search

SSLcom / esigner-codesign

GitHub Action for CodeSigner by SSL.com
9 stars 2 forks source link

malformed command #5

Closed zahmadsaleem closed 3 months ago

zahmadsaleem commented 1 year ago

Looks like the password key is getting masked before executable is run. -username=*** -*** -totp_secret=***

C:\Windows\system32\cmd.exe -/c D:\a\xxx\codesign\CodeSignTool-v1.2.7-windows\CodeSignTool.bat sign -username=*** -*** -totp_secret=*** -input_file_path=D:\a\path-to-my-dll -output_dir_path=D:\a\path-to-my-dll  -override=false -malware_block=false
Missing required option: '-input_file_path=<inputFilePath>'
Usage: CodeSignTool sign [-hV] [-malware_block] [-override]
                         [-credential_id=<credentialId>]
                         -input_file_path=<inputFilePath>
                         [-output_dir_path=<outputDirPath>]
                         -*** [-program_name=<programName>]
                         [-totp_secret=<totpSecret>] -username=<username>
Sign code
      -credential_id=<credentialId>
                             Credential ID
  -h, --help                 Show this help message and exit.
      -input_file_path=<inputFilePath>
                             Path of the code object to be signed
      -malware_block         Overrides the malware scan settings configured on
                               server
      -output_dir_path=<outputDirPath>
                             Directory where signed code object will be written
      -override              Overrides the input file after signing, if this
                               parameter is set and no -output_dir_path
                               parameter
      -***   RA password
      -program_name=<programName>
                             Program name
      -totp_secret=<totpSecret>
                             TOTP secret
      -username=<username>   RA username
  -V, --version              Print version information and exit.
'***' is not recognized as an internal or external command,
operable program or batch file.
Error: The process 'C:\Windows\system32\cmd.exe' failed with exit code 1
zahmadsaleem commented 1 year ago

I realized masking is definitely just happening in the logs. My password had a special character & that broke the command. I think we should command variables in here: https://github.com/SSLcom/esigner-codesign/blob/1d2cf185e0eab0f3a59d082b294200cb3cfcbde9/src/util.ts#L107-L141

I'll fix and create a pull request :)

Megamannen commented 3 months ago

Yeah, I got this problem also. Had to change password. Got the message mentioned in #18

Error: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

bayrakmustafa commented 3 months ago

@zahmadsaleem @Megamannen An update has been made regarding this issue. You can test it with v1.3.0 or develop version