fix: decryption temp file (#285)

* fix decryption temp Signed-off-by: Rishav Dhar <19497993+RDhar@users.noreply.github.com> * try apply Signed-off-by: Rishav Dhar <19497993+RDhar@users.noreply.github.com> * ready to merge Signed-off-by: Rishav Dhar <19497993+RDhar@users.noreply.github.com> --------- Signed-off-by: Rishav Dhar <19497993+RDhar@users.noreply.github.com>
DevSecTop · Aug 26, 2024 · 823de49 · 823de49
1 parent 33985ba
commit 823de49
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 5 deletions.
diff --git a/.github/workflows/tf_sample.yaml b/.github/workflows/tf_sample.yaml
@@ -41,7 +41,7 @@ jobs:
         with:
           aws-region: ${{ env.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_ROLE }}
-          role-session-name: tf-via-pr-${{ github.run_id }}-${{ github.run_attempt}}
+          role-session-name: devsectop-tf-via-pr-${{ github.run_id }}-${{ github.run_attempt}}
 
       - name: Setup TF
         uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4

diff --git a/action.js b/action.js
@@ -305,14 +305,22 @@ module.exports = async ({ context, core, exec, github }) => {
             process.env.arg_chdir.replace(/^-chdir=/, ""),
             process.env.arg_out.replace(/^-out=/, ""),
           ].join("/");
-
+          let temp_file = "";
+
+          await exec.exec("/bin/bash", ["-c", "mktemp"], {
+            listeners: {
+              stdout: (data) => {
+                temp_file += data.toString().trim();
+              },
+            },
+          });
           await exec.exec("/bin/bash", [
             "-c",
-            `export TEMP_FILE=$(mktemp) && printf %s "${process.env.encrypt_passphrase}" > "$TEMP_FILE"`,
+            `printf %s "${process.env.encrypt_passphrase}" > "${temp_file}"`,
           ]);
           await exec.exec("/bin/bash", [
             "-c",
-            `openssl enc -aes-256-ctr -pbkdf2 -salt -in "${working_directory}" -out "${working_directory}.decrypted" -pass file:"$TEMP_FILE" -d`,
+            `openssl enc -aes-256-ctr -pbkdf2 -salt -in "${working_directory}" -out "${working_directory}.decrypted" -pass file:"${temp_file}" -d`,
           ]);
           await exec.exec("/bin/bash", [
             "-c",

diff --git a/action.yml b/action.yml
@@ -353,7 +353,8 @@ runs:
         working_directory: ${{ inputs.arg_chdir }}/${{ inputs.arg_out }}
       shell: bash
       run: |
-        export TEMP_FILE=$(mktemp) && printf %s "$encrypt_passphrase" > "$TEMP_FILE"
+        TEMP_FILE=$(mktemp)
+        printf %s "$encrypt_passphrase" > "$TEMP_FILE"
         openssl enc -aes-256-ctr -pbkdf2 -salt -in "$working_directory" -out "$working_directory.encrypted" -pass file:"$TEMP_FILE"
         mv "$working_directory.encrypted" "$working_directory"