Open fgreinacher opened 5 months ago
Please check if your PR fulfills the following requirements:
What kind of change does this PR introduce?
[ ] Bugfix [ ] Feature [ ] Code style update (formatting, local variables) [ ] Refactoring (no functional changes, no api changes) [ ] Build related changes [x] CI related changes [ ] Documentation content changes [ ] Other... Please describe:
The release job directly uses a input variable, making it possible to inject code in the job. The risk here is quite low, because it is only ran when the pipeline is triggered. But nevertheless it's good to follow best practices here. See https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/injection.md.
Issue Number: N/A
As suggested in the linked documentation it stores the input in an environment variable and uses that within the script.
[ ] Yes [x] No
:hammer_and_pick: with :heart: by Siemens
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
The release job directly uses a input variable, making it possible to inject code in the job. The risk here is quite low, because it is only ran when the pipeline is triggered. But nevertheless it's good to follow best practices here. See https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/injection.md.
Issue Number: N/A
What is the new behavior?
As suggested in the linked documentation it stores the input in an environment variable and uses that within the script.
Does this PR introduce a breaking change?
Other information
:hammer_and_pick: with :heart: by Siemens