mirror of
https://github.com/harvard-edge/cs249r_book.git
synced 2026-07-17 08:28:07 -05:00
[PR #1094] [MERGED] Security: mitigate shell injection in build-baremetal #18659
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/harvard-edge/cs249r_book/pull/1094
Author: @RinZ27
Created: 1/1/2026
Status: ✅ Merged
Merged: 1/2/2026
Merged by: @profvjreddi
Base:
main← Head:security/fix-shell-injection📝 Commits (1)
19bc61eSecurity: mitigate shell injection in build workflow📊 Changes
1 file changed (+4 additions, -3 deletions)
View changed files
📝
.github/workflows/book-build-baremetal.yml(+4 -3)📄 Description
Move artifact name evaluation to
envcontext.Interpolating
inputs.artifact_namedirectly into the shell script is unsafe as it allows for potential command injection. By using an intermediate environment variable, the value is handled as data rather than executable code during shell expansion.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.