Merge pull request #56 from advanced-security/GeekMasher-patch-1

GeekMasher · web-flow · commit 6ab3926f2e72 · 2025-06-05T14:57:23.000+01:00
Fix Code Injection issues
diff --git a/.github/workflows/codeql-packs.yml b/.github/workflows/codeql-packs.yml
@@ -47,8 +47,9 @@ jobs:
       - name: "Build and Publish CodeQL Packs"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PACKS: ${{ matrix.packs }}
         run: |
-          PACK_PATH="${{ matrix.packs }}/qlpack.yml"
+          PACK_PATH="${PACKS}/qlpack.yml"
           CURRENT_VERSION=$(grep version $PACK_PATH | awk '{print $2}')
           PACK_FULLNAME=$(cat $PACK_PATH | grep "name:" | awk '{print $2}')
           PACK_NAME=$(echo $PACK_FULLNAME | awk -F '/' '{print $2}')
diff --git a/.github/workflows/python-linting.yml b/.github/workflows/python-linting.yml
@@ -27,10 +27,12 @@ jobs:
     steps:
       - name: Set matrix
         id: set-matrix
+        env:
+          VERSIONS: ${{ inputs.versions }}
         run: |
-          versions="${{ inputs.versions }}"
-          echo "Version Input :: $versions"
-          matrix=$(echo "$versions" | tr "," "\n" | awk '{print "\""$1"\""}' | paste -sd "," -)
+          set -e
+          echo "Version Input :: $VERSIONS"
+          matrix=$(echo "$VERSIONS" | tr "," "\n" | awk '{print "\""$1"\""}' | paste -sd "," -)
           echo "matrix :: [$matrix]"
           echo "matrix=[$matrix]" >> "$GITHUB_OUTPUT"
 
@@ -71,9 +73,10 @@ jobs:
           fi
 
       - name: Run linting
+        env:
+          TOOL: ${{ inputs.tool }}
         run: |
           set -e
-          TOOL="${{ inputs.tool }}"
           if [[ "$TOOL" == "ruff" ]]; then
               pip install ruff
               ruff check
diff --git a/.github/workflows/python-testing.yml b/.github/workflows/python-testing.yml
@@ -20,10 +20,12 @@ jobs:
     steps:
       - name: Set matrix
         id: set-matrix
+        env:
+          VERSIONS: ${{ inputs.versions }}
         run: |
-          versions="${{ inputs.versions }}"
-          echo "Version Input :: $versions"
-          matrix=$(echo "$versions" | tr "," "\n" | awk '{print "\""$1"\""}' | paste -sd "," -)
+          set -e
+          echo "Version Input :: $VERSIONS"
+          matrix=$(echo "$VERSIONS" | tr "," "\n" | awk '{print "\""$1"\""}' | paste -sd "," -)
           echo "matrix :: [$matrix]"
           echo "matrix=[$matrix]" >> "$GITHUB_OUTPUT"
 
