Add validation for currentStreamVersionProperty parameter

Co-authored-by: laeubi <[email protected]>

Author: Copilot

.github/workflows/checkVersions.yml

@@ -94,9 +94,16 @@ jobs:
         if [[ $(git diff --name-only --cached) != '' ]]; then
           # Relevant files were staged, i.e. some version were changed
           
+          # Validate property name to prevent injection
+          propertyName="${{ inputs.currentStreamVersionProperty }}"
+          if [[ ! "$propertyName" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+            echo "::error::Invalid property name: $propertyName. Must contain only alphanumeric characters, dots, hyphens, and underscores."
+            exit 1
+          fi
+          
           # Read property as stream version
           pushd ${{ inputs.working-directory }}
-          mvn help:evaluate -Dexpression=${{ inputs.currentStreamVersionProperty }} ${{ inputs.extra-maven-args }} --quiet '-Doutput=currentStreamVersion-value.txt'
+          mvn help:evaluate -Dexpression="$propertyName" ${{ inputs.extra-maven-args }} --quiet '-Doutput=currentStreamVersion-value.txt'
           streamVersion=$(<currentStreamVersion-value.txt)
           rm -f currentStreamVersion-value.txt
           popd