Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using GitHub with GITHUB_TOKEN without Prefix leaks token #40

Closed
rowi1de opened this issue Nov 22, 2019 · 1 comment
Closed

Using GitHub with GITHUB_TOKEN without Prefix leaks token #40

rowi1de opened this issue Nov 22, 2019 · 1 comment

Comments

@rowi1de
Copy link

rowi1de commented Nov 22, 2019 

import * as core from '@actions/core';
import { context, GitHub } from '@actions/github'

//comes from {{secrets.GITHUB_TOKEN}}
const repoToken = core.getInput('repo-token', { required: true })
const client = new GitHub(repoToken)

will leak the token on error:

"Could not resolve to a node with the global id of 'M....c='."

19-11-22T16:44:34.9046342Z (node:2404) UnhandledPromiseRejectionWarning: HttpError: Validation Failed: "Could not resolve to a node with the global id of 'M....c='."
2019-11-22T16:44:34.9047036Z     at /home/runner/work/_actions/rowi1de/typescript-action/master/node_modules/@octokit/request/dist-node/index.js:66:23
2019-11-22T16:44:34.9047273Z     at processTicksAndRejections (internal/process/task_queues.js:89:5)
201
@rowi1de rowi1de mentioned this issue Nov 22, 2019
Closed
@rowi1de
Copy link
Author

rowi1de commented Nov 25, 2019

Wrong repo

@rowi1de rowi1de closed this as completed Nov 25, 2019
@rowi1de rowi1de mentioned this issue Nov 27, 2019
Closed
0x4007 added a commit to 0x4007/typescript-action that referenced this issue Sep 30, 2024
@0x4007
Merge pull request actions#40 from jordan-ae/PascalCaseLinter
bad8429 
Implement Pascal Case for Erc20Permit and Erc721Permit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rowi1de