search

Azure / cli

Automate your GitHub workflows using Azure CLI scripts
MIT License
124 stars 52 forks source link

Fix #103: Dealing with un-escaped environment variables by using `args` #105

Closed MoChilia closed 1 year ago

MoChilia commented 1 year ago

Description

This PR is going to fix #103. We utilize the built-in function in @actions/exec.exec to escape for the incoming arguments.

Refer to this instruction, we can implement automatic escape for incoming arguments by using the parameter args of function @actions/exec.exec.

 * @param     args               optional arguments for tool. Escaping is handled by the lib.

The reason why only escaping double quotes may not be sufficient was discussed in https://github.com/Azure/cli/pull/104#discussion_r1213961750.

Test workflows

Test Azure CLI for escaping in env

jiasli commented 1 year ago

Glad to see we are taking security as our top priority and trying our best to avoid possible security risks. Nice work!