-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #103: Dealing with un-escaped environment variables by using args
#105
Conversation
49a21af
to
61bb69d
Compare
const AZ_CLI_VERSION_DEFAULT_VALUE = 'agentazcliversion' | ||
|
||
export async function main(){ | ||
export async function main() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any linter tool for TypeScript? A linter can help us normalize the code style and avoid distracting diffs like this.
Just a reminder. No need to do that right now.
Glad to see we are taking security as our top priority and trying our best to avoid possible security risks. Nice work! |
…s` (#105) * escape by args * remove redundant output * fix with comments * update for comment
Description
This PR is going to fix #103. We utilize the built-in function in
@actions/exec.exec
to escape for the incoming arguments.Refer to this instruction, we can implement automatic escape for incoming arguments by using the parameter
args
of function@actions/exec.exec
.The reason why only escaping double quotes may not be sufficient was discussed in #104 (comment).
Test workflows
Test Azure CLI for escaping in env