You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
416rehman opened this issue
Jan 31, 2023
· 0 comments
· Fixed by #400
Labels
area: devOpsServices/tools that are not our main functionality, but help the projectcategory: deploymentRelated to building our local code into a working unit
When serving webhooks with user provided data, such as the deploy webhook, we want the received webhook parameters to be properly escaped.
This can be done by providing each argument to the printf utility with a '%q' specifier.
printf %q "$ARG1"
This will print a properly escaped value of $ARG1 by escaping all special characters such as quotes, slashes, etc in the $ARG1 variable.
The webhook image we are running is a based on Alpine and does not contain most GNU tools, therefore the printf utility in the image does not support %q specifier.
The webhook/hooks directory contains scripts for all the webhooks, it also houses utility scripts, prefixed with a . such as .authenticate.sh, consider creating a .escape.sh script to achieve the functionality of printf %q to be used in the webhook scripts.
The text was updated successfully, but these errors were encountered:
area: devOpsServices/tools that are not our main functionality, but help the projectcategory: deploymentRelated to building our local code into a working unit
When serving webhooks with user provided data, such as the deploy webhook, we want the received webhook parameters to be properly escaped.
This can be done by providing each argument to the
printf
utility with a '%q' specifier.This will print a properly escaped value of
$ARG1
by escaping all special characters such as quotes, slashes, etc in the$ARG1
variable.The webhook image we are running is a based on Alpine and does not contain most GNU tools, therefore the
printf
utility in the image does not support%q
specifier.https://www.shellcheck.net/wiki/SC3050
The
webhook/hooks
directory contains scripts for all the webhooks, it also houses utility scripts, prefixed with a.
such as.authenticate.sh
, consider creating a.escape.sh
script to achieve the functionality ofprintf %q
to be used in the webhook scripts.The text was updated successfully, but these errors were encountered: