opea-project · VincyZhang · Dec 5, 2024 · Nov 29, 2024 · Nov 29, 2024 · Nov 29, 2024
diff --git a/.github/test_only.sh b/.github/test_only.sh
@@ -0,0 +1,11 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+#This is for test only
+docker images
+docker stop $(docker ps -a -q) # this is the dangerous cmd
+docker stop # this is harmless
+docker ps -a # this is harmless
+docker ps -q # this is harmless
+sudo rm -fr  # this is the dangerous cmd
+rm -fr # this is harmless
@@ -35,6 +35,11 @@ jobs:
       - name: Checkout out Repo
         uses: actions/checkout@v4
 
+      - name: Check Dangerous Command Injection
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+
       - name: Docker Build
         run: |
           docker build -f ${{ github.workspace }}/.github/workflows/docker/${{ env.DOCKER_FILE_NAME }}.dockerfile -t ${{ env.REPO_NAME }}:${{ env.REPO_TAG }} .

@@ -50,6 +50,13 @@ jobs:
         with:
           submodules: "recursive"
           fetch-tags: true
+
+      - name: Check Dangerous Command Injection
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+
     # We need this because GitHub needs to clone the branch to pipeline
       - name: Docker Build
         run: |