Closed MoChilia closed 1 year ago
This PR is going to fix #103. We utilize the built-in function in @actions/exec.exec to escape for the incoming arguments.
@actions/exec.exec
Refer to this instruction, we can implement automatic escape for incoming arguments by using the parameter args of function @actions/exec.exec.
args
* @param args optional arguments for tool. Escaping is handled by the lib.
The reason why only escaping double quotes may not be sufficient was discussed in https://github.com/Azure/cli/pull/104#discussion_r1213961750.
Test Azure CLI for escaping in env
Glad to see we are taking security as our top priority and trying our best to avoid possible security risks. Nice work!
Description
This PR is going to fix #103. We utilize the built-in function in
@actions/exec.exec
to escape for the incoming arguments.Refer to this instruction, we can implement automatic escape for incoming arguments by using the parameter
args
of function@actions/exec.exec
.The reason why only escaping double quotes may not be sufficient was discussed in https://github.com/Azure/cli/pull/104#discussion_r1213961750.
Test workflows
Test Azure CLI for escaping in env