Skip to content

Repo includes Adobe Flash file which cause intelligent firewall to block zipball download by GitHub Actions #2877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tfabraham opened this issue May 1, 2025 · 2 comments
Open

Repo includes Adobe Flash file which cause intelligent firewall to block zipball download by GitHub Actions #2877

tfabraham opened this issue May 1, 2025 · 2 comments

Comments

@tfabraham
Copy link

tfabraham commented May 1, 2025
edited
Loading

This repo currently includes an .swf (Adobe Flash) file thanks to one of the NPM packages that is pulled into the node_modules tree: node-forge.

Located at: node_modules/node-forge/flash

At our company, our intelligent firewall scans inside the zip file during the zipball download of the repo by GitHub Actions, detects the .swf file and blocks the entire download. As a result, we're unable to do CodeQL scanning on an on-prem server.
@hvitved
Copy link

hvitved commented May 2, 2025

Hi

Can you elaborate which bundle you are using? I tried downloading https://github.com/github/codeql-cli-binaries/releases/download/v2.21.2/codeql.zip from https://github.com/github/codeql-cli-binaries/releases and the only node_modules folder I can find is

find . -name node_modules
./javascript/tools/typescript-parser-wrapper/node_modules

and that folder does not contain a node-forge folder.

@tfabraham tfabraham changed the title Bundle includes Adobe Flash file which cause intelligent firewall to block entire file download Repo includes Adobe Flash file which cause intelligent firewall to block file download by GitHub Actions May 2, 2025
@tfabraham
Copy link
Author

tfabraham commented May 2, 2025
edited
Loading

Hi, thanks for the quick response. I didn't look closely enough at the URL in question. GitHub Actions is actually downloading the repo (/zipball) contents, which does contain the .swf file.

  uses: github/codeql-action/init@v3
...
  uses: github/codeql-action/analyze@v3
...

Download action repository 'github/codeql-action@v3' (SHA:28deaeda66b76a05916b6923827895f2b14ab387)
Warning: Failed to download action 'https://api.github.com/repos/github/codeql-action/zipball/28deaeda66b76a05916b6923827895f2b14ab387'. Error: Error while copying content to a stream.

The error is from our firewall terminating the download when it detects the .swf file. Thank you!

@tfabraham tfabraham changed the title Repo includes Adobe Flash file which cause intelligent firewall to block file download by GitHub Actions Repo includes Adobe Flash file which cause intelligent firewall to block zipball download by GitHub Actions May 2, 2025
@hvitved hvitved closed this as completed May 2, 2025
@hvitved hvitved reopened this May 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hvitved @tfabraham
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy