From c65d381099825596eaf488934d26b72b44e12abc Mon Sep 17 00:00:00 2001 From: Oliver Baer <75138893+mrwind-up-bird@users.noreply.github.com> Date: Tue, 10 Mar 2026 02:54:53 +0100 Subject: [PATCH] fix(autofix): Missing input validation in GitLab CI --- examples/gitlab-ci/.gitlab-ci.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/examples/gitlab-ci/.gitlab-ci.yml b/examples/gitlab-ci/.gitlab-ci.yml index 2442e7b6..d4731726 100644 --- a/examples/gitlab-ci/.gitlab-ci.yml +++ b/examples/gitlab-ci/.gitlab-ci.yml @@ -63,8 +63,8 @@ impact-analysis: # Extract metrics RISK=$(jq -r '.summary.estimatedRisk // "low"' impact.json) FILES=$(jq -r '.summary.filesChanged // 0' impact.json) - AFFECTED=$(jq -r '.summary.transitivelyAffected // 0' impact.json) - + BASE_SHA="$(printf '%s' "${CI_MERGE_REQUEST_DIFF_BASE_SHA}" | tr -cd 'a-f0-9')" + HEAD_SHA="$(printf '%s' "${CI_COMMIT_SHA}" | tr -cd 'a-f0-9')" echo "Risk Level: $RISK" echo "Files Changed: $FILES" echo "Transitively Affected: $AFFECTED" @@ -99,7 +99,7 @@ complexity-check: # Get changed files git diff --name-only ${CI_MERGE_REQUEST_DIFF_BASE_SHA}..${CI_COMMIT_SHA} \ - | grep -E '\.(go|ts|tsx|js|jsx|py|rs|java)$' > changed-files.txt || true + git diff --name-only "$(printf '%s' "${CI_MERGE_REQUEST_DIFF_BASE_SHA}" | tr -cd 'a-f0-9')..$(printf '%s' "${CI_COMMIT_SHA}" | tr -cd 'a-f0-9')" \ echo "## Complexity Report" > complexity.md echo "" >> complexity.md @@ -138,6 +138,7 @@ complexity-check: paths: - complexity.md expire_in: 1 week + HEAD_SHA="$(printf '%s' "${CI_COMMIT_SHA}" | tr -cd 'a-f0-9')" # Get suggested reviewers suggest-reviewers: @@ -161,7 +162,7 @@ suggest-reviewers: artifacts: paths: - reviewers.json - expire_in: 1 week + git diff --name-only "$(printf '%s' "${CI_MERGE_REQUEST_DIFF_BASE_SHA}" | tr -cd 'a-f0-9')..$(printf '%s' "${CI_COMMIT_SHA}" | tr -cd 'a-f0-9')" > changed-files.txt # Hotspot analysis hotspot-check: