crickets-and-comb/shared

Better sanitize workflow inputs.

Open

#94 ouverte le 16 juil. 2025

Voir sur GitHub
 (0 commentaires) (0 réactions) (0 assignés)Makefile (0 forks)auto 404
bughelp wanted

Métriques du dépôt

Stars
 (2 stars)
Métriques de merge PR
 (Métriques PR en attente)

Description

GitHub workflow inputs here and in other repos within the org aren't always fully sanitized. There should already be a sanitization step at the beginning of every workflow that wraps the inputs into environment variables that the rest of the workflow uses. Some of them already apply regex or other methods to ensure there's nothing nefarious being injected, but many do not. Many simply pass the inputs along as-is.

Task:

Go through each and every workflow that takes inputs with at least one of its triggers, in this repo and the rest of the repos. Apply regex and any other validations or transformations (e.g., stripping whitespace, ensuring a version follows semantic versioning regex pattern, etc.) within the sanitization step before assigning the variable to the output.

Guide contributeur