This repository has been archived by the owner on Jun 15, 2022. It is now read-only.

Pass string input variables and pull request title though env variables #23

Closed

2 tasks

maxime-rainville opened this issue May 16, 2022 · 1 comment

Contributor

maxime-rainville commented May 16, 2022 •

edited

Loading

Use https://docs.github.com/en/actions/learn-github-actions/environment-variables for input strings so that bash variables $myvar can be used instead of string substitution ${{ input.myvar }} which is vulnerable in the similar way to sql injection

Acceptance critreria

Validate that it's done systematically
Validate that there's a process and/or doc to make sure it stays that way.

Notes

@emteknetnz has already done the grunt work.

Contributor Author

maxime-rainville commented May 31, 2022

Added relevant AC to #36

maxime-rainville closed this as completed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.