Potential fix for code scanning alert no. 1440: Code injection (#162764)
Fix for:
https://github.com/llvm/llvm-project/security/code-scanning/1440
This fix was automatically generated by Copilot Autofix for CodeQL. See
https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning
for more info.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
diff --git a/.github/workflows/libcxx-run-benchmarks.yml b/.github/workflows/libcxx-run-benchmarks.yml
index 0379a0a..9e8f558 100644
--- a/.github/workflows/libcxx-run-benchmarks.yml
+++ b/.github/workflows/libcxx-run-benchmarks.yml
@@ -64,17 +64,21 @@
path: repo # Avoid nuking the workspace, where we have the Python virtualenv
- name: Run baseline
+ env:
+ BENCHMARKS: ${{ steps.vars.outputs.benchmarks }}
run: |
source .venv/bin/activate && cd repo
python -m pip install -r libcxx/utils/requirements.txt
baseline_commit=$(git merge-base ${{ steps.vars.outputs.pr_base }} ${{ steps.vars.outputs.pr_head }})
- ./libcxx/utils/test-at-commit --commit ${baseline_commit} -B build/baseline -- -sv -j1 --param optimization=speed ${{ steps.vars.outputs.benchmarks }}
+ ./libcxx/utils/test-at-commit --commit ${baseline_commit} -B build/baseline -- -sv -j1 --param optimization=speed "$BENCHMARKS"
./libcxx/utils/consolidate-benchmarks build/baseline | tee baseline.lnt
- name: Run candidate
+ env:
+ BENCHMARKS: ${{ steps.vars.outputs.benchmarks }}
run: |
source .venv/bin/activate && cd repo
- ./libcxx/utils/test-at-commit --commit ${{ steps.vars.outputs.pr_head }} -B build/candidate -- -sv -j1 --param optimization=speed ${{ steps.vars.outputs.benchmarks }}
+ ./libcxx/utils/test-at-commit --commit ${{ steps.vars.outputs.pr_head }} -B build/candidate -- -sv -j1 --param optimization=speed "$BENCHMARKS"
./libcxx/utils/consolidate-benchmarks build/candidate | tee candidate.lnt
- name: Compare baseline and candidate runs
