-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
more environment variable configuration + github access token usage #8
base: master
Are you sure you want to change the base?
more environment variable configuration + github access token usage #8
Conversation
i believe this is safe from command injection via |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @realytcracker!
So sorry for not getting this review out sooner. Thank you so much for taking the time to send this in.
I left a couple of small comments, but I'd be interested in getting this merged. I understand that this has been here for some time so if you don't have time to knock these out just let me know and I can merge into a branch, make the minor changes then get this merged into master.
https://github.blog/2012-09-21-easier-builds-and-deployments-using-git-over-https-and-oauth/ ``` If you’re cloning inside a script and need to avoid the prompts, you can add the token to the clone URL: git clone https://<token>@github.com/owner/repo.git or git clone https://<token>:[email protected]/owner/repo.git ```
sorry for the 3y necromancy - i just noticed this wasn't merged, and updated accordingly. |
also, i noticed you're at stripe now @jordan-wright, so you may not even be maintaining this anymore. my old supervisor (super cool, sharp dude) does offensive security there - b steg. |
this patch allows for the pulling of repositories available under the scope of the token's user by modifying the
git clone
request to include the provided access token as basic authentication, especially helpful in thewebhook
implementation. it also allows for the configuration of other seemingly sensitive variables to be passed along as environment variables.