Merge pull request #2044 from Devils-Knight/updateSecure

Update SecureWorkflow function to Handle Empty File input
step-security · Mar 29, 2023 · 03f4760 · 03f4760
2 parents 4af0234 + ff05a33
commit 03f4760
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 0 deletions.
diff --git a/remediation/workflow/permissions/permissions.go b/remediation/workflow/permissions/permissions.go
@@ -101,6 +101,9 @@ func AddWorkflowLevelPermissions(inputYaml string, addProjectComment bool) (stri
 	line := 0
 	column := 0
 	topNode := t.Content
+	if len(topNode) == 0 {
+		return inputYaml, fmt.Errorf("Workflow file provided is Empty")
+	}
 	for _, n := range topNode[0].Content {
 		if n.Value == "jobs" && n.Tag == "!!str" {
 			line = n.Line

diff --git a/remediation/workflow/secureworkflow_test.go b/remediation/workflow/secureworkflow_test.go
@@ -120,6 +120,7 @@ func TestSecureWorkflow(t *testing.T) {
 		{fileName: "nopin.yml", wantPinnedActions: false, wantAddedHardenRunner: true, wantAddedPermissions: true},
 		{fileName: "allperms.yml", wantPinnedActions: false, wantAddedHardenRunner: false, wantAddedPermissions: true},
 		{fileName: "multiplejobperms.yml", wantPinnedActions: false, wantAddedHardenRunner: false, wantAddedPermissions: true},
+		{fileName: "error.yml", wantPinnedActions: false, wantAddedHardenRunner: false, wantAddedPermissions: false},
 	}
 	for _, test := range tests {
 		input, err := ioutil.ReadFile(path.Join(inputDirectory, test.fileName))

diff --git a/testfiles/secureworkflow/input/error.yml b/testfiles/secureworkflow/input/error.yml
diff --git a/testfiles/secureworkflow/output/error.yml b/testfiles/secureworkflow/output/error.yml