diff --git a/.github/workflows/Semgrep.yml b/.github/workflows/Semgrep.yml index 0347afd..6b1e0ac 100644 --- a/.github/workflows/Semgrep.yml +++ b/.github/workflows/Semgrep.yml @@ -27,7 +27,8 @@ jobs: container: # A Docker image with Semgrep installed. Do not change this. - image: returntocorp/semgrep + # Pinned by digest (LOC-6730 / INF-002) — tag-mutation is a supply-chain vector. + image: returntocorp/semgrep@sha256:9349edbadf90c3f3c0c3f55867625354e89680e6fa10d9034042af52fdb0e0d0 # Skip any PR created by dependabot to avoid permission issues: if: (github.actor != 'dependabot[bot]') diff --git a/src/main/java/com/browserstack/local/Local.java b/src/main/java/com/browserstack/local/Local.java index e02bae1..f8fbbde 100644 --- a/src/main/java/com/browserstack/local/Local.java +++ b/src/main/java/com/browserstack/local/Local.java @@ -159,7 +159,7 @@ private void makeCommand(Map options, String opCode) { if (IGNORE_KEYS.contains(parameter)) { continue; } - if (avoidValueParameters.get(parameter) != null && opt.getValue().trim().toLowerCase() != "false") { + if (avoidValueParameters.get(parameter) != null && !"false".equals(opt.getValue().trim().toLowerCase())) { command.add(avoidValueParameters.get(parameter)); } else { if (parameters.get(parameter) != null) { diff --git a/src/main/java/com/browserstack/local/LocalBinary.java b/src/main/java/com/browserstack/local/LocalBinary.java index b7abd79..0d387a0 100644 --- a/src/main/java/com/browserstack/local/LocalBinary.java +++ b/src/main/java/com/browserstack/local/LocalBinary.java @@ -214,7 +214,7 @@ private void fetchSourceUrl() throws LocalException { inputParams.put("auth_token", this.key); if (fallbackEnabled) { connection.setRequestProperty("X-Local-Fallback-Cloudflare", "true"); - inputParams.put("error_message", downloadFailureThrowable.getMessage()); + inputParams.put("error_message", downloadFailureThrowable.getClass().getName()); } String jsonInputParams = inputParams.toString();