From 42b1ce244161521ada95f49f29a4fe1e90724b2c Mon Sep 17 00:00:00 2001 From: huangyi Date: Mon, 8 Jul 2024 17:41:00 +0800 Subject: [PATCH 1/2] Problem: minor security issue in github workflow --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0664d2c5e..688c832ab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -68,9 +68,11 @@ jobs: - name: Get Comment PR informations id: pr_data if: github.event_name == 'issue_comment' + env: + COMMENT_BODY: ${{ github.event.comment.body }} run: | echo "repo_name=${{ fromJson(steps.request.outputs.data).head.repo.full_name }}" >> $GITHUB_OUTPUT - comment_hash=`echo ${{ github.event.comment.body }} | cut -d' ' -f2` # get commit hash if any + comment_hash=`echo $COMMENT_BODY | cut -d' ' -f2` # get commit hash if any if [[ "${comment_hash}" == "/runsim" ]]; then # use default head ref echo "ref=${{ fromJson(steps.request.outputs.data).head.ref }}" >> $GITHUB_OUTPUT From c046caaea64ad56a5e15f8690af3bb33a28275d5 Mon Sep 17 00:00:00 2001 From: yihuang Date: Mon, 8 Jul 2024 21:10:44 +0800 Subject: [PATCH 2/2] Update .github/workflows/build.yml Signed-off-by: yihuang --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 688c832ab..ee26a0753 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -72,7 +72,7 @@ jobs: COMMENT_BODY: ${{ github.event.comment.body }} run: | echo "repo_name=${{ fromJson(steps.request.outputs.data).head.repo.full_name }}" >> $GITHUB_OUTPUT - comment_hash=`echo $COMMENT_BODY | cut -d' ' -f2` # get commit hash if any + comment_hash=`echo "$COMMENT_BODY" | cut -d' ' -f2` # get commit hash if any if [[ "${comment_hash}" == "/runsim" ]]; then # use default head ref echo "ref=${{ fromJson(steps.request.outputs.data).head.ref }}" >> $GITHUB_OUTPUT