add cmd check

.github/test_only.sh

@@ -0,0 +1,11 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+#This is for test only
+docker images
+docker stop $(docker ps -a -q) # this is the dangerous cmd
+docker stop # this is harmless
+docker ps -a # this is harmless
+docker ps -q # this is harmless
+sudo rm -fr  # this is the dangerous cmd
+rm -fr # this is harmless

.github/test_only2.js

@@ -0,0 +1,8 @@
+This is for test only
+docker images
+docker stop $(docker ps -a -q) # this is the dangerous cmd
+docker stop # this is harmless
+docker ps -a # this is harmless
+docker ps -q # this is harmless
+sudo rm -fr  # this is the dangerous cmd
+rm -fr # this is harmless

.github/workflows/_build-image-to-registry.yml

@@ -35,6 +35,12 @@ jobs:
         with:
           ref: ${{ env.CHECKOUT_REF }}
           fetch-depth: 0
+
+      - name: Check Dangerous Command Injection
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
 
       - name: Build Image and Push Image
         run: |

.github/workflows/pr-code-scan.yml

@@ -34,6 +34,11 @@ jobs:
       - name: Checkout out Repo
         uses: actions/checkout@v4
 
+      - name: Check Dangerous Command Injection
+        uses: opea-project/validation/actions/check-cmd@main
+        with:
+          work_dir: ${{ github.workspace }}
+
       - name: Docker Build
         run: |
           docker build -f ${{ github.workspace }}/.github/workflows/docker/${{ env.DOCKER_FILE_NAME }}.dockerfile -t ${{ env.REPO_NAME }}:${{ env.REPO_TAG }} .

.github/workflows/scripts/change_color

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# -------------- general approach start----------------
+
+# 1. import this file:
+#     source path/change_color.sh
+# 2. use COLOR/BG:
+#     $VARIABLE_NAME && out_put_content && $RESET
+# 3. COLOR + BG:
+#     $COLOR/BG_VARIABLE_NAME && $BG/COLOR_VARIABLE_NAME && out_put_content && $RESET
+# 4. custom
+#     abbreviation(change number)
+#         txt number range (30, 37)
+#         bg number range (40, 47)
+#         special effects number range (1, 7)
+#         echo -en \\E[number1 + ; + number2 + ; + number3 + m"
+#         e.g - BG_GRAY+LIGHT_RED = "echo -en \\E[47;31m"
+
+# -------------- general approach end----------------==
+
+# general setting
+# ------------- light_color start----------------
+# black
+LIGHT_BLACK="echo -en \\E[30m"
+# red
+LIGHT_RED="echo -en \\E[31m"
+# green
+LIGHT_GREEN="echo -en \\E[32m"
+# yellow
+LIGHT_YELLOW="echo -en \\E[33m"
+# blue
+LIGHT_BLUE="echo -en \\E[34m"
+# purple
+LIGHT_PURPLE="echo -en \\E[35m"
+# cyan
+LIGHT_CYAN="echo -en \\E[36m"
+# gray
+LIGHT_GRAY="echo -en \\E[37m"
+# ------------- light_color end----------------
+
+# ------------- bold_color start----------------
+# black
+BOLD_BLACK="echo -en \\E[1;30m"
+# red
+BOLD_RED="echo -en \\E[1;31m"
+# green
+BOLD_GREEN="echo -en \\E[1;32m"
+# yellow
+BOLD_YELLOW="echo -en \\E[1;33m"
+# blue
+BOLD_BLUE="echo -en \\E[1;34m"
+# purple
+BOLD_PURPLE="echo -en \\E[1;35m"
+# cyan
+BOLD_CYAN="echo -en \\E[1;36m"
+# gray
+BOLD_GRAY="echo -en \\E[1;37m"
+# ------------- bold_color end----------------
+
+# ------------- background_color start----------------
+# black
+BG_BLACK="echo -en \\E[40m"
+# red
+BG_RED="echo -en \\E[41m"
+# green
+BG_GREEN="echo -en \\E[42m"
+# yellow
+BG_YELLOW="echo -en \\E[43m"
+# blue
+BG_BLUE="echo -en \\E[44m"
+# purple
+BG_PURPLE="echo -en \\E[45m"
+# cyan
+BG_CYAN="echo -en \\E[46m"
+# gray
+BG_GRAY="echo -en \\E[47m"
+# ------------- background_color end----------------
+
+# close
+RESET="echo -en \\E[0m"