Skip to content

Commit

Permalink
防止注入
Browse files Browse the repository at this point in the history
  • Loading branch information
@xqy2006
xqy2006 committed Jan 6, 2025
1 parent a786d32 commit 31f2c03
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/judge.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,17 @@ jobs:
PRIVATE_KEY: ${{ secrets.RSA_PRIVATE_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_CREATOR: ${{ github.event.issue.user.login }}
BODY: ${{ github.event.issue.body }}
TITLE: ${{ github.event.issue.title }}
run: |
# 解析题目名称
PROBLEM_NAME=$(echo "${{ github.event.issue.title }}" | sed 's/评测//')
PROBLEM_NAME=$(echo "$TITLE" | sed 's/评测//')
# 保存私钥
echo "$PRIVATE_KEY" > private.pem
# 解密提交的代码
echo "${{ github.event.issue.body }}" | base64 -d > encrypted_code
echo "$BODY" | base64 -d > encrypted_code
python3 -c "
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/submit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,16 @@ jobs:
env:
PRIVATE_KEY: ${{ secrets.RSA_PRIVATE_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BODY: ${{ github.event.issue.body }}
TITLE: ${{ github.event.issue.title }}
run: |
# 保存私钥
echo "$PRIVATE_KEY" > private.pem
FILE_URL=$(echo "${{ github.event.issue.body }}" | grep -oP 'https?://\S+')
FILE_URL=$(echo "$BODY" | grep -oP 'https?://\S+')
curl -L $FILE_URL -o b64
base64 -d b64 > encrypted_content
# 解密issue内容
# echo "${{ github.event.issue.body }}" | base64 -d > encrypted_content
# echo "$BODY" | base64 -d > encrypted_content
python3 - <<'EOF'
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
Expand Down

0 comments on commit 31f2c03

Please sign in to comment.