Skip to content

feat(setup-sentry): Add toggle to setup sentry gha #104459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hubertdeng123 wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

feat(setup-sentry): Add toggle to setup sentry gha #104459

hubertdeng123 wants to merge 2 commits into from
+8 −0

Conversation

@hubertdeng123
Copy link
Member

@hubertdeng123 hubertdeng123 commented Dec 5, 2025

This allows us to easily ensure devservices does not bring up container for service in CI. Will be useful for snuba

@hubertdeng123 hubertdeng123 requested a review from a team as a code owner December 5, 2025 17:08
cursor[bot]
cursor bot reviewed Dec 5, 2025
View reviewed changes
.github/actions/setup-sentry/action.yml Outdated
if [ "${{ inputs.toggle }}" != "" ]; then
echo "Toggling off ${{ inputs.toggle }}"
devservices toggle ${{ inputs.toggle }}
Copy link
Contributor

@cursor cursor bot Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Unquoted shell variable allows command injection

The ${{ inputs.toggle }} value is directly interpolated into the shell command without quotes on line 132. If the toggle input contains special shell characters or malicious content (e.g., snuba; malicious-command), it could lead to command injection. While the input is quoted in the condition check on line 130, it's unquoted when passed to devservices toggle. Using an environment variable (like WORKDIR is handled) and quoting it would be safer.

Fix in Cursor Fix in Web

@hubertdeng123 hubertdeng123 mentioned this pull request Dec 5, 2025
Draft
joshuarli
joshuarli reviewed Dec 5, 2025
View reviewed changes
.github/actions/setup-sentry/action.yml
required: false
default: 'default'
toggle:
description: 'Dependency to toggle off '
Copy link
Member

@joshuarli joshuarli Dec 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't this be dependency to toggle to local to be explicit?

and then devservices toggle foo local

Copy link
Member Author

@hubertdeng123 hubertdeng123 Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, it should

@hubertdeng123 hubertdeng123 marked this pull request as draft December 5, 2025 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshuarli joshuarli joshuarli left review comments

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hubertdeng123 @joshuarli