From 43b0167a3a7d97f0a002db2634337faaac95a59d Mon Sep 17 00:00:00 2001 From: Stypox Date: Wed, 26 Apr 2023 16:01:20 +0200 Subject: [PATCH] Fix CI command injection vulnerability See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67bd46992..03b04b7c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,9 @@ jobs: - name: create and checkout branch # push events already checked out the branch if: github.event_name == 'pull_request' - run: git checkout -B ${{ github.head_ref }} + env: + BRANCH: ${{ github.head_ref }} + run: git checkout -B "$BRANCH" - name: set up JDK 17 uses: actions/setup-java@v3