Skip to content

Fix code injection warnings in check-codescanning-config internal Action #2781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Feb 25, 2025
Merged

Fix code injection warnings in check-codescanning-config internal Action #2781

Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
286fd68
Use env var for `EXPECTED_CONFIG_FILE_CONTENTS`
angelapwen Feb 24, 2025
c0a8eb9
Use `$RUNNER_TEMP` for good measure
angelapwen Feb 24, 2025
5e88a17
Update .github/actions/check-codescanning-config/action.yml
angelapwen Feb 24, 2025
a9f7529
Quote `expected-config-file-contents` input
angelapwen Feb 24, 2025
7567eab
Fail when expected config does not exist
angelapwen Feb 24, 2025
3b348d9
Debug only: print environment variable
angelapwen Feb 24, 2025
e12eb8d
Set environment variable in the correct step
angelapwen Feb 24, 2025
628c1e6
Remove print debugging
angelapwen Feb 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/actions/check-codescanning-config/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ runs:
db-location: ${{ runner.temp }}/codescanning-config-cli-test
env:
CODEQL_ACTION_TEST_MODE: 'true'
EXPECTED_CONFIG_FILE_CONTENTS: ${{ inputs.expected-config-file-contents }}

- name: Install dependencies
shell: bash
Expand All @@ -61,11 +62,11 @@ runs:
- name: Check config
working-directory: ${{ github.action_path }}
shell: bash
run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '${{ inputs.expected-config-file-contents }}'
run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" '$EXPECTED_CONFIG_FILE_CONTENTS'

- name: Clean up
shell: bash
if: always()
run: |
rm -rf ${{ runner.temp }}/codescanning-config-cli-test
rm -rf ${{ runner.temp }}/user-config.yaml
rm -rf $RUNNER_TEMP/codescanning-config-cli-test
rm -rf $RUNNER_TEMP/user-config.yaml
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy