From 07d63857abae21bae4b9d62d038d94ea1afa594e Mon Sep 17 00:00:00 2001 From: Adam Dobrawy Date: Mon, 10 Apr 2023 21:06:39 +0200 Subject: [PATCH 1/2] Mitigate shell injection attack --- action.yml | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/action.yml b/action.yml index bd0f2f4..6bbfff5 100644 --- a/action.yml +++ b/action.yml @@ -74,14 +74,26 @@ runs: id: container-retention-policy run: | python ${{ github.action_path }}/main.py \ - "${{ inputs.account-type }}" \ - "${{ inputs.org-name }}" \ - "${{ inputs.image-names }}" \ - "${{ inputs.timestamp-to-use }}" \ - "${{ inputs.cut-off }}" \ - "${{ inputs.token }}" \ - "${{ inputs.untagged-only }}" \ - "${{ inputs.skip-tags }}" \ - "${{ inputs.keep-at-least }}" \ - "${{ inputs.filter-tags }}" \ - "${{ inputs.filter-include-untagged }}" + "$ACCOUNT_TYPE" \ + "$ORG_NAME" \ + "$IMAGE_NAMES" \ + "$TIMESTAMP_TO_USE" \ + "$CUT_OFF + "$TOKEN" \ + "$UNTAGGED_ONLY" \ + "$SKIP_TAGS" \ + "$KEEP_AT_LEAST" \ + "$FILTER_TAGS" \ + "$FILTER_INCLUDE_UNTAGGED" + env: + ACCOUNT_TYPE: "${{ inputs.account-type }}" + ORG_NAME: "${{ inputs.org-name }}" + IMAGE_NAMES: "${{ inputs.image-names }}" + TIMESTAMP_TO_USE: "${{ inputs.timestamp-to-use }}" + CUT_OFF: "${{ inputs.cut-off }}" + TOKEN: "${{ inputs.token }}" + UNTAGGED_ONLY: "${{ inputs.untagged-only }}" + SKIP_TAGS: "${{ inputs.skip-tags }}" + KEEP_AT_LEAST: "${{ inputs.keep-at-least }}" + FILTER_TAGS: "${{ inputs.filter-tags }}" + FILTER_INCLUDE_UNTAGGED: "${{ inputs.filter-include-untagged }}" From 23af2189d1d8563b407f5ddfd9157bdfca2bf5e0 Mon Sep 17 00:00:00 2001 From: Adam Dobrawy Date: Mon, 10 Apr 2023 21:08:53 +0200 Subject: [PATCH 2/2] fix typo --- action.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index 6bbfff5..a23d4c9 100644 --- a/action.yml +++ b/action.yml @@ -76,14 +76,14 @@ runs: python ${{ github.action_path }}/main.py \ "$ACCOUNT_TYPE" \ "$ORG_NAME" \ - "$IMAGE_NAMES" \ - "$TIMESTAMP_TO_USE" \ - "$CUT_OFF + "$IMAGE_NAMES" \ + "$TIMESTAMP_TO_USE" \ + "$CUT_OFF" \ "$TOKEN" \ "$UNTAGGED_ONLY" \ "$SKIP_TAGS" \ - "$KEEP_AT_LEAST" \ - "$FILTER_TAGS" \ + "$KEEP_AT_LEAST" \ + "$FILTER_TAGS" \ "$FILTER_INCLUDE_UNTAGGED" env: ACCOUNT_TYPE: "${{ inputs.account-type }}"