wesley/load-secrets-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent command injection vulnerability

Browse Source
This commit is contained in:
volodymyrZotov
2022-08-15 13:32:42 +03:00
parent e1b37a5b1e
commit 5c5bbcbaf0
2 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dist/index.js vendored
View File

@@ -1935,13 +1935,10 @@ function run() {
try {
const parentDir = path__WEBPACK_IMPORTED_MODULE_2___default().resolve(__dirname, '..');
// Get action inputs
const unsetPrevious = _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('unset-previous');
const exportEnv = _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('export-env');
process.env.INPUT_UNSET_PREVIOUS = _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('unset-previous');
process.env.INPUT_EXPORT_ENV = _actions_core__WEBPACK_IMPORTED_MODULE_0__.getInput('export-env');
// Execute bash script
yield _actions_exec__WEBPACK_IMPORTED_MODULE_1__.exec(`sh -c "` +
`INPUT_UNSET_PREVIOUS=` + unsetPrevious + ` ` +
`INPUT_EXPORT_ENV=` + exportEnv + ` ` +
parentDir + `/entrypoint.sh"`);
yield _actions_exec__WEBPACK_IMPORTED_MODULE_1__.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
}
catch (error) {
_actions_core__WEBPACK_IMPORTED_MODULE_0__.setFailed(error.message);

9
src/index.ts
View File

@@ -7,14 +7,11 @@ async function run(): Promise<void> {
const parentDir = path.resolve(__dirname, '..');
// Get action inputs
const unsetPrevious = core.getInput('unset-previous');
const exportEnv = core.getInput('export-env');
process.env.INPUT_UNSET_PREVIOUS = core.getInput('unset-previous');
process.env.INPUT_EXPORT_ENV = core.getInput('export-env');
// Execute bash script
await exec.exec(`sh -c "` +
`INPUT_UNSET_PREVIOUS=` + unsetPrevious + ` ` +
`INPUT_EXPORT_ENV=` + exportEnv + ` ` +
parentDir + `/entrypoint.sh"`);
await exec.exec(`sh -c "` + parentDir + `/entrypoint.sh"`);
} catch (error: any) {
core.setFailed(error.message);