Mitgation of script injection risk in CI [was Add support for a `meth…

…od_extras` option] (#59) * Rename `generate_projet_file()` to `generate_project_file()` * Avoid shell injection in CI: Switched to environment variable for the PR body retrieval: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
grasph · Jun 19, 2024 · 022844d · 022844d
1 parent ff2ff23
commit 022844d
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 11 deletions.
diff --git a/.github/workflows/test-linux.yml b/.github/workflows/test-linux.yml
@@ -40,9 +40,11 @@ jobs:
           version: ${{ matrix.version }}
           arch: ${{ matrix.arch }}
       - name: Build and test
+        env:
+          BODY: ${{github.event.pull_request.body}}
         run: |
-          body="${{github.event.pull_request.body}}"
-          package="$(echo "$body" | sed -n '1p')"
+          echo "$BODY"
+
           if [ "$OSTYPE" != "darwin"* ]; then
             rm -f /opt/hostedtoolcache/julia/1.6*/x64/lib/julia/libstdc++.so.6
           fi

diff --git a/.github/workflows/test-macos.yml b/.github/workflows/test-macos.yml
@@ -40,9 +40,11 @@ jobs:
           version: ${{ matrix.version }}
           arch: ${{ matrix.arch }}
       - name: Build and test
+        env:
+          BODY: ${{github.event.pull_request.body}}
         run: |
-          body="${{github.event.pull_request.body}}"
-          package="$(echo "$body" | sed -n '1p')"
+          echo "$BODY"
+
           if [ "$OSTYPE" != "darwin"* ]; then
             rm -f /opt/hostedtoolcache/julia/1.6*/x64/lib/julia/libstdc++.so.6
           fi

diff --git a/src/CodeTree.cpp b/src/CodeTree.cpp
@@ -3010,9 +3010,9 @@ std::string CodeTree::resolve_clang_resource_dir_path(std::string path){
   return path;
 }
 
-void CodeTree::generate_projet_file(std::ostream& o,
-                                    const std::string& uuid,
-                                    const std::string& version){
+void CodeTree::generate_project_file(std::ostream& o,
+                                     const std::string& uuid,
+                                     const std::string& version){
   o << "name = \"" << module_name_ << "\"\n"
     "uuid = \"" << uuid << "\"\n";
 

diff --git a/src/CodeTree.h b/src/CodeTree.h
@@ -180,9 +180,9 @@ namespace codetree{
 
     std::ostream& generate_enum_cxx(std::ostream& o, CXCursor cursor);
 
-    void generate_projet_file(std::ostream&o,
-                              const std::string& uuid,
-                              const std::string& version);
+    void generate_project_file(std::ostream&o,
+                               const std::string& uuid,
+                               const std::string& version);
 
 
     //To be called before the generate_xx functions.

diff --git a/src/main.cpp b/src/main.cpp
@@ -460,7 +460,7 @@ int main(int argc, char* argv[]){
     tree.preprocess();
     tree.generate_cxx();
     tree.generate_jl(out_jl, out_export_jl, module_name, lib_basename);
-    tree.generate_projet_file(out_project_toml, uuid, version);
+    tree.generate_project_file(out_project_toml, uuid, version);
 
     tree.report(out_report);
   }