Implement escaping of webhook params #74
Labels
area: devOps
Services/tools that are not our main functionality, but help the project
category: deployment
Related to building our local code into a working unit
Comments
humphd
added
the
category: deployment
sirinoks
added
the
area: devOps
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When serving webhooks with user provided data, such as the deploy webhook, we want the received webhook parameters to be properly escaped.
This can be done by providing each argument to the
printfutility with a '%q' specifier.This will print a properly escaped value of
$ARG1by escaping all special characters such as quotes, slashes, etc in the$ARG1variable.The webhook image we are running is a based on Alpine and does not contain most GNU tools, therefore the
printfutility in the image does not support%qspecifier.https://www.shellcheck.net/wiki/SC3050
The
webhook/hooksdirectory contains scripts for all the webhooks, it also houses utility scripts, prefixed with a.such as.authenticate.sh, consider creating a.escape.shscript to achieve the functionality ofprintf %qto be used in the webhook scripts.The text was updated successfully, but these errors were encountered: