Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚚 Prevent shell injection using branch names #5327

Merged
merged 3 commits into from
Mar 28, 2024
Merged

🚚 Prevent shell injection using branch names #5327

merged 3 commits into from
Mar 28, 2024

Conversation

rix0rrr
Copy link
Collaborator

@rix0rrr rix0rrr commented Mar 27, 2024

By using the user-supplied branch name in a shell script, commands could be injected if the branch name contains a ".

@rix0rrr
🚚 Prevent shell injection using branch names
639a49f 
By using the user-supplied branch name in a shell script, commands could
be injected if the branch name contains a `"`.

Pass the variable via an environment variable to avoid that.
@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 28, 2024

Thank you for contributing! Your pull request is now going on the merge train (choo choo! Do not click update from main anymore, and be sure to allow changes to be pushed to your fork).

@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 28, 2024

Thank you for contributing! Your pull request is now going on the merge train (choo choo! Do not click update from main anymore, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 20c5002 into main Mar 28, 2024
12 checks passed
@mergify mergify bot deleted the prevent-injection branch March 28, 2024 16:29
@mergify Mergify
Copy link
Contributor

mergify bot commented Mar 28, 2024

Thank you for contributing! Your pull request is now going on the merge train (choo choo! Do not click update from main anymore, and be sure to allow changes to be pushed to your fork).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Felienne Felienne Felienne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Hedy organization board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rix0rrr @Felienne