Commit 704531e
Fix GitHub Actions security findings in e2e workflow
- S7630 (BLOCKER, script injection): bind inputs.test_names to a
TEST_NAMES env var and reference it as a quoted shell variable instead
of interpolating ${{ inputs.* }} directly into the run block.
- S7637 (MAJOR, unpinned action): pin gradle/actions/setup-gradle to the
v4.4.4 commit SHA.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NKxodNE4h3TsSHMqDEeC8v1 parent b58147b commit 704531e
1 file changed
Lines changed: 8 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
41 | | - | |
| 41 | + | |
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
| |||
66 | 66 | | |
67 | 67 | | |
68 | 68 | | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
69 | 72 | | |
70 | | - | |
71 | | - | |
72 | | - | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
73 | 77 | | |
74 | | - | |
75 | 78 | | |
76 | 79 | | |
77 | 80 | | |
| |||
0 commit comments