diff options
| author | Victor Zagorodny <vzagorodny@gitlab.com> | 2019-04-29 23:41:02 +0300 |
|---|---|---|
| committer | Victor Zagorodny <vzagorodny@gitlab.com> | 2019-05-01 12:29:24 +0300 |
| commit | 14d13203b85cfeb41ddcd32034fa1b6bad9ad188 (patch) | |
| tree | 4f060898d9edb637f6405a273390ac5e62c2197f | |
| parent | 33de200a02bc00c3ad55184f5b90d51f6e93ab16 (diff) | |
| download | gitlab-ce-10694-propagate-env-vars-only-if-set-ce.tar.gz | |
Make propagate_env_vars scan regex more secure10694-propagate-env-vars-only-if-set-ce
| -rw-r--r-- | lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml | 2 | ||||
| -rw-r--r-- | lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml index d22d8844c7d..263221329ab 100644 --- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml @@ -25,7 +25,7 @@ dependency_scanning: CURRENT_ENV=$(printenv) for VAR_NAME; do - echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME " + echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME " done } - | diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index bc3d9786cd8..f0152cd4537 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -25,7 +25,7 @@ sast: CURRENT_ENV=$(printenv) for VAR_NAME; do - echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME " + echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME " done } - | |