Skip to content

Commit

Permalink
ci: mitigate script injection attack in test_weaver-pre-release.yaml
Browse files Browse the repository at this point in the history
Fixes the script injection attack mentioned here: https://hackerone.com/reports/2471956

Signed-off-by: Sandeep Nishad <[email protected]>
  • Loading branch information
sandeepnRES committed Apr 26, 2024
1 parent 514dc68 commit 6be6447
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions .github/workflows/test_weaver-pre-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,11 @@ jobs:

- name: Ignore if not a release PR
id: early
env:
TITLE: ${{ github.event.pull_request.title }}
run : |
status="skip"
if echo "${{ github.event.pull_request.title }}" | grep -q "chore(release)"; then
if echo ${TITLE} | grep -q "chore(release)"; then
status="continue"
fi
echo "status=$status" >> $GITHUB_OUTPUT
Expand All @@ -39,10 +41,12 @@ jobs:
- uses: actions/[email protected]

- name: Get release verison from PR title
env:
TITLE: ${{ github.event.pull_request.title }}
run: |
# Assuming release PR follows pattern: chore(release): publish vA.B.C
# Split PR title by space, and take 3rd word
VERSION=$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3)
# Strip "v" from version
VERSION=$(echo $VERSION | sed -e 's/^v//')
echo "VERSION=$VERSION" >> $GITHUB_ENV
Expand Down Expand Up @@ -146,10 +150,12 @@ jobs:
- uses: actions/[email protected]

- name: Get release verison from PR title
env:
TITLE: ${{ github.event.pull_request.title }}
run: |
# Assuming release PR follows pattern: chore(release): publish vA.B.C
# Split PR title by space, and take 3rd word
VERSION=$(echo "${{ github.event.pull_request.title }}" | cut -d ' ' -f 3)
VERSION=$(echo "${TITLE}" | cut -d ' ' -f 3)
# Strip "v" from version
VERSION=$(echo $VERSION | sed -e 's/^v//')
echo "VERSION=$VERSION" >> $GITHUB_ENV
Expand Down

0 comments on commit 6be6447

Please sign in to comment.