good bot

JonZeolla · JonZeolla · commit 28b209b8c813 · 2025-07-16T13:44:28.000-04:00
diff --git a/scripts/scan_workflow_logs.sh b/scripts/scan_workflow_logs.sh
@@ -79,15 +79,18 @@ find . -type f -name "*.txt" | while IFS= read -r logfile; do
     line_num=$(echo "$line" | cut -d: -f2)
     content=$(echo "$line" | cut -d: -f3-)
 
+    # Sanitize content to prevent command injection and log poisoning
+    sanitized_content=$(echo "$content" | tr -d '\n\r' | head -c 200)
+
     # Determine the type of issue and output both annotation and count
     if echo "$content" | grep -qiE '\berror\b'; then
-      echo "::error file=$job_name,line=$line_num::$content"
+      echo "::error file=$job_name,line=$line_num::$sanitized_content"
       echo "error" >> "$results_file"
     elif echo "$content" | grep -qiE '\bwarning:'; then
-      echo "::warning file=$job_name,line=$line_num::$content"
+      echo "::warning file=$job_name,line=$line_num::$sanitized_content"
       echo "warning" >> "$results_file"
     elif echo "$content" | grep -qiE '\bdeprecated\b'; then
-      echo "::warning file=$job_name,line=$line_num::$content"
+      echo "::warning file=$job_name,line=$line_num::$sanitized_content"
       echo "deprecated" >> "$results_file"
     fi
   done < <(grep -niE '(\berror\b|warning:|deprecated)' "$logfile" 2>/dev/null || true)
diff --git a/{{cookiecutter.project_name|replace(" ", "")}}/scripts/scan_ b/{{cookiecutter.project_name|replace(" ", "")}}/scripts/scan_
diff --git a/{{cookiecutter.project_name|replace(" ", "")}}/scripts/scan_workflow_logs.sh b/{{cookiecutter.project_name|replace(" ", "")}}/scripts/scan_workflow_logs.sh
@@ -79,15 +79,18 @@ find . -type f -name "*.txt" | while IFS= read -r logfile; do
     line_num=$(echo "$line" | cut -d: -f2)
     content=$(echo "$line" | cut -d: -f3-)
 
+    # Sanitize content to prevent command injection and log poisoning
+    sanitized_content=$(echo "$content" | tr -d '\n\r' | head -c 200)
+
     # Determine the type of issue and output both annotation and count
     if echo "$content" | grep -qiE '\berror\b'; then
-      echo "::error file=$job_name,line=$line_num::$content"
+      echo "::error file=$job_name,line=$line_num::$sanitized_content"
       echo "error" >> "$results_file"
     elif echo "$content" | grep -qiE '\bwarning:'; then
-      echo "::warning file=$job_name,line=$line_num::$content"
+      echo "::warning file=$job_name,line=$line_num::$sanitized_content"
       echo "warning" >> "$results_file"
     elif echo "$content" | grep -qiE '\bdeprecated\b'; then
-      echo "::warning file=$job_name,line=$line_num::$content"
+      echo "::warning file=$job_name,line=$line_num::$sanitized_content"
       echo "deprecated" >> "$results_file"
     fi
   done < <(grep -niE '(\berror\b|warning:|deprecated)' "$logfile" 2>/dev/null || true)
