Improve the way input is processed to avoid command injection

2022-05-18 12:47:49 +03:00
parent e28960dbbb
commit a5debe1b2e
2 changed files with 11 additions and 9 deletions
--- a/action.yml
+++ b/action.yml
@@ -10,8 +10,9 @@ inputs:
    default: false
 runs:
  using: composite
-  steps: 
-    - run: |
-        export INPUT_UNSET_PREVIOUS=${{ inputs.unset-previous }}
+  steps:
+    - shell: bash
+      env:
+        INPUT_UNSET_PREVIOUS: ${{ inputs.unset-previous }}
+      run: |
        ${{ github.action_path }}/entrypoint.sh
-      shell: bash
--- a/configure/action.yml
+++ b/configure/action.yml
@@ -8,9 +8,10 @@ inputs:
    description: Token to authenticate to your 1Password Connect instance
 runs:
  using: composite
-  steps: 
-    - run: |
-        export INPUT_CONNECT_HOST=${{ inputs.connect-host }}
-        export INPUT_CONNECT_TOKEN=${{ inputs.connect-token }}
+  steps:
+    - shell: bash
+      env:
+        INPUT_CONNECT_HOST: ${{ inputs.connect-host }}
+        INPUT_CONNECT_TOKEN: ${{ inputs.connect-token }}
+      run: |
        ${{ github.action_path }}/entrypoint.sh
-      shell: bash