Fixes for various dhcp-related issues #7627
pvalenapr.yml
on: pull_request
Conventional Commit Message Checker (Commisery)
7s
Annotations
2 errors and 2 warnings
|
(Commit 65f4b4f1) fix(network-legacy): replace `echo` writes with `printf` to prevent injection via DHCP
DHCP-provided variables (hostname, gateway) were written with echo into
files later sourced as shell by net-lib.sh — allowing command injection
from a rogue DHCP server.
Use printf with explicit variable escaping `%q` for sourced files:
- .hostname files (DHCP hostname, sourced at net-lib.sh:131)
- .gw files (DHCP routers, sourced at net-lib.sh:140)
- do_static gateway and hostname (kernel cmdline ip= parameter)
Plain text config files (.resolv.conf) are left as echo — they are
read by awk, not sourced as shell, so %q escaping would be incorrect.
[C014] Subject should be within the line length limit (80), exceeded by 7 characters
|
|
Conventional Commit Message Checker (Commisery)
1 of the pull request's commits are not valid Conventional Commits
|
|
Conventional Commit Message Checker (Commisery)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: tomtom-international/commisery-action@v3. Actions will be forced to run with Node.js 24 by default starting June 16th, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Conventional Commit Message Checker (Commisery)
Unable to update Pull Request labels, did you provide the `write` permission for `issues` and `pull-requests`?
|