-
-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitise parameters #873
Sanitise parameters #873
Conversation
Thank you for creating a pull request!Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work). Code Quality and Contributing GuidelinesIf you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before. TestsGithub actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation. In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post |
Signed-off-by: Stewart X Addison <[email protected]>
1e05805
to
d0f1c03
Compare
@sxa Can you rebase? That should fix CI checks |
Hmmm I think it is up to date - a rebase locally isn't pucking up anything new and my branch includes the "2nd attmpt" commit. The error seems to be:
It's that something that you would expect to be fixed by a rebase? |
I've puilled in your commit from pending PR #871 and that seems to have allowed the checks to pass. Since they're not yet merged upstream I'm now going to remove them from this PR again, but that should be enough to prove that this PR is good. |
cfdc2bd
to
d0f1c03
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
🤞🏻 Signed-off-by: Stewart X Addison <[email protected]>
I'm caught up on the aqa branch regex. We have an aqa release branch named Edit: Perhaps we're just missing the |
This PR will trap potentially dangerous characters before passing them to a shell operation within the groovy pipelines. Noting that some dodgy characters are trapped elsewhere (but doing it here makes it explicit in case other places are missed):
If the docker image parameter has nonsense in it.
Also VARIANT will get trapped and abort in make-adopt-build-farm.sh if it's not in a defined list:
16:29:19 + ./build-farm/make-adopt-build-farm.sh 16:29:19 [ERROR] hot$pot is not a recognised build variant. Valid Variants = hotspot temurin openj9 corretto SapMachine dragonwell fast_startup bisheng
Ref TOB_TEMURIN_17
Preferred future solution would be to avoid using
sh
where possible to reduce the risk of shell escapes, but this should be good as an interim solution.