Skip to content

Commit

Permalink
fix: ai fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@thomasrockhu-codecov
thomasrockhu-codecov committed Nov 15, 2024
1 parent 23d74e4 commit 7458bec
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,13 +180,14 @@ runs:
shell: bash
run: |
CC_BRANCH="${{ inputs.override_branch }}"
PR_HEAD_LABEL="${{ github.event.pull_request.head.label }}"
is_Fork=$("${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}")
if [ -z "$CC_BRANCH" ] && [ -z "$CODECOV_TOKEN" ] && [ "$is_fork" == "true" ];
then
echo -e "\033[0;32m==>\033[0m Fork detected, tokenless uploading used"
TOKENLESS="${{ github.event.pull_request.head.label }}"
CC_BRANCH="${{ github.event.pull_request.head.label }}"
TOKENLESS="$PR_HEAD_LABEL"
CC_BRANCH="$PR_HEAD_LABEL"
echo "TOKENLESS=$TOKENLESS" >> $GITHUB_ENV
echo "CC_BRANCH=$CC_BRANCH" >> $GITHUB_ENV
fi

Check failure

Code scanning / CodeQL

Expression injection in Actions Critical

Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user.
Expand Down

0 comments on commit 7458bec

Please sign in to comment.