Commit 49124d0
authored
Prevent script injection in coverageReport workflow (#1295)
Move attacker-controlled PR body and derived step outputs from inline
${{ }} expressions to env variables, preventing shell command injection
via malicious PR descriptions (e.g. PR #1290).
Co-authored-by: Isaac
## Description
<!-- Provide a brief summary of the changes made and the issue they aim
to address.-->
## Testing
<!-- Describe how the changes have been tested-->
## Additional Notes to the Reviewer
<!-- Share any additional context or insights that may help the reviewer
understand the changes better. This could include challenges faced,
limitations, or compromises made during the development process.
Also, mention any areas of the code that you would like the reviewer to
focus on specifically. -->
NO_CHANGELOG=true (not a user facing change)1 parent 806ee61 commit 49124d0
1 file changed
Lines changed: 8 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| 41 | + | |
| 42 | + | |
41 | 43 | | |
42 | | - | |
| 44 | + | |
43 | 45 | | |
44 | 46 | | |
45 | 47 | | |
| |||
84 | 86 | | |
85 | 87 | | |
86 | 88 | | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
87 | 92 | | |
88 | | - | |
89 | | - | |
| 93 | + | |
| 94 | + | |
90 | 95 | | |
91 | 96 | | |
92 | 97 | | |
| |||
0 commit comments