From 630b7bbd945a563997c6a951124250f89c141c21 Mon Sep 17 00:00:00 2001 From: Ethan Dennis Date: Tue, 13 Dec 2022 10:10:15 -0800 Subject: [PATCH] Mitigate command injection bounty --- .github/workflows/issue_ops.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/issue_ops.yml b/.github/workflows/issue_ops.yml index 203ccef..89a0f9e 100644 --- a/.github/workflows/issue_ops.yml +++ b/.github/workflows/issue_ops.yml @@ -58,9 +58,12 @@ jobs: run: bundle install --without development - name: Prepare arguments id: prepare + env: + ISSUE_BODY: ${{ github.event.issue.body }} + COMMENT_BODY: ${{ github.event.comment.body }} + LABELS: ${{ toJSON(github.event.issue.labels.*.name) }} run: | - echo "${{ toJSON(github.event.issue.labels.*.name) }}" - ./bin/parse_issue "${{ github.event.issue.body }}" "${{ github.event.comment.body }}" "${{ toJSON(github.event.issue.labels.*.name) }}" + ./bin/parse_issue "${{ env.ISSUE_BODY }}" "${{ env.COMMENT_BODY }}" "${{ env.LABELS }}" - name: Validate arguments run: | if [ -z "${{ steps.prepare.outputs.provider }}" ]; then