Commit 1ccaf4b
![fix-it-felix-sentry[bot]](https://avatars.githubusercontent.com/in/2839226?v=4&size=40){kind=avatar}
fix: Prevent script injection in platform-check action
Fixes ENG-7182 (parent: VULN-1389)
Move input parameters from direct script interpolation to environment
variables to prevent potential code injection attacks. This follows
GitHub Actions security best practices by treating user input as
untrusted and isolating it through environment variables.
Changes:
- Add env block with PLATFORM, SAMPLE_CHANGED, NEEDS_IOS, NEEDS_ANDROID, NEEDS_WEB
- Remove ${{ inputs.* }} interpolations from script body
- Update case statement to use environment variables
References:
- https://linear.app/getsentry/issue/VULN-1389
- https://linear.app/getsentry/issue/ENG-7182
- https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#understanding-the-risk-of-script-injections
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>1 parent 0a60617 commit 1ccaf4b
1 file changed
Lines changed: 9 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
35 | 41 | | |
36 | | - | |
37 | | - | |
38 | | - | |
39 | 42 | | |
40 | 43 | | |
41 | 44 | | |
| |||
44 | 47 | | |
45 | 48 | | |
46 | 49 | | |
47 | | - | |
48 | | - | |
49 | | - | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
50 | 53 | | |
51 | 54 | | |
52 | 55 | | |
| |||
0 commit comments