Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #103: Dealing with un-escaped environment variables by using args #105

Merged
merged 4 commits into from
Jun 30, 2023
Merged

Fix #103: Dealing with un-escaped environment variables by using args #105

merged 4 commits into from
Jun 30, 2023

Conversation

MoChilia
Copy link
Member

@MoChilia MoChilia commented Jun 2, 2023
edited
Loading

Description

This PR is going to fix #103. We utilize the built-in function in @actions/exec.exec to escape for the incoming arguments.

Refer to this instruction, we can implement automatic escape for incoming arguments by using the parameter args of function @actions/exec.exec.

 * @param     args               optional arguments for tool. Escaping is handled by the lib.

The reason why only escaping double quotes may not be sufficient was discussed in #104 (comment).

Test workflows

Test Azure CLI for escaping in env

@MoChilia MoChilia requested a review from jiasli June 2, 2023 10:35
@MoChilia MoChilia self-assigned this Jun 2, 2023
jiasli
jiasli reviewed Jun 2, 2023
View reviewed changes
src/main.ts Outdated Show resolved Hide resolved
jiasli
jiasli reviewed Jun 2, 2023
View reviewed changes
src/main.ts Outdated Show resolved Hide resolved
jiasli
jiasli reviewed Jun 2, 2023
View reviewed changes
src/main.ts Outdated Show resolved Hide resolved
jiasli
jiasli reviewed Jun 12, 2023
View reviewed changes
src/main.ts Outdated Show resolved Hide resolved
@jiasli jiasli mentioned this pull request Jun 12, 2023
Closed
@MoChilia MoChilia force-pushed the master branch 2 times, most recently from 49a21af to 61bb69d Compare June 26, 2023 03:48
@MoChilia MoChilia added the bug Something is not working label Jun 26, 2023
jiasli
jiasli reviewed Jun 30, 2023
View reviewed changes
src/main.ts
const AZ_CLI_VERSION_DEFAULT_VALUE = 'agentazcliversion'

export async function main(){
export async function main() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any linter tool for TypeScript? A linter can help us normalize the code style and avoid distracting diffs like this.

Just a reminder. No need to do that right now.

@jiasli
Copy link
Member

jiasli commented Jun 30, 2023

Glad to see we are taking security as our top priority and trying our best to avoid possible security risks. Nice work!

@MoChilia MoChilia merged commit 6717244 into Azure:master Jun 30, 2023
1 check passed
@jiasli jiasli mentioned this pull request Jul 27, 2023
Open
MoChilia added a commit to MoChilia/cli that referenced this pull request Aug 9, 2023
@MoChilia
Fix Azure#103: Dealing with un-escaped environment variables by using…
806bcdb 
… `args` (Azure#105)
MoChilia added a commit that referenced this pull request Aug 9, 2023
@MoChilia
Fix #103: Dealing with un-escaped environment variables by using `arg…
5680a7e 
…s` (#105)

* escape by args

* remove redundant output

* fix with comments

* update for comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiasli jiasli jiasli approved these changes

Assignees

@MoChilia MoChilia

Labels
bug Something is not working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Exported environment variables w/quotes break the docker run command
2 participants
@MoChilia @jiasli