Skip to content
PR

fix: Update pullRemote.js to set appropriate directory permissions #1640

Sign in to view logs

fix: Update pullRemote.js to set appropriate directory permissions

fix: Update pullRemote.js to set appropriate directory permissions #1640

Triggered via pull request November 22, 2024 03:47
@coopernetescoopernetes
edited #782
Status Success
Total duration 14s
Artifacts

pr-lint.yml

on: pull_request_target
Validate & Label PR
5s
Validate & Label PR
Fit to window
Zoom out
Zoom in

Annotations

2 errors
Validate & Label PR
Resource not accessible by integration { name: 'HttpError', id: '11966106052', status: 403, response: { url: 'https://api.github.com/repos/finos/git-proxy/releases', status: 403, headers: { 'access-control-allow-origin': '*', 'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset', connection: 'close', 'content-encoding': 'gzip', 'content-security-policy': "default-src 'none'", 'content-type': 'application/json; charset=utf-8', date: 'Fri, 22 Nov 2024 03:47:41 GMT', 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', server: 'github.com', 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload', 'transfer-encoding': 'chunked', vary: 'Accept-Encoding, Accept, X-Requested-With', 'x-accepted-github-permissions': 'contents=write; contents=write,workflows=write', 'x-content-type-options': 'nosniff', 'x-frame-options': 'deny', 'x-github-api-version-selected': '2022-11-28', 'x-github-media-type': 'github.v3; format=json', 'x-github-request-id': '3449:264874:6829DE2:CBE52F5:673FFEDD', 'x-ratelimit-limit': '5000', 'x-ratelimit-remaining': '4986', 'x-ratelimit-reset': '1732250858', 'x-ratelimit-resource': 'core', 'x-ratelimit-used': '14', 'x-xss-protection': '0' }, data: { message: 'Resource not accessible by integration', documentation_url: 'https://docs.github.com/rest/releases/releases#create-a-release', status: '403' } }, request: { method: 'POST', url: 'https://api.github.com/repos/finos/git-proxy/releases', headers: { accept: 'application/vnd.github.v3+json', 'user-agent': 'probot/12.2.5 octokit-core.js/3.5.1 Node.js/20.13.1 (linux; x64)', authorization: 'token [REDACTED]', 'content-type': 'application/json; charset=utf-8' }, body: `{"target_commitish":"refs/heads/main","name":"Version 1.7.1","tag_name":"v1.7.1","body":"### What's Changed\\n\\n* No changes\\n\\n---\\n\\n*Full Changelog**: https://github.com/finos/git-proxy/compare/v1.7.0...v1.7.1\\n","draft":true,"prerelease":false,"make_latest":"true"}`, request: {} }, event: { id: '11966106052', name: 'pull_request_target', payload: { action: 'edited', changes: { body: { from: 'This PR modifies the directory creation permissions in the pullRemote function of pullRemote.js. \r\n' + '\r\n' + 'Previously, the function was setting directory permissions to 0777 (full read, write, and execute permissions for user, group, and others). This approach is not aligned with best practices for security, particularly in secure environments such as OpenShift, where overly permissive settings can lead to vulnerabilities.\r\n' + '\r\n' + 'The updated code now sets the permissions to 0755 (read, write, and execute for the user; read and execute for group and others). This change enhances security by restricting write access to the owner only while still allowing necessary read and execute permissions.' } }, number: 782, organization: { avatar_url: 'https://avatars.githubusercontent.com/u/35377814?v=4', description: 'FINOS’ mission is to promote open innovation in financial services. See our full list of repos from our nearly 100 projects & 11 programs at finos.github.io', events_url: 'https://api.github.com/orgs/finos/events', hooks_url: 'https://api.github.com/orgs/finos/hooks', id: 35377814, issues_url: 'https://api.github.com/orgs/finos/issues', login: 'finos', members_url: 'https://api.github.com/orgs/finos/members{/member}', node_id: 'MDEyOk9yZ2FuaXphdG
Validate & Label PR
HttpError: Resource not accessible by integration at /home/runner/work/_actions/release-drafter/release-drafter/v6/dist/index.js:8462:21 at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Job.doExecute (/home/runner/work/_actions/release-drafter/release-drafter/v6/dist/index.js:30793:18) { name: 'AggregateError', event: { id: '11966106052', name: 'pull_request_target', payload: { action: 'edited', changes: { body: { from: 'This PR modifies the directory creation permissions in the pullRemote function of pullRemote.js. \r\n' + '\r\n' + 'Previously, the function was setting directory permissions to 0777 (full read, write, and execute permissions for user, group, and others). This approach is not aligned with best practices for security, particularly in secure environments such as OpenShift, where overly permissive settings can lead to vulnerabilities.\r\n' + '\r\n' + 'The updated code now sets the permissions to 0755 (read, write, and execute for the user; read and execute for group and others). This change enhances security by restricting write access to the owner only while still allowing necessary read and execute permissions.' } }, number: 782, organization: { avatar_url: 'https://avatars.githubusercontent.com/u/35377814?v=4', description: 'FINOS’ mission is to promote open innovation in financial services. See our full list of repos from our nearly 100 projects & 11 programs at finos.github.io', events_url: 'https://api.github.com/orgs/finos/events', hooks_url: 'https://api.github.com/orgs/finos/hooks', id: 35377814, issues_url: 'https://api.github.com/orgs/finos/issues', login: 'finos', members_url: 'https://api.github.com/orgs/finos/members{/member}', node_id: 'MDEyOk9yZ2FuaXphdGlvbjM1Mzc3ODE0', public_members_url: 'https://api.github.com/orgs/finos/public_members{/member}', repos_url: 'https://api.github.com/orgs/finos/repos', url: 'https://api.github.com/orgs/finos' }, pull_request: { _links: { comments: { href: 'https://api.github.com/repos/finos/git-proxy/issues/782/comments' }, commits: { href: 'https://api.github.com/repos/finos/git-proxy/pulls/782/commits' }, html: { href: 'https://github.com/finos/git-proxy/pull/782' }, issue: { href: 'https://api.github.com/repos/finos/git-proxy/issues/782' }, review_comment: { href: 'https://api.github.com/repos/finos/git-proxy/pulls/comments{/number}' }, review_comments: { href: 'https://api.github.com/repos/finos/git-proxy/pulls/782/comments' }, self: { href: 'https://api.github.com/repos/finos/git-proxy/pulls/782' }, statuses: { href: 'https://api.github.com/repos/finos/git-proxy/statuses/dac735ea46960b2b14972778398a48d4604bfc5f' } }, active_lock_reason: null, additions: 1, assignee: null, assignees: [], author_association: 'CONTRIBUTOR', auto_merge: null, base: { label: 'finos:main', ref: 'main', repo: { allow_auto_merge: false, allow_forking: true, allow_merge_commit: true, allow_rebase_merge: true, allow_squash_merge: true, allow_update_branch: true, archive_url: 'https://api.github.com/repos/finos/git-proxy/{archive_format}{/ref}', archived: false, assignees_url: 'https://api.github.com/repos/finos/git-proxy/assignees{/user}', blobs_url: 'https://api.github.com/repos/finos/git-proxy/git/blobs{/sha}', branches_url: 'https://api.github.com/repos/finos/git-proxy/branches{/branch}', clone_url: 'https://github.com/fin