fix(security): Prevent GitHub script injection in update-tox workflow by fix-it-felix-sentry[bot] · Pull Request #6171 · getsentry/sentry-python
Replace direct GitHub context variable interpolation with environment variables to prevent code injection attacks. This addresses a high severity security finding where untrusted user input from GitHub context could be injected into the actions/github-script execution. Changes: - Add env block with BRANCH_NAME, COMMIT_TITLE, DATE, and BASE_BRANCH - Replace direct interpolation with process.env variables - Prevents script injection vulnerability (VULN-1594) Refs: https://linear.app/getsentry/issue/VULN-1594 Refs: https://linear.app/getsentry/issue/PY-2395 Co-Authored-By: fix-it-felix-sentry[bot] <260785270+fix-it-felix-sentry[bot]@users.noreply.github.com>
This was referenced
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters