Improve the way input is processed to avoid command injection

2022-05-18 12:47:49 +03:00
parent e28960dbbb
commit a5debe1b2e
2 changed files with 11 additions and 9 deletions
--- a/action.yml
+++ b/action.yml
@@ -11,7 +11,8 @@ inputs:
 runs:
  using: composite
  steps:
-    - run: |
-        export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }}
+    - shell: bash
+      env:
+        INPUT_UNSET_PREVIOUS: ${{ inputs.unset-previous }}
+      run: |
        ${{ github.action_path }}/entrypoint.sh
-      shell: bash
--- a/configure/action.yml
+++ b/configure/action.yml
@@ -9,8 +9,9 @@ inputs:
 runs:
  using: composite
  steps:
-    - run: |
-        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
-        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+    - shell: bash
+      env:
+        INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
+        INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
+      run: |
        ${{ github.action_path }}/entrypoint.sh
-      shell: bash