Skip to content

Commit 6558fac

Browse files
sandeepnRESsandeepnRES
committed
ci: fix Command injection vulnerability
* Fix command injection vulnerability mentioned at https://hackerone.com/reports/3287280 * Fix a minor bug in weaver-deploy-node-pkgs.yaml where first time if publishing it might throw error Signed-off-by: Sandeep Nishad <[email protected]>
1 parent 4b614f1 commit 6558fac

File tree

3 files changed

+35
-4
lines changed

3 files changed

+35
-4
lines changed

.github/workflows/test_weaver-pre-release.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
TITLE: ${{ github.event.pull_request.title }}
3030
run : |
3131
status="skip"
32-
if echo ${TITLE} | grep -q "chore(release)"; then
32+
if echo "${TITLE}" | grep -q "chore(release)"; then
3333
status="continue"
3434
fi
3535
echo "status=$status" >> $GITHUB_OUTPUT

.github/workflows/weaver_deploy_node-pkgs.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
- name: Check if package already exists
5555
run : |
5656
PKG_NAME=$(node -p "require('./package.json').name")
57-
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
57+
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
5858
LOCAL_VERSION=$(node -p "require('./package.json').version")
5959
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
6060
echo "PROTOS_JS_PUBLISH=false" >> $GITHUB_ENV
@@ -101,7 +101,7 @@ jobs:
101101
- name: Check if package already exists
102102
run : |
103103
PKG_NAME=$(node -p "require('./package.json').name")
104-
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
104+
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
105105
LOCAL_VERSION=$(node -p "require('./package.json').version")
106106
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
107107
echo "WEAVER_FABRIC_SDK_PUBLISH=false" >> $GITHUB_ENV
@@ -146,7 +146,7 @@ jobs:
146146
- name: Check if package already exists
147147
run : |
148148
PKG_NAME=$(node -p "require('./package.json').name")
149-
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
149+
PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
150150
LOCAL_VERSION=$(node -p "require('./package.json').version")
151151
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
152152
echo "WEAVER_BESU_SDK_PUBLISH=false" >> $GITHUB_ENV

patch

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
diff --git a/.github/workflows/weaver_deploy_node-pkgs.yml b/.github/workflows/weaver_deploy_node-pkgs.yml
2+
index d07fed4e2..fe8030c9b 100644
3+
--- a/.github/workflows/weaver_deploy_node-pkgs.yml
4+
+++ b/.github/workflows/weaver_deploy_node-pkgs.yml
5+
@@ -54,7 +54,7 @@ jobs:
6+
- name: Check if package already exists
7+
run : |
8+
PKG_NAME=$(node -p "require('./package.json').name")
9+
- PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
10+
+ PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
11+
LOCAL_VERSION=$(node -p "require('./package.json').version")
12+
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
13+
echo "PROTOS_JS_PUBLISH=false" >> $GITHUB_ENV
14+
@@ -101,7 +101,7 @@ jobs:
15+
- name: Check if package already exists
16+
run : |
17+
PKG_NAME=$(node -p "require('./package.json').name")
18+
- PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
19+
+ PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
20+
LOCAL_VERSION=$(node -p "require('./package.json').version")
21+
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
22+
echo "WEAVER_FABRIC_SDK_PUBLISH=false" >> $GITHUB_ENV
23+
@@ -146,7 +146,7 @@ jobs:
24+
- name: Check if package already exists
25+
run : |
26+
PKG_NAME=$(node -p "require('./package.json').name")
27+
- PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false)
28+
+ PUBLISHED_VERSION=$(npm view $PKG_NAME version --workspaces=false || echo no.version.found)
29+
LOCAL_VERSION=$(node -p "require('./package.json').version")
30+
if [[ "$PUBLISHED_VERSION" == "$LOCAL_VERSION" ]]; then
31+
echo "WEAVER_BESU_SDK_PUBLISH=false" >> $GITHUB_ENV

0 commit comments

Comments
 (0)