Skip to content

Commit

Permalink
Fix snyk security issue reported in the cleanup pages file used for r…
Browse files Browse the repository at this point in the history 
…emoving old playwright tests (#718)
  • Loading branch information
@dwhitestratiform
dwhitestratiform authored Aug 5, 2024
1 parent b93d395 commit 86b758c
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 18 deletions.
13 changes: 8 additions & 5 deletions .github/workflows/delete-pages.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
name: Delete old folders from GitHub Pages

on:
push:
branches:
- "gh-pages"
schedule:
- cron: '0 0 * * *' # This will run the workflow daily at midnight UTC

Expand All @@ -21,27 +24,27 @@ jobs:
with:
python-version: 3.9

- name: Get current directory
run: echo "CURRENT_DIR=$(pwd)" >> $GITHUB_ENV

- name: Run the script
run: python rm_old_folders.py --n-days 30 --folder-name '.'
run: python rm_old_folders.py --n-days 30 --folder-name "${{ env.CURRENT_DIR }}"

- name: Commit all changed files back to the repository
uses: stefanzweifel/git-auto-commit-action@v5
with:
branch: gh-pages
commit_message: Delete folders older than 30 days

#Notify the integrations channel only when a Snyk auto merge fails pr checks
notify_on_delete_pages_failure:
runs-on: ubuntu-latest
needs:
- delete_old_folders
#only check branch names that begin with snyk-
if: failure()
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
SLACK_TITLE: ":boom: The nightly delete of expired Playwright reports job has failed in ${{ github.repository }}."
MSG_MINIMAL: true
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}"
39 changes: 26 additions & 13 deletions rm_old_folders.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def find_old_folders(n_days, directory):
else:
print(
f"SKIPPED --- Folder '{entry.name}' is not older than "
f"{n_days}. It will not be deleted"
f"{n_days}. It will not be deleted."
)
except ValueError:
print(
Expand All @@ -44,26 +44,35 @@ def find_old_folders(n_days, directory):

return old_folders

def delete_folders(directory, folder_names):
def delete_folders(base_directory, folder_names):
"""
Delete specified folders and their contents in the given directory.
Args:
directory (str): The directory containing the folders to delete.
base_directory (str): The base directory containing the folders to delete.
folder_names (list): List of folder names to delete.
"""
for folder_name in folder_names:
folder_path = os.path.join(directory, folder_name)
try:
shutil.rmtree(folder_path)
folder_path = os.path.join(base_directory, folder_name)
# Ensure the folder_path is within the base_directory
if os.path.commonpath([base_directory]) == os.path.commonpath(
[base_directory, folder_path]
):
try:
shutil.rmtree(folder_path)
print(
f"DELETED --- Folder '{folder_name}' and its contents have been "
f"deleted."
)
except FileNotFoundError:
print(f"Folder '{folder_name}' not found.")
except Exception as e:
print(f"Error deleting folder '{folder_name}': {e}")
else:
print(
f"DELETED --- Folder '{folder_name}' and its contents have been "
f"deleted."
f"SKIPPED --- Attempted to delete folder outside the base directory: "
f"'{folder_path}'"
)
except FileNotFoundError:
print(f"Folder '{folder_name}' not found.")
except Exception as e:
print(f"Error deleting folder '{folder_name}': {e}")

if __name__ == "__main__":
parser = argparse.ArgumentParser(
Expand All @@ -84,5 +93,9 @@ def delete_folders(directory, folder_names):
)
args = parser.parse_args()

# Ensure the provided folder name is an absolute path
if not os.path.isabs(args.folder_name):
raise ValueError("The folder name must be an absolute path.")

old_folders = find_old_folders(args.n_days, args.folder_name)
delete_folders(args.folder_name, old_folders)
delete_folders(args.folder_name, old_folders)

0 comments on commit 86b758c

Please sign in to comment.