Addressing security comments regarding variables

rsksmart · Oct 21, 2024 · be2dfb9 · be2dfb9
1 parent 582b4a0
commit be2dfb9
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/.github/workflows/rit.yml b/.github/workflows/rit.yml
@@ -113,14 +113,14 @@ jobs:
           BUILD_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
           echo "BUILD_URL=$BUILD_URL" >> $GITHUB_ENV
 
-      - name: Sanitize Branch Name
-        id: sanitize-branch-name
+      - name: Sanitize Github Variables
+        id: sanitize-github-variables
         env:
-          GITHUB_HEAD_REF: ${{ github.head_ref }}
+          GITHUB_EVENT_PULL_REQUEST_TITLE: ${{ github.event.pull_request.title }}
         run: |
-          # Delete non-alphanumeric characters and limit to 255 chars which is the branch limit in GitHub
-          SAFE_BRANCH_NAME=$(echo "${GITHUB_HEAD_REF}" | tr -cd '[:alnum:]_-' | cut -c1-255)
-          echo "SAFE_BRANCH_NAME=$SAFE_BRANCH_NAME" >> $GITHUB_ENV
+          # Delete non-alphanumeric characters and limit to 75 chars which is the branch title limit in GitHub
+          SAFE_PULL_REQUEST_TITLE=$(echo "${GITHUB_EVENT_PULL_REQUEST_TITLE}" | tr -cd '[:alnum:]_ -' | cut -c1-75)
+          echo "SAFE_PULL_REQUEST_TITLE=$SAFE_PULL_REQUEST_TITLE" >> $GITHUB_ENV
 
       - name: Run Rootstock Integration Tests
         uses: rsksmart/rootstock-integration-tests@e86332474179a63f027d0fe969687d3d24f34c29 #v1
@@ -135,14 +135,15 @@ jobs:
         uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
         env:
           SLACK_BOT_TOKEN: ${{ secrets.GHA_SLACK_NOTIFICATION_TOKEN }}
+          GITHUB_EVENT_PULL_REQUEST_HTML_URL: ${{ github.event.pull_request.html_url }}
         with:
           channel-id: ${{ vars.GHA_SLACK_NOTIFICATION_CHANNEL }}
           payload: |
             {
               "attachments": [
                 {
                   "color": "good",
-                  "text": "*PASSED*: :white_check_mark: - *${{ github.event.pull_request.title }}* \n*Pull request*: ${{ github.event.pull_request.html_url }} \n*Pipeline*: ${{ env.BUILD_URL }} \n*Branches used*: \n- rskj:`${{ env.RSKJ_BRANCH }}` \n- fed:`${{ env.POWPEG_BRANCH }}` \n- rit:`${{ env.RIT_BRANCH }}`"
+                  "text": "*PASSED*: :white_check_mark: - *${{ env.SAFE_PULL_REQUEST_TITLE }}* \n*Pull request*: ${{ env.GITHUB_EVENT_PULL_REQUEST_HTML_URL }} \n*Pipeline*: ${{ env.BUILD_URL }} \n*Branches used*: [ rskj:`${{ env.RSKJ_BRANCH }}` ] [ fed:`${{ env.POWPEG_BRANCH }}` ] [ rit:`${{ env.RIT_BRANCH }}` ]"
                 }
               ]
             }
@@ -152,14 +153,15 @@ jobs:
         uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
         env:
           SLACK_BOT_TOKEN: ${{ secrets.GHA_SLACK_NOTIFICATION_TOKEN }}
+          GITHUB_EVENT_PULL_REQUEST_HTML_URL: ${{ github.event.pull_request.html_url }}
         with:
           channel-id: ${{ vars.GHA_SLACK_NOTIFICATION_CHANNEL }}
           payload: |
             {
               "attachments": [
                 {
                   "color": "danger",
-                  "text": "*FAILED*: :x: - *${{ github.event.pull_request.title }}* \n*Pull request*: ${{ github.event.pull_request.html_url }} \n*Pipeline*: ${{ env.BUILD_URL }} \n*Branches used*: \n- rskj:`${{ env.RSKJ_BRANCH }}` \n- fed:`${{ env.POWPEG_BRANCH }}` \n- rit:`${{ env.RIT_BRANCH }}`"
+                  "text": "*FAILED*: :x: - *${{ env.SAFE_PULL_REQUEST_TITLE }}* \n*Pull request*: ${{ env.GITHUB_EVENT_PULL_REQUEST_HTML_URL }} \n*Pipeline*: ${{ env.BUILD_URL }} \n*Branches used*: [ rskj:`${{ env.RSKJ_BRANCH }}` ] [ fed:`${{ env.POWPEG_BRANCH }}` ] [ rit:`${{ env.RIT_BRANCH }}` ]"
                 }
               ]
             }