Skip to content

Commit 544116e

Browse files
thpiercethpierce
authored
fix: prevent script injection in workflows (v0.1.x) (#636)
Fixes script injection vulnerability by moving github.event references to top-level env vars. Changes: - Replace `github.event.inputs.version` with `env.VERSION` in run steps - Reuses existing top-level VERSION env variable Related to V1564738566 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
1 parent a574b6f commit 544116e

2 files changed

Lines changed: 6 additions & 6 deletions

File tree

.github/workflows/post_release_version_bump.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,8 @@ jobs:
2626

2727
- name: Extract Major.Minor Version and setup Env variable
2828
run: |
29-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
30-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
29+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
30+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
3131
3232
- name: Get current major.minor version from main branch
3333
id: get_version
@@ -69,8 +69,8 @@ jobs:
6969
7070
- name: Extract Major.Minor Version and setup Env variable
7171
run: |
72-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
73-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
72+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
73+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
7474
7575
- name: Determine release branch and checkout
7676
run: |

.github/workflows/pre_release_prepare.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,8 @@ jobs:
3535
3636
- name: Extract Major.Minor Version and setup Env variable
3737
run: |
38-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
39-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
38+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
39+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
4040
4141
- name: Create branches
4242
run: |

0 commit comments

Comments
 (0)