Skip to content

Commit 75ab9b5

Browse files
thpiercethpierce
authored
fix: prevent script injection in workflows (v0.11.x) (#640)
Fixes script injection vulnerability by moving github.event references to top-level env vars. Changes: - Replace `github.event.inputs.version` with `env.VERSION` in run steps - Reuses existing top-level VERSION env variable Related to V1564738566 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
1 parent 36da327 commit 75ab9b5

2 files changed

Lines changed: 6 additions & 6 deletions

File tree

.github/workflows/post-release-version-bump.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,8 @@ jobs:
2828

2929
- name: Extract Major.Minor Version and setup Env variable
3030
run: |
31-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
32-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
31+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
32+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
3333
3434
- name: Get current major.minor version from main branch
3535
id: get_version
@@ -86,8 +86,8 @@ jobs:
8686
8787
- name: Extract Major.Minor Version and setup Env variable
8888
run: |
89-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
90-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
89+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
90+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
9191
9292
- name: Determine release branch and checkout
9393
run: |

.github/workflows/pre-release-prepare.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,8 @@ jobs:
5353
5454
- name: Extract Major.Minor Version and setup Env variable
5555
run: |
56-
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
57-
echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
56+
echo "VERSION=${{ env.VERSION }}" >> $GITHUB_ENV
57+
echo "MAJOR_MINOR=$(echo ${{ env.VERSION }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
5858
5959
- name: Create branches
6060
run: |

0 commit comments

Comments
 (0)