Skip to content

Prevent shell command execution from commit messages#15

Merged
hackallcode merged 1 commit intomasterfrom
fix-ci-parse-version
Aug 7, 2025
Merged

Prevent shell command execution from commit messages#15
hackallcode merged 1 commit intomasterfrom
fix-ci-parse-version

Conversation

@hackallcode
Copy link
Collaborator

@hackallcode hackallcode commented Aug 7, 2025

Previously, commit messages were passed via a variable, which allowed embedded shell commands (e.g. $(...)) to be executed during parsing. For example, this happened in this run: https://github.com/tarantool/sdvg/actions/runs/16798902022/job/47575402000

Now the message is fetched directly via git and safely piped through sed, ensuring arbitrary code is not executed.

@hackallcode
Prevent shell command execution from commit messages
f730675 
Previously, commit messages were passed via a variable,
which allowed embedded shell commands (e.g. `$(...)`)
to be executed during parsing. For example, this happened in this run:
https://github.com/tarantool/sdvg/actions/runs/16798902022/job/47575402000

Now the message is fetched directly via `git` and safely piped through `sed`,
ensuring arbitrary code is not executed.
@hackallcode hackallcode merged commit 83ef461 into master Aug 7, 2025
14 checks passed
@hackallcode hackallcode deleted the fix-ci-parse-version branch August 7, 2025 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ReverseTM ReverseTM ReverseTM approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hackallcode @ReverseTM