bickelj
commented
1 year ago This applies the same technique from https://github.com/PhilanthropyDataCommons/deploy/pull/74#discussion_r1148043617
Closed bickelj closed 1 year ago
bickelj
commented
1 year ago This applies the same technique from https://github.com/PhilanthropyDataCommons/deploy/pull/74#discussion_r1148043617
Make sure a version tag name starts at the beginning of the file containing the tag to deploy, only contains certain characters, and the line ends before any other characters appear. This should mitigate some attacks via the
deployuser reading this file.See (internal) discussion at: https://chat.opentechstrategies.com/#narrow/stream/66-PDC/topic/ci.2Fcd/near/157900