVHUHVyZvU/0rYZcizdrWjDo+WBtRPSgq+A==",
          "dev": true,
          "requires": {
-            "@typescript-eslint/types": "4.16.1",
+            "@typescript-eslint/types": "4.20.0",
            "eslint-visitor-keys": "^2.0.0"
          }
        },
        "semver": {
-          "version": "7.3.4",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz",
-          "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==",
+          "version": "7.3.5",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
+          "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
          "dev": true,
          "requires": {
            "lru-cache": "^6.0.0"
@@ -6589,9 +6589,9 @@
      "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw=="
    },
    "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w=="
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ=="
    },
    "yallist": {
      "version": "4.0.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codecov-action",
-  "version": "1.3.1",
+  "version": "1.4.1",
  "description": "Upload coverage reports to Codecov from GitHub Actions",
  "main": "index.js",
  "scripts": {
@@ -39,7 +39,7 @@
  },
  "devDependencies": {
    "@typescript-eslint/eslint-plugin": "^4.16.1",
-    "@typescript-eslint/parser": "^4.16.1",
+    "@typescript-eslint/parser": "^4.20.0",
    "eslint": "^7.21.0",
    "eslint-config-google": "^0.14.0"
  }
--- a/src/buildExec.ts
+++ b/src/buildExec.ts
@@ -143,6 +143,10 @@ const buildExec = () => {
  }
  if (overridePr) {
    execArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    execArgs.push('-P', `${context.payload.number}`);
  }
  if (overrideTag) {
    execArgs.push('-T', `${overrideTag}`);
--- a/src/index.ts
+++ b/src/index.ts
@@ -5,6 +5,7 @@ const fs = require('fs');
 const request = require('requestretry');

 import buildExec from './buildExec';
+import validateUploader from './validate';

 let failCi;
 try {
@@ -13,10 +14,19 @@ try {
    maxAttempts: 10,
    timeout: 3000,
    url: 'https://codecov.io/bash',
-  }, (error, response, body) => {
+  }, async (error, response, body) => {
    const {execArgs, options, filepath, failCi} = buildExec();

