actions/renovatebot-github
1
0
Fork 0
mirror of https://github.com/renovatebot/github-action.git synced 2025-12-27 12:43:37 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix code scanning alert no. 2: Regular expression injection

Browse source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Jordan <128091138+jrichy1@users.noreply.github.com>
This commit is contained in:
Jordan 2024-10-14 01:46:35 -04:00 committed by GitHub
parent 7ccef37d55
commit 7dfca51f6f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
package.json
View file

@ -33,7 +33,8 @@
}, },
"dependencies": { "dependencies": {
"@actions/core": "1.10.1", "@actions/core": "1.10.1",
"@actions/exec": "1.1.1" "@actions/exec": "1.1.1",
"lodash": "^4.17.21"
}, },
"devDependencies": { "devDependencies": {
"@commitlint/cli": "19.5.0", "@commitlint/cli": "19.5.0",

3
src/input.ts
View file

@ -1,5 +1,6 @@
import * as core from '@actions/core'; import * as core from '@actions/core';
import path from 'path'; import path from 'path';
import _ from 'lodash';
interface EnvironmentVariable { interface EnvironmentVariable {
key: string; key: string;
@ -29,7 +30,7 @@ class Input {
constructor() { constructor() {
const envRegexInput = core.getInput('env-regex'); const envRegexInput = core.getInput('env-regex');
const envRegex = envRegexInput const envRegex = envRegexInput
? new RegExp(envRegexInput) ? new RegExp(_.escapeRegExp(envRegexInput))
: this.options.envRegex; : this.options.envRegex;
this._environmentVariables = new Map( this._environmentVariables = new Map(
Object.entries(process.env) Object.entries(process.env)