Skip to content

Improve the security stance of the bump-version script #225

Description

@mcdonnnj

💡 Summary

We should improve the security of the Python code used in the bump-version script.

Motivation and context

In a downstream pull request Copilot was assigned to review and raised the following comments related to user input and the inline Python code used in the script:
cisagov/skeleton-aws-lambda-python#35 (comment)
cisagov/skeleton-aws-lambda-python#35 (comment)

If we were to automate usage of this script in GitHub Actions or leverage an LLM for automation it would be better to ensure the script has appropriate guard rails.

Implementation notes

Copilot's suggestions should be vettted for quality and fit.

Acceptance criteria

  • The inline Python code used in the bump-version script better protects against malicious user input

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions