Skip to content

Commit

Permalink
CI: Disable variable substitution on input to the twitter script
Browse files Browse the repository at this point in the history 
This prevents command injection through backticks in commit messages.
  • Loading branch information
@IdanHo @alimpfard
IdanHo authored and alimpfard committed Aug 15, 2021
1 parent 788472f commit 6602ab2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/twitter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
node-version: '14'
- run: npm i twit
- run: |
node ${{ github.workspace }}/Meta/tweet-commits.js << EOF
node ${{ github.workspace }}/Meta/tweet-commits.js << 'EOF'
${{ toJSON(github.event) }}
EOF
env:
Expand Down

0 comments on commit 6602ab2

Please sign in to comment.