diff --git a/packages/http-client/__tests__/basics.test.ts b/packages/http-client/__tests__/basics.test.ts index 5391fc73..31043069 100644 --- a/packages/http-client/__tests__/basics.test.ts +++ b/packages/http-client/__tests__/basics.test.ts @@ -387,7 +387,26 @@ describe('basics', () => { const body: string = await res.readBody() const obj = JSON.parse(body) expect(obj.headers['user-agent']).toBe( - `http-client-tests (gh_orch_id:${orchId})` + `http-client-tests github_orchestration_id/${orchId}` + ) + + delete process.env['ACTIONS_ORCHESTRATION_ID'] + }) + + it('sanitizes invalid characters in orchestration ID', async () => { + const orchId = 'test (with) special/chars' + process.env['ACTIONS_ORCHESTRATION_ID'] = orchId + + const http: httpm.HttpClient = new httpm.HttpClient('http-client-tests') + const res: httpm.HttpClientResponse = await http.get( + 'https://postman-echo.com/get' + ) + expect(res.message.statusCode).toBe(200) + const body: string = await res.readBody() + const obj = JSON.parse(body) + // Spaces, parentheses, and slashes should be replaced with underscores + expect(obj.headers['user-agent']).toBe( + 'http-client-tests github_orchestration_id/test__with__special_chars' ) delete process.env['ACTIONS_ORCHESTRATION_ID'] diff --git a/packages/http-client/src/index.ts b/packages/http-client/src/index.ts index f2005dcb..852377c5 100644 --- a/packages/http-client/src/index.ts +++ b/packages/http-client/src/index.ts @@ -820,7 +820,10 @@ export class HttpClient { private _getUserAgentWithOrchestrationId(userAgent: string): string { const orchId = process.env['ACTIONS_ORCHESTRATION_ID'] if (orchId) { - return `${userAgent} (gh_orch_id:${orchId})` + // Sanitize the orchestration ID to ensure it contains only valid token characters + // Valid characters: alphanumeric, !, #, $, %, &, ', *, +, -, ., ^, _, `, |, ~ + const sanitizedId = orchId.replace(/[^a-zA-Z0-9!#$%&'*+\-.^_`|~]/g, '_') + return `${userAgent} github_orchestration_id/${sanitizedId}` } return userAgent }