Patch @azure/logger to fix CodeQL warning

Logging of the AZURE_LOG_LEVEL env var value is considered a security issue, since any environment variable value could contain sensitive information. In this case, logging the value is not really necessary.
gradle · Sep 22, 2022 · c295a40 · c295a40
1 parent 74a56b6
commit c295a40
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 4 deletions.
diff --git a/dist/main/index.js b/dist/main/index.js
@@ -19822,7 +19822,7 @@ if (logLevelFromEnv) {
         setLogLevel(logLevelFromEnv);
     }
     else {
-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
     }
 }
 /**

diff --git a/dist/main/index.js.map b/dist/main/index.js.map
diff --git a/dist/post/index.js b/dist/post/index.js
@@ -18925,7 +18925,7 @@ if (logLevelFromEnv) {
         setLogLevel(logLevelFromEnv);
     }
     else {
-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
     }
 }
 /**

diff --git a/dist/post/index.js.map b/dist/post/index.js.map
diff --git a/patches/@azure+logger+1.0.3.patch b/patches/@azure+logger+1.0.3.patch
@@ -0,0 +1,29 @@
+# Patch removes logging of the AZURE_LOG_LEVEL env var value
+# This logging triggers a high severity Warning from CodeQL, which can prevent organizational users from adopting the action.
+
+diff --git a/node_modules/@azure/logger/dist-esm/src/index.js b/node_modules/@azure/logger/dist-esm/src/index.js
+index 116b59e..cf87f3c 100644
+--- a/node_modules/@azure/logger/dist-esm/src/index.js
++++ b/node_modules/@azure/logger/dist-esm/src/index.js
+@@ -20,7 +20,7 @@ if (logLevelFromEnv) {
+         setLogLevel(logLevelFromEnv);
+     }
+     else {
+-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
++        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+     }
+ }
+ /**
+diff --git a/node_modules/@azure/logger/dist/index.js b/node_modules/@azure/logger/dist/index.js
+index 327fbdb..4432d73 100644
+--- a/node_modules/@azure/logger/dist/index.js
++++ b/node_modules/@azure/logger/dist/index.js
+@@ -122,7 +122,7 @@ if (logLevelFromEnv) {
+         setLogLevel(logLevelFromEnv);
+     }
+     else {
+-        console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
++        console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+     }
+ }
+ /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -19822,7 +19822,7 @@ if (logLevelFromEnv) { @@
             setLogLevel(logLevelFromEnv);
         }
         else {
-            console.error(`AZURE_LOG_LEVEL set to unknown log level '${logLevelFromEnv}'; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
+            console.error(`AZURE_LOG_LEVEL set to unknown log level; logging is not enabled. Acceptable values: ${AZURE_LOG_LEVELS.join(", ")}.`);
         }
     }
     /**
@@ Expand Down @@