chore(CI): Security fix - Sanitize User controlled input (#149)

This is a minor fix to one of the GitHub Actions workflows. It is a security best practice to sanitize any GitHub Actions variables that can contain arbitrary values in a run step. Co-authored-by: Harsh <[email protected]>
aws-amplify · Jan 16, 2024 · fe24680 · fe24680
1 parent f0162d6
commit fe24680
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/deploy-pods.yml b/.github/workflows/deploy-pods.yml
@@ -23,10 +23,12 @@ jobs:
       - name: Extract release version
         uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
         id: extract-release-version
+        env:
+            TITLE: ${{ github.event.pull_request.title }}
         with:
           result-encoding: string
           script: |
-            const matches = `${{ github.event.pull_request.title }}`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
+            const matches = `$TITLE`.match(/[0-9]+\.[0-9]+\.[0-9]+/) ?? []
             return matches.length > 0 ? matches[0] : ""
 
   release: