docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon github

Avoid shell injection in examples

Open soliton- opened this issue 2 years ago â€ĸ 5 comments

Why:

Avoid shell injection in examples to follow suggestions from https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections.

What's being changed (if available, include any code snippets, screenshots, or gifs):

Changed examples that used shell injection. Removed a paragraph that explained the injection poorly. Clarified multi-line string syntax warning and revert to simple delimiter use in the example.

Check off the following:

  • [x] I have reviewed my changes in staging, available via the View deployment link in this PR's timeline.

    • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

  • [x] For content changes, I have completed the self-review checklist.

soliton- avatar Jun 21 '23 13:06 soliton-

Automatically generated comment ℹī¸

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/using-workflows/workflow-commands-for-github-actions.md fpt
ghec
ghes@ 3.10 3.9 3.8 3.7 3.6
ghae
 fpt
ghec
ghes@ 3.10 3.9 3.8 3.7 3.6
ghae

fpt: Free, Pro, Team ghec: GitHub Enterprise Cloud ghes: GitHub Enterprise Server ghae: GitHub AE

github-actions[bot] avatar Jun 21 '23 13:06 github-actions[bot]

@soliton- Good to see another PR from you! 👍

Thanks for the submission. I'll get it triaged for review. ⚡

cmwilson21 avatar Jun 21 '23 14:06 cmwilson21

@soliton- Quick question as I'm triaging it, you mentioned removing a paragraph - do the updates you've made render that paragraph unnecessary? Or do you have a suggestion for improving the paragraph instead of removing it altogether?

cmwilson21 avatar Jun 21 '23 14:06 cmwilson21

@cmwilson21 Yes, the paragraph was about the shell injection that gets removed in this PR.

soliton- avatar Jun 21 '23 14:06 soliton-

@soliton- I follow now, thank you for confirming!

cmwilson21 avatar Jun 22 '23 16:06 cmwilson21

Is there any update on this? Anything I can do?

soliton- avatar Jul 19 '23 09:07 soliton-

@soliton- Thanks for checking in! It is up on the board for review. We appreciate your patience as we are working through our backlog 💛

cmwilson21 avatar Jul 19 '23 20:07 cmwilson21

@soliton- Thanks again. We've got a merge freeze just now due to an upcoming release, but when that's done we'll get this merged and published. 🚀

hubwriter avatar Aug 07 '23 15:08 hubwriter

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues :zap:

github-actions[bot] avatar Aug 09 '23 09:08 github-actions[bot]