Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Add Script Injection to Dangerous-Workflow #1368

Merged
merged 5 commits into from
Dec 9, 2021

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Dec 6, 2021

Signed-off-by: Asra Ali [email protected]

  • Please check if the PR fulfills these requirements

@asraa asraa temporarily deployed to integration-test December 6, 2021 17:50 Inactive
@asraa
Copy link
Contributor Author

asraa commented Dec 6, 2021

cc @haydentherapper just fyi!

@github-actions
Copy link

github-actions bot commented Dec 6, 2021

Integration tests success for
[cfa69b3]
(https://github.com/ossf/scorecard/actions/runs/1545890254)

@github-actions
Copy link

github-actions bot commented Dec 6, 2021

Integration tests success for
[0a8169a]
(https://github.com/ossf/scorecard/actions/runs/1545889884)

Copy link
Contributor

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Would be good to have some more unit tests for untrusted workflows.

Signed-off-by: Asra Ali <[email protected]>
@asraa asraa force-pushed the dangerous-workflow-script-injection branch from cfa69b3 to 964b322 Compare December 7, 2021 19:46
@asraa asraa temporarily deployed to integration-test December 7, 2021 19:46 Inactive
@asraa
Copy link
Contributor Author

asraa commented Dec 7, 2021

added more tests!

@asraa asraa temporarily deployed to integration-test December 7, 2021 19:46 Inactive
@github-actions
Copy link

github-actions bot commented Dec 7, 2021

Integration tests success for
[964b322]
(https://github.com/ossf/scorecard/actions/runs/1551022877)

@github-actions
Copy link

github-actions bot commented Dec 7, 2021

Integration tests success for
[e275909]
(https://github.com/ossf/scorecard/actions/runs/1551024305)

Copy link
Contributor

@laurentsimon laurentsimon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is exciting!

checks/dangerous_workflow.go Outdated Show resolved Hide resolved
checks/dangerous_workflow.go Outdated Show resolved Hide resolved
checks/dangerous_workflow.go Show resolved Hide resolved
Signed-off-by: Asra Ali <[email protected]>
@asraa asraa temporarily deployed to integration-test December 8, 2021 13:41 Inactive
@github-actions
Copy link

github-actions bot commented Dec 8, 2021

Integration tests success for
[275877f]
(https://github.com/ossf/scorecard/actions/runs/1554272847)

@asraa asraa temporarily deployed to integration-test December 9, 2021 19:59 Inactive
@github-actions
Copy link

github-actions bot commented Dec 9, 2021

Integration tests success for
[4ef2f08]
(https://github.com/ossf/scorecard/actions/runs/1560463947)

@laurentsimon laurentsimon merged commit cfa1593 into ossf:main Dec 9, 2021
@laurentsimon
Copy link
Contributor

Thanks @asraa !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants