fix: relax branch name validation in docs-analysis action

EdwardAngert · claude · EdwardAngert · commit 7e150f20545d · 2025-04-07T15:31:18.000-04:00
- Change from whitelist to blacklist validation approach - Allow more characters commonly used in branch names - Still maintain protection against command injection - Block only potentially dangerous characters 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/actions/docs-analysis/action.yml b/.github/actions/docs-analysis/action.yml
@@ -146,14 +146,14 @@ runs:
           echo "::warning::Documentation path '${{ inputs.docs-path }}' does not exist - some functions may not work correctly"
         fi
        
-        # Validate branch references with strict whitelist approach for better security
-        if [[ ! "${{ inputs.pr-ref }}" =~ ^[a-zA-Z0-9_\-\.\/]+$ ]]; then
-          echo "::error::Invalid characters in pr-ref - only alphanumeric, underscore, hyphen, dot, and forward slash are allowed"
+        # Validate branch references with security checks but allow more chars used in branch names
+        if [[ "${{ inputs.pr-ref }}" =~ [;&|'"'"`] ]]; then
+          echo "::error::Invalid characters in pr-ref - branch name contains potentially unsafe characters"
           exit 1
         fi
         
-        if [[ ! "${{ inputs.base-ref }}" =~ ^[a-zA-Z0-9_\-\.\/]+$ ]]; then
-          echo "::error::Invalid characters in base-ref - only alphanumeric, underscore, hyphen, dot, and forward slash are allowed"
+        if [[ "${{ inputs.base-ref }}" =~ [;&|'"'"`] ]]; then
+          echo "::error::Invalid characters in base-ref - branch name contains potentially unsafe characters"
           exit 1
         fi
         
