MokoConsulting/MokoSuiteCross
1
0
Fork 0
Code Issues 2 Pull Requests Releases 5 Wiki Activity

fix: prevent GitHub Actions injection in CI issue reporter #197

Merged
jmiller merged 2 commits from fix/ci-workflow-injection into dev 2026-06-28 16:29:11 +00:00
Conversation 0 Commits 2 Files Changed 53
+124 -52
jmiller commented 2026-06-28 16:24:48 +00:00
Owner
Copy Link
Copy Source

Summary\n\n- Pass ${{ inputs.* }} values via env: block instead of interpolating directly in run: blocks\n- Prevents potential command injection through crafted workflow input strings\n- Also moved MOKOGITEA_URL to env block in Clone step for consistency\n\n## Test plan\n\n- [ ] CI issue reporter workflow still creates issues on gate failure\n- [ ] Input values with special characters are handled safely

## Summary\n\n- Pass `${{ inputs.* }}` values via `env:` block instead of interpolating directly in `run:` blocks\n- Prevents potential command injection through crafted workflow input strings\n- Also moved MOKOGITEA_URL to env block in Clone step for consistency\n\n## Test plan\n\n- [ ] CI issue reporter workflow still creates issues on gate failure\n- [ ] Input values with special characters are handled safely
jmiller added 1 commit 2026-06-28 16:29:01 +00:00
fix: pass workflow inputs via env block to prevent injection
Universal: PR Check / Branch Policy (pull_request) Successful in 1s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 4s
Details
Universal: PR Check / Secret Scan (pull_request) Successful in 7s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 10s
Details
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 27s
Details
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Details
Universal: PR Check / Report Issues (pull_request) Has been cancelled
Details
b907b778c0 
Authored-by: Moko Consulting
jmiller force-pushed fix/ci-workflow-injection from 496dbc1c37 to b907b778c0 2026-06-28 16:29:01 +00:00 Compare
jmiller merged commit 1c15497c32 into dev 2026-06-28 16:29:11 +00:00
jmiller deleted branch fix/ci-workflow-injection 2026-06-28 16:29:11 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No labels
Priority -
Type -
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteCross#197
Delete Branch "fix/ci-workflow-injection"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?