1Password/load-secrets-action
1
0
Fork 0
mirror of https://github.com/1Password/load-secrets-action.git synced 2026-06-21 06:23:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix lintng error

Browse Source
This commit is contained in:
Jill Regan
2026-05-21 09:46:00 -04:00
parent d367634d5e
commit da7c7c6490
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/op-cli-installer/github-action/cli-installer/windows-signature.test.ts
+11 -11
View File
@@ -1,6 +1,6 @@
import { import {
verifyWindowsBinarySignature, verifyWindowsBinarySignature,
WINDOWS_ISSUER_CN, WINDOWS_ISSUER_CN_PREFIX,
WINDOWS_PUBLISHER_EKU, WINDOWS_PUBLISHER_EKU,
WINDOWS_SIGNER_SUBJECT_CN, WINDOWS_SIGNER_SUBJECT_CN,
} from "./windows-signature"; } from "./windows-signature";
@@ -11,7 +11,7 @@ describe("verifyWindowsBinarySignature", () => {
const buildAuthenticodeOutput = ({ const buildAuthenticodeOutput = ({
status = "Valid", status = "Valid",
subject = `CN=${WINDOWS_SIGNER_SUBJECT_CN}, O=Agilebits, L=Toronto, S=Ontario, C=CA`, subject = `CN=${WINDOWS_SIGNER_SUBJECT_CN}, O=Agilebits, L=Toronto, S=Ontario, C=CA`,
issuer = `CN=${WINDOWS_ISSUER_CN}, O=Microsoft Corporation, C=US`, issuer = `CN=${WINDOWS_ISSUER_CN_PREFIX} 03, O=Microsoft Corporation, C=US`,
ekus = [ ekus = [
"1.3.6.1.4.1.311.97.1.0", "1.3.6.1.4.1.311.97.1.0",
"1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.3",
@@ -46,9 +46,9 @@ describe("verifyWindowsBinarySignature", () => {
subject: "CN=Attacker, O=Attacker, C=US", subject: "CN=Attacker, O=Attacker, C=US",
}), }),
); );
await expect( await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
verifyWindowsBinarySignature(OP_EXE, runner), /does not contain CN=Agilebits/,
).rejects.toThrow(/does not contain CN=Agilebits/); );
}); });
it("throws if the Issuer is not the expected Microsoft CA", async () => { it("throws if the Issuer is not the expected Microsoft CA", async () => {
@@ -57,9 +57,9 @@ describe("verifyWindowsBinarySignature", () => {
issuer: "CN=Some Other CA, O=Someone, C=US", issuer: "CN=Some Other CA, O=Someone, C=US",
}), }),
); );
await expect( await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
verifyWindowsBinarySignature(OP_EXE, runner), /does not contain CN=Microsoft ID Verified/,
).rejects.toThrow(/does not contain CN=Microsoft ID Verified/); );
}); });
it("throws if the publisher EKU is missing", async () => { it("throws if the publisher EKU is missing", async () => {
@@ -68,8 +68,8 @@ describe("verifyWindowsBinarySignature", () => {
ekus: ["1.3.6.1.4.1.311.97.1.0", "1.3.6.1.5.5.7.3.3"], ekus: ["1.3.6.1.4.1.311.97.1.0", "1.3.6.1.5.5.7.3.3"],
}), }),
); );
await expect( await expect(verifyWindowsBinarySignature(OP_EXE, runner)).rejects.toThrow(
verifyWindowsBinarySignature(OP_EXE, runner), /expected publisher EKU.*not found/,
).rejects.toThrow(/expected publisher EKU.*not found/); );
}); });
}); });
src/op-cli-installer/github-action/cli-installer/windows-signature.ts
+3 -3
View File
@@ -6,7 +6,7 @@ const execFileAsync = promisify(execFile);
// Identifying fields of 1Password's Authenticode signing cert for op.exe. // Identifying fields of 1Password's Authenticode signing cert for op.exe.
// See https://www.1password.dev/cli/verify. // See https://www.1password.dev/cli/verify.
export const WINDOWS_SIGNER_SUBJECT_CN = "Agilebits"; export const WINDOWS_SIGNER_SUBJECT_CN = "Agilebits";
export const WINDOWS_ISSUER_CN = "Microsoft ID Verified CS AOC CA 02"; export const WINDOWS_ISSUER_CN_PREFIX = "Microsoft ID Verified CS AOC CA";
export const WINDOWS_PUBLISHER_EKU = export const WINDOWS_PUBLISHER_EKU =
"1.3.6.1.4.1.311.97.661420558.769123285.207353056.500447802"; "1.3.6.1.4.1.311.97.661420558.769123285.207353056.500447802";
@@ -65,9 +65,9 @@ export const verifyWindowsBinarySignature = async (
// Confirm the cert was issued by Microsoft's expected code signing CA. // Confirm the cert was issued by Microsoft's expected code signing CA.
const issuer = fieldValue("Issuer=") ?? ""; const issuer = fieldValue("Issuer=") ?? "";
if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN},`)) { if (!issuer.includes(`CN=${WINDOWS_ISSUER_CN_PREFIX}`)) {
throw new Error( throw new Error(
`1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN}.`, `1Password CLI signature verification failed: issuer (${issuer}) does not contain CN=${WINDOWS_ISSUER_CN_PREFIX}.`,
); );
} }