From 6ac98220e1c4c86ce283657e6105643c61a9eb9a Mon Sep 17 00:00:00 2001
From: Casper da Costa-Luis <casper.dcl@physics.org>
Date: Wed, 15 Sep 2021 14:29:24 +0100
Subject: [PATCH] docker: whitelist entrypoints (#716)

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index da8986800..99701f447 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -105,5 +105,5 @@ ENV IN_DOCKER=1
 # also works for GitLab CI/CD
 # https://gitlab.com/gitlab-org/gitlab-runner/-/blob/4c42e96/shells/bash.go#L18-37
 # https://gitlab.com/gitlab-org/gitlab-runner/-/blob/4c42e96/shells/bash.go#L288
-ENTRYPOINT ["/bin/bash", "-c", "which -- \"$0\" &>/dev/null && exec \"$0\" \"$@\" || exec cml \"$0\" \"$@\""]
+ENTRYPOINT ["/bin/bash", "-c", "echo \"$0\" | grep -qE '^(pr|publish|runner|send-(comment|github-check)|tensorboard-dev|--?\w.*)$' && exec cml \"$0\" \"$@\" || exec \"$0\" \"$@\""]
 CMD ["--help"]