Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Add nil check before accessing a step's uses value. #2935

Merged
merged 1 commit into from
May 2, 2023

Conversation

spencerschrock
Copy link
Member

What kind of change does this PR introduce?

bug fix

What is the current behavior?

A workflow step with env or with set, but without a uses field causes the SAST check to panic.
https://github.com/nl-design-system/denhaag/blob/329158ae47a4bfafb424741b2699f8c254ffd671/.github/workflows/cicd.yml#L103-L112

What is the new behavior (if this is a feature change)?**

We check for nil pointers before deref

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

Signed-off-by: Spencer Schrock <sschrock@google.com>
@codecov
Copy link

codecov bot commented May 2, 2023

Codecov Report

Merging #2935 (4eef88c) into main (72e6977) will increase coverage by 1.86%.
The diff coverage is 0.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2935      +/-   ##
==========================================
+ Coverage   52.67%   54.54%   +1.86%     
==========================================
  Files         158      158              
  Lines       12066    12066              
==========================================
+ Hits         6356     6581     +225     
+ Misses       5339     5104     -235     
- Partials      371      381      +10     

@spencerschrock spencerschrock merged commit 700faf1 into ossf:main May 2, 2023
@spencerschrock spencerschrock deleted the fix/sast-panic branch May 2, 2023 18:32
raghavkaul pushed a commit to raghavkaul/scorecard that referenced this pull request May 3, 2023
Signed-off-by: Spencer Schrock <sschrock@google.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request May 29, 2023
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants