wireapp
fix(actions): prevent command injection in GHA workflow (WPB-9709)
 WPB-9709 Fix GHA pipeline command injection vulnerabilities
|
Description
It was possible to run arbitrary commands in the context of the GitHub Actions workflow
by using an unsanitized user input (env) in a run step.
As a best practice, we shall try to sanitize any user input.
Screenshots/Screencast (for UI changes)
Checklist
- [x] PR has been self reviewed by the author;
- [ ] Hard-to-understand areas of the code have been commented;
- [ ] If it is a core feature, unit tests have been added;
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 46.59%. Comparing base (
84b89bd) to head (fbf3b16). Report is 2 commits behind head on dev.
Additional details and impacted files
@@ Coverage Diff @@
## dev #17620 +/- ##
==========================================
+ Coverage 46.58% 46.59% +0.01%
==========================================
Files 781 781
Lines 25158 25161 +3
Branches 5753 5756 +3
==========================================
+ Hits 11719 11723 +4
Misses 11964 11964
+ Partials 1475 1474 -1
