Closed ZhongRuoyu closed 4 months ago
Avoid using inputs expanded with the ${{ .. }} syntax in shell scripts to prevent code injection.
${{ .. }}
Also:
failures-summary-and-bottle-result
printf
%s
post-build
debug
Avoid using inputs expanded with the
${{ .. }}syntax in shell scripts to prevent code injection.Also:
failures-summary-and-bottle-result: make sure everyprintfgets a format string (%s) so that we don't get unexpected format sequences from the input.post-build: fix use of non-existent inputdebug.