particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/.github
History
Ondřej Budai 3561202acc github: prevent script injections via PR branch names 
Prior this commit, ${{ github.event.workflow_run.head_branch }} got
expanded in the bash script. A malicious actor could inject
an arbitrary shell script. Since this action has access to a token
with write rights the malicious actor can easily steal this token.

This commit moves the expansion into an env block where such an
injection cannot happen. This is the preferred way according to the
github docs:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
2024-12-05 18:13:17 +01:00
..
ISSUE_TEMPLATE github: create issue template 2021-05-24 12:04:36 +03:00
workflows github: prevent script injections via PR branch names 2024-12-05 18:13:17 +01:00
dependabot.yml dependabot: group go package updates 2023-08-24 21:40:26 +02:00
PULL_REQUEST_TEMPLATE.md README: Fix reference to developer guide 2024-02-29 10:56:03 +01:00