Ensure using an intermediate environment variable
For inline scripts, the preferred approach to handling untrusted input is to set the value of the expression to an intermediate environment variable. With this approach, a value of an expression is stored in memory and used as a variable. And doesn't interact with the script generation process. In addition, consider using double quote shell variables to avoid word splitting.
Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC007
REMEDIATION
Remove environment variable from the running command
Read more:
Updated over 1 year ago