diff options
author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2022-08-31 14:23:59 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-31 14:23:59 -0400 |
commit | 0d4ff34e1a7a495d5a81355ade436af5a34b8724 (patch) | |
tree | 900a38a2c027816bd36de43233c37873596db1a2 /.github | |
parent | a544d51915fbe69ff56b8485ea43ced1669ffab6 (diff) |
Temporary fix for command injection vulnerability in GHA workflow. (#13600)
Long term fix will require writing our own action to scan the PR body,
because of environment variable size limits.
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/packaging.yml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index ec4e42c002..b39d960bf7 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -41,13 +41,16 @@ jobs: - name: Read build matrix id: set-matrix shell: python3 {0} + env: + PR_BODY: "${{ github.event.pull_request.body }}" run: | from ruamel.yaml import YAML import json import re + import os FULL_CI_REGEX = '/actions run full ci' ALWAYS_RUN_ARCHES = ["amd64", "x86_64"] - PR_BODY = """${{ github.event.pull_request.body }}""" + PR_BODY = os.environ['PR_BODY'] yaml = YAML(typ='safe') entries = list() run_limited = False |