Skip to content

Commit

Permalink
Define environment variables in env: section
Browse files Browse the repository at this point in the history 
Fix potential command injection via PR title, see

https://securitylab.github.com/resources/github-actions-untrusted-input/
  • Loading branch information
@nsoranzo
nsoranzo committed Oct 14, 2024
1 parent fcb3bdf commit 70bea1b
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/pr-title-update.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ jobs:
- name: Update PR title
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
TARGET_BRANCH: "${{ github.base_ref }}"
PR_TITLE: "${{ github.event.pull_request.title }}"
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
TARGET_BRANCH="${{ github.base_ref }}"
PR_TITLE="${{ github.event.pull_request.title }}"
VERSION=$(echo $TARGET_BRANCH | grep -oP '\d+\.\d+')
if [[ -n "$VERSION" && ! "$PR_TITLE" =~ ^\[$VERSION\] ]]; then
NEW_TITLE="[$VERSION] $PR_TITLE"
Expand Down

0 comments on commit 70bea1b

Please sign in to comment.