Merge pull request #79 from qualcomm-linux/mynameistechno-patch-1

lool · web-flow · commit a81c8bcbdafb · 2025-06-24T11:22:05.000+02:00
Prevent code injection in workflow
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,14 +20,16 @@ jobs:
     outputs:
       jobmatrix: ${{ steps.listjobs.outputs.jobmatrix }}
     steps:
+      - env:
+          BUILD_URL: ${{ inputs.url }}
       - name: Clone repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Print trigger
         run: |
           echo "Triggered by ${{ github.event_name }}"
-          echo "Build URL: ${{ inputs.url }}"
+          echo "Build URL: $BUILD_URL"
       - name: "List jobs"
         id: listjobs
         run: |
@@ -56,7 +58,7 @@ jobs:
           FIND_PATH="${TARGET#*/}"
           DEVICE_TYPE_PATH="${FIND_PATH%/*}"
           DEVICE_TYPE="${DEVICE_TYPE_PATH#*/}"
-          BUILD_DOWNLOAD_URL="${{inputs.url}}"
+          BUILD_DOWNLOAD_URL="$BUILD_URL"
           sed -i "s|{{DEVICE_TYPE}}|${DEVICE_TYPE}|g" "${{ matrix.target }}"
           sed -i "s|{{GITHUB_SHA}}|${GITHUB_SHA}|g" "${{ matrix.target }}"
           sed -i "s|{{BUILD_DOWNLOAD_URL}}|${BUILD_DOWNLOAD_URL}|g" "${{ matrix.target }}"
