Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[TEST] Update README.md #841

Conversation

d-cheholia
Copy link
Contributor

Description

Please include a summary of the change and an issue that is fixed. Please try to follow the
commit conventions we use in this project.
Please also include relevant motivation and context and list any dependencies
that are required for this change.

Resolves #(issue)

How Has This Been Tested?

If your pull request does not include new tests for this change, please describe:

  • How to reproduce unwanted behaviour without this fix
  • How to make sure your change fixes this unwanted behaviour
  • What environment have you been using for your tests

Checklist:

  • My code follows the PEP 8
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@dumitory-dev
Copy link
Contributor

test

i-keliukh pushed a commit that referenced this pull request Jul 5, 2024
Command injection is possible with untrusted env.UNIVERSUM_BRANCH input.
See #841 for an injection
example.

An attacker can steal repo secrets that are stored in the env URL
variable and maybe GITHUB_TOKEN.

This commit fixes this problem by following the official guide
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
@d-cheholia d-cheholia closed this Jul 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants