Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
302 views
in Technique[技术] by (71.8m points)

Editing variables in GitLab CI and ensuring they are safe

I have a multi-project pipeline in GitLab. The first project in the pipeline triggers a build of the second project.

At the moment the first project passes two variables to the next project - one variable holds the name of the project $CI_PROJECT_NAME and the other the URL of the project $CI_PROJECT_URL. these are both required in the second project.

In the second project I require the $CI_PROJECT_URL variable to perform

git clone https://oauth2:$ACCESS_TOKEN@${CI_PROJECT_URL}

So my first question is: how do I go about removing the https:// at the start of CI_PROJECT_URL? It doesn't work with the https://, though it does if I hardcode the url without it. A simple question I'm sure, though I just cannot figure it out!

My second question. I need to check both $CI_PROJECT_NAME and $CI_PROJECT_URL for anything malicious, such as new lines, additional commands, etc, added after the variable declaration in the first project. For reference the $CI_PROJECT_URL will look like this, albeit with a different project name and username: https://projects.dep.place.co.uk/username/project_1. What would the recommended approach to this problem be?

I was also trying to find out if it was possible to simply access the project url that triggered the build of the second project from the second project. If that was possible it would bypass this issue altogether. Is this possible in any way?

Thanks for any help.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...