    try {
+      const isValid = validateUploader(body);
+      if (!isValid) {
+        const failure = 'Codecov failure: ' +
+            'Bash script checksums do not match published values. ' +
+            'Please contact security@codecov.io immediately.';
+        core.setFailed(failure);
+        throw new Error(failure);
+      }
+
      if (error && failCi) {
        throw error;
      } else if (error) {
--- a/src/validate.test.ts
+++ b/src/validate.test.ts
@@ -0,0 +1,50 @@
+import validateUploader, {retrieveChecksum} from './validate';
+
+const request = require('requestretry');
+
+const bashScript = (async () => {
+  try {
+    const script = await request({
+      json: false,
+      maxAttempts: 10,
+      timeout: 3000,
+      url: 'https://codecov.io/bash',
+    });
+    return script.body;
+  } catch (err) {
+    throw err;
+  }
+});
+
+test('valid checksums', async () => {
+  const valid = validateUploader(await bashScript());
+  expect(valid).toBeTruthy();
+});
+
+test('invalid checksums', async () => {
+  const script = await bashScript();
+  const valid = validateUploader(script.substring(0, script.length - 1));
+  expect(valid).toBeFalsy();
+});
+
+test('invalid script version', async () => {
+  const script = await bashScript();
+  const valid = validateUploader(script.substring(0, 20));
+  expect(valid).toBeFalsy();
+});
+
+test('invalid public checksum file', () => {
+  const checksum = retrieveChecksum('foo', 'bar');
+  expect(checksum).toBeFalsy();
+});
+
+test('invalid public checksum file', () => {
+  const checksum = retrieveChecksum('foo', 'bar');
+  expect(checksum).toBeFalsy();
+});
+
+test('invalid encryption', () => {
+  const checksum = retrieveChecksum('1.0.1', 'foo');
+  expect(checksum).toBeFalsy();
+});
+
--- a/src/validate.ts
+++ b/src/validate.ts
@@ -0,0 +1,61 @@
+const crypto = require('crypto');
+
+const core = require('@actions/core');
+
+const validateUploader = (body) => {
+  const version = getVersion(body);
+  if (version === null) {
+    core.warning('Codecov could not identify the bash uploader version.');
+    return false;
+  }
+
+  for (const i of [1, 256, 512]) {
+    const publicChecksum = retrieveChecksum(version, i);
+    const uploaderChecksum = calculateChecksum(body, i);
+    if (uploaderChecksum !== publicChecksum) {
+      core.warning(
+          `Codecov ${version} checksums for SHA${i} failed to match.\n` +
+          `Public checksum:   ${publicChecksum}` +
+          `Uploader checksum: ${uploaderChecksum}`,
+      );
+      return false;
+    }
+  }
+  return true;
+};
+
+export const retrieveChecksum = (version, encryption) => {
+  const checksums = {
+    '1.0.1': {
+      '1': '0ddc61a9408418c73b19a1375f63bb460dc947a8',
+      '256': '89c658e261d5f25533598a222fd96cf17a5fa0eb3772f2defac754d9970b2ec8',
+      '512': 'd075b412a362a9a2b7aedfec3b8b9a9a927b3b99e98c7c15a2b76ef09862ae' +
+        'b005e91d76a5fd71b511141496d0fd23d1b42095f722ebcd509d768fba030f159e',
+    },
+    '1.0.2': {
+      '1': '537069158a6f72b145cfe5f782dceb608d9ef594',
+      '256': 'd6aa3207c4908d123bd8af62ec0538e3f2b9f257c3de62fad4e29cd3b59b41d9',
+      '512': 'b6492196dd844cd81a688536bb42463d28bd666448335c4a8fc7f8f9b9b9af' +
+        'c346a467e3401e3fc49e6047442a30d93a4adfaa1590101224a186013c6179c48d',
+    },
+  };
+
+  if (version in checksums && encryption in checksums[version]) {
+    return checksums[version][encryption];
+  }
+  return null;
+};
+
+const calculateChecksum = (body, i) => {
+  const shasum = crypto.createHash(`sha${i}`);
+  shasum.update(body);
+  return `${shasum.digest('hex')}`;
+};
+
+const getVersion = (body) => {
+  const regex = /VERSION="([\d\.]+)"/g;
+  const match = regex.exec(body);
+  return match ? match[1] : null;
+};
+
+export default validateUploader;
Author	SHA1	Message	Date
Tom Hu	967e2b38a8	Merge pull request #287 from codecov/update-validation-regex Update validation regex, pull checksums into script, and bump to 1.4.1	2021-04-20 08:59:13 -04:00
Tom Hu	77a7b61cd5	Lint	2021-04-20 08:38:33 -04:00
Tom Hu	50895b2a6f	Pull checksums into script	2021-04-20 08:35:56 -04:00
Tom Hu	95e6f30a60	Update validation regex and bump to 1.4.1	2021-04-19 21:23:35 -04:00
Tom Hu	0e28ff86a5	Merge pull request #284 from codecov/1.4.0 Bump to 1.4.0	2021-04-16 12:54:26 -04:00
Tom Hu	72182f9425	Bump to 1.4.0	2021-04-16 11:23:33 -04:00
Tom Hu	ce1ffb8db7	Merge pull request #282 from codecov/add-checksum-verification Add checksum verification of bash script	2021-04-16 11:21:04 -04:00
Tom Hu	864620acb9	Use i not 1	2021-04-16 07:58:51 -04:00
Tom Hu	6ac8172373	copypasta	2021-04-15 22:30:15 -04:00
Tom Hu	5ab0dbc584	alpha	2021-04-15 22:28:38 -04:00
Tom Hu	5e8c27dd4d	tab	2021-04-15 22:26:06 -04:00
Tom Hu	444b352d52	Update tests	2021-04-15 22:25:03 -04:00
Tom Hu	83cbbf806b	Add another test	2021-04-15 22:10:41 -04:00
Tom Hu	040839f579	Add validation of checksums	2021-04-15 22:08:27 -04:00
Tom Hu	6e56f7a5a6	Test version pulling	2021-04-15 11:25:10 -04:00
Tom Hu	9b0b9bbe2c	Merge pull request #265 from codecov/dependabot/npm_and_yarn/typescript-eslint/parser-4.20.0 Bump @typescript-eslint/parser from 4.16.1 to 4.20.0	2021-04-02 15:07:48 -04:00
Tom Hu	1ee0196081	Merge pull request #264 from codecov/1.3.2 Overwrite pull_request_target pr number	2021-04-02 15:07:05 -04:00
Eli Hooten	c6a36d2dbb	Merge pull request #263 from codecov/dependabot/npm_and_yarn/y18n-4.0.1 [Security] Bump y18n from 4.0.0 to 4.0.1	2021-04-01 09:24:23 -05:00
dependabot-preview[bot]	aaf0ccb935	Bump @typescript-eslint/parser from 4.16.1 to 4.20.0 Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.16.1 to 4.20.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.20.0/packages/parser) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	2021-03-30 06:38:32 +00:00
Tom Hu	d9a1bbc2da	Overwrite pull_request_target pr number	2021-03-29 18:11:53 -04:00
dependabot-preview[bot]	18017b2a95	[Security] Bump y18n from 4.0.0 to 4.0.1 Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. This update includes a security fix. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	2021-03-29 18:40:26 +00:00