Skip to content

File upload vulnerability fixes #2385

File upload vulnerability fixes

File upload vulnerability fixes #2385

name: Continuous Integration
on: [push]
env:
BuildParameters.RestoreBuildProjects: '**/*.csproj'
BuildParameters.TestProjects: '**/*[Tt]ests/*.csproj'
jobs:
build:
name: Build and test
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Setup .NET Core SDK 8.0
uses: actions/setup-dotnet@v3
with:
dotnet-version: 8.0.x
- name: Add Azure artifact
run: dotnet nuget add source 'https://pkgs.dev.azure.com/e-LfH/_packaging/LearningHubFeed/nuget/v3/index.json' --name 'LearningHubFeed' --username 'kevin.whittaker' --password ${{ secrets.AZURE_DEVOPS_PAT }} --store-password-in-clear-text
- name: Use Node 20 with Yarn
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- name: Upgrade npm to the latest version
run: npm install -g [email protected]
- name: Typescript install WebUI
run: yarn install --network-timeout 600000 --frozen-lockfile
working-directory: ./LearningHub.Nhs.WebUI
- name: Typescript build WebUI
run: yarn build:webpack
working-directory: ./LearningHub.Nhs.WebUI
- name: Typescript install AdminUI
run: yarn install
working-directory: ./AdminUI/LearningHub.Nhs.AdminUI
- name: Typescript build AdminUI
run: yarn build:webpack
working-directory: ./AdminUI/LearningHub.Nhs.AdminUI
- name: Setup MSBuild
uses: microsoft/[email protected]
- name: Build SQL Server Database Project
run: |
# Enable strict error handling
$ErrorActionPreference = 'Stop'
# Initialize an error collection
$errors = @()
# List all .sqlproj files
$sqlproj_files = Get-ChildItem -Path . -Filter *.sqlproj -Recurse
if ($sqlproj_files.Count -eq 0) {
$errors += "No .sqlproj files found."
} else {
foreach ($sqlproj_file in $sqlproj_files) {
Write-Host "Building $($sqlproj_file.FullName)"
try {
$output = &msbuild "$($sqlproj_file.FullName)" /p:Configuration=Release /nologo 2>&1
if (!$?) {
$errors += "Failed to build $($csproj_file.FullName): $output"
}
} catch {
# Capture detailed error information
$errorMessage = "Error building $($sqlproj_file.FullName): $($_.Exception.Message)"
Write-Host $errorMessage
$errors += $errorMessage
}
}
}
# Display all accumulated errors
if ($errors.Count -gt 0) {
Write-Host "SQL Project Build Errors:"
$errors | ForEach-Object { Write-Host $_ }
exit 1
}
- name: Build Solution Excluding SQL Project
run: |
# Enable strict error handling
$ErrorActionPreference = 'Stop'
# Initialize an error collection
$errors = @()
# List all .csproj files except .sqlproj
$csproj_files = Get-ChildItem -Path . -Filter *.csproj -Recurse | Where-Object { $_.FullName -notmatch '\\.sqlproj$' }
if ($csproj_files.Count -eq 0) {
$errors += "No .csproj files found."
} else {
foreach ($csproj_file in $csproj_files) {
Write-Host "Building $($csproj_file.FullName)"
try {
$output = &dotnet build "$($csproj_file.FullName)" --configuration Release 2>&1
if (!$?) {
$errors += "Failed to build $($csproj_file.FullName): $output"
}
} catch {
# Capture detailed error information
$errorMessage = "Error building $($csproj_file.FullName): $($_.Exception.Message)"
Write-Host $errorMessage
$errors += $errorMessage
}
}
}
# Display all accumulated errors
if ($errors.Count -gt 0) {
Write-Host "Solution Build Errors:"
$errors | ForEach-Object { Write-Host $_ }
exit 1
}
# - name: Test
# run: dotnet test ${{ env.BuildParameters.TestProjects }}