From 14d13203b85cfeb41ddcd32034fa1b6bad9ad188 Mon Sep 17 00:00:00 2001
From: Victor Zagorodny <vzagorodny@gitlab.com>
Date: Mon, 29 Apr 2019 23:41:02 +0300
Subject: Make propagate_env_vars scan regex more secure

---
 lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml | 2 +-
 lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index d22d8844c7d..263221329ab 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -25,7 +25,7 @@ dependency_scanning:
         CURRENT_ENV=$(printenv)
 
         for VAR_NAME; do
-          echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME "
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
         done
       }
     - |
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
index bc3d9786cd8..f0152cd4537 100644
--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -25,7 +25,7 @@ sast:
         CURRENT_ENV=$(printenv)
 
         for VAR_NAME; do
-          echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME "
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
         done
       }
     - |
-- 
cgit v1.2.1