Skip to content

Make newman kubed again#33

Open
denomolo wants to merge 23 commits into
masterfrom
newman-kubed
Open

Make newman kubed again#33
denomolo wants to merge 23 commits into
masterfrom
newman-kubed

Conversation

@denomolo

Copy link
Copy Markdown
Contributor

No description provided.

@denomolo denomolo requested a review from galnadjar February 23, 2025 16:28
@denomolo denomolo self-assigned this Feb 23, 2025

@jit-ci jit-ci Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed below as a comment.
It’s highly recommended that you fix this security issue before merge.

done
cat changed_charts.txt | uniq | jq --raw-input --slurp --compact-output 'split("\n") | map(select(length > 0))' > result.txt
cat result.txt
echo "chart-list=$(cat result.txt)" >> $GITHUB_OUTPUT

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Static Code Analysis Yaml

Shell Injection In Github Actions

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

Severity: HIGH

Learn more about this issue


Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "Shell Injection in GitHub Actions" in .github/workflows/build-newman.yaml; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants