crickets-and-comb/shared

Better sanitize workflow inputs.

Open

#94 geöffnet am 16. Juli 2025

Auf GitHub ansehen
 (0 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)Makefile (0 Forks)auto 404
bughelp wanted

Repository-Metriken

Stars
 (2 Stars)
PR-Merge-Metriken
 (PR-Metriken ausstehend)

Beschreibung

GitHub workflow inputs here and in other repos within the org aren't always fully sanitized. There should already be a sanitization step at the beginning of every workflow that wraps the inputs into environment variables that the rest of the workflow uses. Some of them already apply regex or other methods to ensure there's nothing nefarious being injected, but many do not. Many simply pass the inputs along as-is.

Task:

Go through each and every workflow that takes inputs with at least one of its triggers, in this repo and the rest of the repos. Apply regex and any other validations or transformations (e.g., stripping whitespace, ensuring a version follows semantic versioning regex pattern, etc.) within the sanitization step before assigning the variable to the output.

Contributor Guide