anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 22:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
claude/fix-command-injection-012ini6RiyJVXxae6QfACQce
claude-code-action/examples
History
Claude a86ef08036 fix: prevent command injection in workflow example files 
Fixes command injection vulnerabilities in example workflow files by using
environment variables instead of direct template expansion in shell commands.

This prevents malicious branch names containing command substitution syntax
like $(cmd) from being executed by the shell.

Files fixed:
- examples/ci-failure-auto-fix.yml: github.event.workflow_run.head_branch
- examples/test-failure-analysis.yml: github.event.workflow_run.name and head_branch
2025-12-16 01:37:30 +00:00
..
ci-failure-auto-fix.yml
fix: prevent command injection in workflow example files
2025-12-16 01:37:30 +00:00
claude.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
issue-deduplication.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
issue-triage.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
manual-code-analysis.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
pr-review-comprehensive.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
pr-review-filtered-authors.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
pr-review-filtered-paths.yml
chore: upgrade actions/checkout from v4 to v5 (#632)
2025-10-20 09:11:13 -07:00
test-failure-analysis.yml
fix: prevent command injection in workflow example files
2025-12-16 01:37:30 +00:00