Skip to content

Commit 8cd2cfb

Browse files
nils-werner-sonarsourceclaude
nils-werner-sonarsource
and
claude
authored
GHA-222 Fix script injection vulnerabilities in create-integration-ticket action (#129)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 01fc0c6 commit 8cd2cfb

File tree

1 file changed

+16
-8
lines changed

1 file changed

+16
-8
lines changed

create-integration-ticket/action.yml

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -62,17 +62,21 @@ runs:
6262
- name: Validate inputs and generate ticket summary
6363
id: validate_inputs
6464
shell: bash
65+
env:
66+
INPUT_TICKET_SUMMARY: ${{ inputs.ticket-summary }}
67+
INPUT_PLUGIN_NAME: ${{ inputs.plugin-name }}
68+
INPUT_RELEASE_VERSION: ${{ inputs.release-version || env.RELEASE_VERSION }}
6569
run: |
66-
if [ -z "${{ inputs.ticket-summary }}" ]; then
67-
if [ -z "${{ inputs.plugin-name }}" ] || [ -z "${{ inputs.release-version || env.RELEASE_VERSION }}" ]; then
70+
if [ -z "$INPUT_TICKET_SUMMARY" ]; then
71+
if [ -z "$INPUT_PLUGIN_NAME" ] || [ -z "$INPUT_RELEASE_VERSION" ]; then
6872
echo "Error: Either ticket-summary must be provided, or both plugin-name and release-version must be provided."
6973
exit 1
7074
fi
71-
GENERATED_SUMMARY="Update ${{ inputs.plugin-name }} to ${{ inputs.release-version || env.RELEASE_VERSION }}"
75+
GENERATED_SUMMARY="Update $INPUT_PLUGIN_NAME to $INPUT_RELEASE_VERSION"
7276
echo "Generated ticket summary: $GENERATED_SUMMARY"
7377
echo "ticket_summary=$GENERATED_SUMMARY" >> $GITHUB_OUTPUT
7478
else
75-
echo "ticket_summary=${{ inputs.ticket-summary }}" >> $GITHUB_OUTPUT
79+
echo "ticket_summary=$INPUT_TICKET_SUMMARY" >> $GITHUB_OUTPUT
7680
fi
7781
7882
- name: Run Python script
@@ -87,11 +91,15 @@ runs:
8791
${{ inputs.ticket-description }}${{ inputs.jira-release-url && inputs.ticket-description && '
8892
8993
' || '' }}${{ inputs.jira-release-url || '' }}
94+
INPUT_TARGET_JIRA_PROJECT: ${{ inputs.target-jira-project }}
95+
INPUT_RELEASE_TICKET_KEY: ${{ inputs.release-ticket-key }}
96+
INPUT_LINK_TYPE: ${{ inputs.link-type }}
97+
TICKET_SUMMARY: ${{ steps.validate_inputs.outputs.ticket_summary }}
9098
run: |
9199
python ${{ github.action_path }}/create_integration_ticket.py \
92-
--ticket-summary "${{ steps.validate_inputs.outputs.ticket_summary }}" \
93-
--target-jira-project "${{ inputs.target-jira-project }}" \
94-
--release-ticket-key "${{ inputs.release-ticket-key }}" \
100+
--ticket-summary "$TICKET_SUMMARY" \
101+
--target-jira-project "$INPUT_TARGET_JIRA_PROJECT" \
102+
--release-ticket-key "$INPUT_RELEASE_TICKET_KEY" \
95103
--jira-url="${{ ((inputs.use-jira-sandbox || env.USE_JIRA_SANDBOX) == 'true') && env.JIRA_SANDBOX_URL || env.JIRA_PROD_URL }}" \
96-
--link-type "${{ inputs.link-type }}" \
104+
--link-type "$INPUT_LINK_TYPE" \
97105
${TICKET_DESCRIPTION:+--ticket-description "$TICKET_DESCRIPTION"} >> $GITHUB_OUTPUT

0 commit comments

Comments
 (0)