Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Security risks in OpenCV actions? #85

Open
ilya-lavrenov opened this issue Jan 7, 2023 · 0 comments
Open

Security risks in OpenCV actions? #85

ilya-lavrenov opened this issue Jan 7, 2023 · 0 comments
Assignees
@asmorkalov

Comments

@ilya-lavrenov
Copy link

ilya-lavrenov commented Jan 7, 2023
edited
Loading

ci-gha-workflow/.github/workflows/OCV-Contrib-PR-3.4-ARM64.yaml

Lines 57 to 60 in 8578610

echo "PR Author: ${{ env.PR_AUTHOR }}"
echo "PR Author fork: ${{ env.PR_AUTHOR_FORK }}"
echo "Source branch name: ${{ env.SOURCE_BRANCH_NAME }}"
echo "Target branch name: ${{ env.TARGET_BRANCH_NAME }}"

Is it safe to use injections here via env var? I suppose once SOURCE_BRANCH_NAME and other env vars are created, they should be referenced simply as $SOURCE_BRANCH_NAME, otherwise it may not have proper effect.

Please, see Remediation section as a reference.
@asmorkalov asmorkalov self-assigned this Feb 20, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@asmorkalov asmorkalov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asmorkalov @ilya-lavrenov