Use printf %q to sanatize input and avoid command injection

gravitational · Dec 14, 2023 · 019b2d1 · 019b2d1
1 parent 5aeb456
commit 019b2d1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/.github/workflows/csv-lint.yaml b/.github/workflows/csv-lint.yaml
@@ -40,6 +40,7 @@ jobs:
         run: |
           cd csvlint
           for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
-            echo "Validating ${file}"
-            go run cmd/csvlint/main.go ../${file}
+            sanitized_file=$(printf '%q' "$file")
+            echo "Validating ${sanitized_file}"
+            go run cmd/csvlint/main.go ../${sanitized_file}
           done
diff --git a/.github/workflows/json-lint.yaml b/.github/workflows/json-lint.yaml
@@ -28,6 +28,7 @@ jobs:
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
           for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
-            echo "Validating ${file}"
-            jq empty ${file}
+            sanitized_file=$(printf '%q' "$file")
+            echo "Validating ${sanitized_file}"
+            jq empty ${sanitized_file}
           done