Skip to content

Commit 5ba2d4a

Browse files
JeremiahM37JeremiahM37
committed
harden workflow against heredoc injection
1 parent 5d1b5e7 commit 5ba2d4a

2 files changed

Lines changed: 6 additions & 8 deletions

File tree

.github/workflows/disabled/hostap.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -115,11 +115,10 @@ jobs:
115115
EOF
116116
117117
- name: Print computed job run ID
118+
env:
119+
GITHUB_CONTEXT: ${{ toJSON(github) }}
118120
run: |
119-
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
120-
${{ toJSON(github) }}
121-
END_OF_HEREDOC
122-
)
121+
SHA_SUM=$(printf '%s' "$GITHUB_CONTEXT" | sha256sum | cut -d " " -f 1)
123122
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
124123
echo Our job run ID is $SHA_SUM
125124

.github/workflows/hostap-vm.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -186,11 +186,10 @@ jobs:
186186
EOF
187187
188188
- name: Print computed job run ID
189+
env:
190+
GITHUB_CONTEXT: ${{ toJSON(github) }}
189191
run: |
190-
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
191-
${{ toJSON(github) }}
192-
END_OF_HEREDOC
193-
)
192+
SHA_SUM=$(printf '%s' "$GITHUB_CONTEXT" | sha256sum | cut -d " " -f 1)
194193
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
195194
echo Our job run ID is $SHA_SUM
196195

0 commit comments

Comments
 (0)