Skip to content

fix: Refactor artifact path and version handling in RL Scanner action#1287

Merged
ankita10119 merged 2 commits into
masterfrom
SEC-8166
Jun 17, 2026
Merged

fix: Refactor artifact path and version handling in RL Scanner action#1287
ankita10119 merged 2 commits into
masterfrom
SEC-8166

Conversation

@amitsingh05667

@amitsingh05667 amitsingh05667 commented Jan 6, 2026

Copy link
Copy Markdown
Member

Fix Script Injection Vulnerability in RL Scanner

Summary

This PR fixes a potential script injection vulnerability by avoiding direct shell interpolation of user inputs. Instead, user-provided values are safely passed through environment variables.

Changes

  • Added ARTIFACT_PATH and VERSION to the env: block
  • Updated the shell script to use $ARTIFACT_PATH and $VERSION instead of ${{ inputs.* }}

@amitsingh05667 amitsingh05667 requested a review from a team as a code owner January 6, 2026 07:48
@codecov

codecov Bot commented Jan 6, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.62%. Comparing base (1dcfc2d) to head (31d0bac).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1287   +/-   ##
=======================================
  Coverage   89.62%   89.62%           
=======================================
  Files         426      426           
  Lines       19804    19804           
  Branches     9716     9716           
=======================================
  Hits        17749    17749           
  Misses       2055     2055
Flag Coverage Δ
alltests 89.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ankita10119 ankita10119 merged commit 824070e into master Jun 17, 2026
10 checks passed
@ankita10119 ankita10119 deleted the SEC-8166 branch June 17, 2026 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ankita10119 ankita10119 ankita10119 approved these changes

@harshithRai harshithRai harshithRai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amitsingh05667 @ankita10119 @harshithRai