From 29694d72cd5e7ef3b09496b39f28a942af47737e Mon Sep 17 00:00:00 2001
From: Priya Gupta <147705955+priyagupta108@users.noreply.github.com>
Date: Tue, 6 May 2025 08:30:04 +0530
Subject: [PATCH] Add manifest validation and improve error handling (#586)

---
 dist/setup/index.js | 25 ++++++++++++++++++++++++-
 src/installer.ts    | 37 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/dist/setup/index.js b/dist/setup/index.js
index 5159a44..ffccd09 100644
--- a/dist/setup/index.js
+++ b/dist/setup/index.js
@@ -93475,10 +93475,33 @@ function extractGoArchive(archivePath) {
     });
 }
 exports.extractGoArchive = extractGoArchive;
+function isIToolRelease(obj) {
+    return (typeof obj === 'object' &&
+        obj !== null &&
+        typeof obj.version === 'string' &&
+        typeof obj.stable === 'boolean' &&
+        Array.isArray(obj.files) &&
+        obj.files.every((file) => typeof file.filename === 'string' &&
+            typeof file.platform === 'string' &&
+            typeof file.arch === 'string' &&
+            typeof file.download_url === 'string'));
+}
 function getManifest(auth) {
     return __awaiter(this, void 0, void 0, function* () {
         try {
-            return yield getManifestFromRepo(auth);
+            const manifest = yield getManifestFromRepo(auth);
+            if (Array.isArray(manifest) &&
+                manifest.length &&
+                manifest.every(isIToolRelease)) {
+                return manifest;
+            }
+            let errorMessage = 'An unexpected error occurred while fetching the manifest.';
+            if (typeof manifest === 'object' &&
+                manifest !== null &&
+                'message' in manifest) {
+                errorMessage = manifest.message;
+            }
+            throw new Error(errorMessage);
         }
         catch (err) {
             core.debug('Fetching the manifest via the API failed.');
diff --git a/src/installer.ts b/src/installer.ts
index fa1c853..1b5f20f 100644
--- a/src/installer.ts
+++ b/src/installer.ts
@@ -275,11 +275,46 @@ export async function extractGoArchive(archivePath: string): Promise<string> {
   return extPath;
 }
 
+function isIToolRelease(obj: any): obj is tc.IToolRelease {
+  return (
+    typeof obj === 'object' &&
+    obj !== null &&
+    typeof obj.version === 'string' &&
+    typeof obj.stable === 'boolean' &&
+    Array.isArray(obj.files) &&
+    obj.files.every(
+      (file: any) =>
+        typeof file.filename === 'string' &&
+        typeof file.platform === 'string' &&
+        typeof file.arch === 'string' &&
+        typeof file.download_url === 'string'
+    )
+  );
+}
+
 export async function getManifest(
   auth: string | undefined
 ): Promise<tc.IToolRelease[]> {
   try {
-    return await getManifestFromRepo(auth);
+    const manifest = await getManifestFromRepo(auth);
+    if (
+      Array.isArray(manifest) &&
+      manifest.length &&
+      manifest.every(isIToolRelease)
+    ) {
+      return manifest;
+    }
+
+    let errorMessage =
+      'An unexpected error occurred while fetching the manifest.';
+    if (
+      typeof manifest === 'object' &&
+      manifest !== null &&
+      'message' in manifest
+    ) {
+      errorMessage = (manifest as {message: string}).message;
+    }
+    throw new Error(errorMessage);
   } catch (err) {
     core.debug('Fetching the manifest via the API failed.');
     if (err instanceof Error) {