Merge pull request sherlock-project#2939 from sherlock-project/fix-vuln

sdushantha · web-flow · commit 2df7c61be8b3 · 2026-05-02T09:46:59.000+02:00
Fix command injection vuln
diff --git a/.github/workflows/validate_modified_targets.yml b/.github/workflows/validate_modified_targets.yml
@@ -20,6 +20,7 @@ jobs:
           # Checkout the base branch but fetch all history to avoid a second fetch call
           ref: ${{ github.base_ref }}
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v6
@@ -90,11 +91,11 @@ jobs:
       # --- The rest of the steps below are unchanged ---
 
       - name: Validate modified targets
-        if: steps.discover-modified.outputs.changed_targets != ''
-        continue-on-error: true
+        env:
+          CHANGED_TARGETS: ${{ steps.discover-modified.outputs.changed_targets }}
         run: |
           poetry run pytest -q --tb no -rA -m validate_targets -n 20 \
-            --chunked-sites "${{ steps.discover-modified.outputs.changed_targets }}" \
+            --chunked-sites "$CHANGED_TARGETS" \
             --junitxml=validation_results.xml
 
       - name: Prepare validation summary
diff --git a/pyproject.toml b/pyproject.toml
@@ -8,7 +8,7 @@ source = "init"
 
 [tool.poetry]
 name = "sherlock-project"
-version = "0.16.0"
+version = "0.16.1"
 description = "Hunt down social media accounts by username across social networks"
 license = "MIT"
 authors = [
