Restrict sanitization to only allow 0-9, a-z, _, -, .

Co-authored-by: TingluoHuang <1750815+TingluoHuang@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-06 17:37:28 +00:00
parent af6de2cb95
commit 2215c8e5aa
+3 -3
View File
@@ -821,9 +821,9 @@ export class HttpClient {
private _getUserAgentWithOrchestrationId(userAgent: string): string {
const orchId = process.env['ACTIONS_ORCHESTRATION_ID']
if (orchId) {
// Sanitize the orchestration ID to ensure it contains only valid token characters
// Valid characters: alphanumeric, !, #, $, %, &, ', *, +, -, ., ^, _, `, |, ~
const sanitizedId = orchId.replace(/[^a-zA-Z0-9!#$%&'*+.^_`|~-]/g, '_')
// Sanitize the orchestration ID to ensure it contains only valid characters
// Valid characters: 0-9, a-z, _, -, .
const sanitizedId = orchId.replace(/[^a-z0-9_.\-]/gi, '_')
return `${userAgent} actions_orchestration_id/${sanitizedId}`
}
return userAgent