22713299226
49%
main: 50%

Ran 05 Mar 2026 10:22AM UTC

Jobs 1

Files 36

Run time 1min

Badge

Embed ▾

Committed 05 Mar 2026 10:19AM UTC coverage: 48.918% (+0.1%) from 48.816%

Build # 22713299226

Build Type

push

github

Committed by

ArangoGutierrez

Commit Message

fix(templates): address security review findings in custom template executor (#565)

- B1: Use single-quote shell quoting (shellQuote) for env var values to
  prevent command substitution injection via $(...)
- B2: Validate env var keys match ^[a-zA-Z_][a-zA-Z0-9_]*$ to prevent
  key injection
- R1: Move || true outside holodeck_log string so it acts as a shell
  operator, not part of the log message
- R2: Sanitize template name/phase before shell interpolation using
  sanitizeName() which strips non-alphanumeric characters
- N1: Detect 10MB URL response truncation instead of silently truncating
- N2: Update ContinueOnError test assertion to match corrected output

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Run Details

21 of 25 new or added lines in 1 file covered. (84.0%)

2735 of 5591 relevant lines covered (48.92%)

0.55 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
4	75.0	1.44%	pkg/provisioner/templates/custom.go

Jobs

ID	Job ID	Ran	Files	Coverage
1	22713299226.1	05 Mar 2026 10:22AM UTC	36	48.92	GitHub Action Run

NVIDIA / holodeck / 22713299226
49%
main: 50%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 22713299226

NVIDIA / holodeck / 22713299226 49% main: 50%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Jobs

Source Files on build 22713299226

NVIDIA / holodeck / 22713299226
49%
main: 50%

README BADGES
x