mirror of
https://git.mirrors.martin98.com/https://github.com/infiniflow/ragflow.git
synced 2025-06-30 01:05:10 +08:00
eaa1adb3b2
### What problem does this PR solve?
_Briefly describe what this PR aims to solve. Include background context
that will help reviewers understand the purpose of the PR._
This patch remove dangerous code that `may expand into
attacker-controllable code`
more:
```cli
error[template-injection]: code injection via template expansion
--> /Users/hyi/prs/ragflow/.github/workflows/tests.yml:35:9
|
35 | - name: Show PR labels
| ^^^^^^^^^^^^^^^^^^^^ this step
36 | run: |
| _________^
37 | | echo "Workflow triggered by ${{ github.event_name }}"
38 | | if [[ ${{ github.event_name }} == 'pull_request' ]]; then
39 | | echo "PR labels: ${{ join(github.event.pull_request.labels.*.name, ', ') }}"
40 | | fi
| |____________^ github.event.pull_request.labels.*.name may expand into attacker-controllable code
|
= note: audit confidence → High
```
using zizmor to check
https://woodruffw.github.io/zizmor/
but this patch do not fix them all, just remove high audit confidence →
High
### Type of change
- [ ] Bug Fix (non-breaking change which fixes an issue)
- [ ] New Feature (non-breaking change which adds functionality)
- [ ] Documentation Update
- [ ] Refactoring
- [ ] Performance Improvement
- [x] Other (please describe):
---------
Signed-off-by: yihong0618 <zouzou0208@gmail.com>
Co-authored-by: Zhichang Yu <yuzhichang@gmail.com>