Issue fix for DOSTM-7327 - Forced use of specific old version of Windows SDK breaks security compliance / functionality for newer SDK based builds #24 - Code Changes for the fix#34
Merged
vishalshanbhag-digicert merged 8 commits intomasterfrom May 28, 2025
Conversation
…age ssm-client-tools-installer for the fix DOSTM-7214 package-lock.json
…age ssm-client-tools-installer for the fix DOSTM-7214
…s of the dependency
… string escaping or encoding
…ecurity compliance / functionality for newer SDK based builds #24 - Code Changes for the fix
vishalshanbhag-digicert
changed the title
vishalshanbhag-digicert
requested review from
Siddharth-Srinivas,
anshuman-mor and
partharoy-digicert
| break; | ||
|
|
||
| case con.SIGN_TOOL_SIGNTOOL: | ||
| var sign = ""; |
Collaborator
There was a problem hiding this comment.
please use let
| var sign = ""; | ||
| if (fs.existsSync(con.WIN_KIT_BASE_PATH)) { | ||
| console.log(`The WinKit directory exists!`); | ||
| let versions = utils.getAllSdkVersions(con.WIN_KIT_BASE_PATH, new Array()); |
Collaborator
There was a problem hiding this comment.
you can also just write [] instead of new Array()
| core.debug("Downloading Nuget tool"); | ||
| const nugetPath = await tc.downloadTool(con.NUGET_PATH); | ||
| // Rename the file which is a GUID without extension | ||
| var folder = path.dirname(nugetPath); |
Collaborator
There was a problem hiding this comment.
please use let
| const nugetPath = await tc.downloadTool(con.NUGET_PATH); | ||
| // Rename the file which is a GUID without extension | ||
| var folder = path.dirname(nugetPath); | ||
| var fullPath = path.join(folder, "nuget.exe"); |
Collaborator
There was a problem hiding this comment.
can this file names be kept in some config ?
| } | ||
| // Extract tar | ||
| const extractPath = | ||
| osPlat == con.OS_PLATFORM_WIN |
Collaborator
There was a problem hiding this comment.
this is being used at multiple places, maybe you can just define a boolean constant and use that everywhere instead of using this condition to check everywhere.
osPlat == con.OS_PLATFORM_WIN
| break; | ||
|
|
||
| case con.SIGN_TOOL_APKSIGNER: | ||
| const buildToolsVersion = process.env.BUILD_TOOLS_VERSION || "30.0.2"; |
Collaborator
There was a problem hiding this comment.
this fallback version "30.0.2" can stay as a config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forced use of specific old version of Windows SDK breaks security compliance / functionality for newer SDK based builds #24 - Code Changes for the fix