From 8b28a33b73a98372df7f0ac6c373624d0ac2f46b Mon Sep 17 00:00:00 2001 From: Pun Butrach Date: Fri, 22 Dec 2023 20:39:21 +0700 Subject: [PATCH] ci(security): resolve arbitrary code execution --- .github/workflows/pr-build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 009cef0d..08cb344c 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -45,10 +45,10 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - gh repo clone ${{ github.repository }} + gh repo clone "${{ github.repository }}" cd revanced-manager - gh repo set-default ${{ github.repository }} - gh pr checkout ${{ inputs.pr-number }} + gh repo set-default "${{ github.repository }}" + gh pr checkout "${{ inputs.pr-number }}" echo "DATETIME=$( TZ='UTC+0' date --rfc-email )" >> $GITHUB_ENV echo "COMMIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV @@ -83,7 +83,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - flutter build apk --${{ inputs.app-flavour }}; + flutter build apk --"${{ inputs.app-flavour }}"; - name: Prepare to comment run: |