GH-200 - Secure and optimize automation - Section 5.2
Mitigate script injection by sanitising untrusted input, applying least-privilege permissions and avoiding untrusted data in run steps.
Mitigate script injection by sanitising untrusted input before use in run steps and applying least-privilege permissions on the GITHUB_TOKEN. Recognise which expression patterns allow attacker-controlled data to reach a shell and rewrite them safely.
script injectionuntrusted inputleast privilegerun step quoting
More in this domain
Back to all Secure and optimize automation objectives, or the GH-200 cert hub.
Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.