gitea_admin

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Unquoted variable substitution could lead to command injection.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Potential command injection vulnerability when using yq with user-controlled cluster config.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Unquoted variable substitution could lead to command injection.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Unquoted variable substitution could lead to command injection.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Potential command injection vulnerability when using yq with user-controlled cluster config.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Potential command injection vulnerability when using yq with user-controlled cluster config.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:37 +00:00

feature/tofu

Unquoted variable substitution could lead to command injection.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Command substitution with 'tofu output' could fail silently; add error handling or validation for the fallback values.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Command substitution with 'tofu output' could fail silently; add error handling or validation for the fallback values.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Command substitution with 'tofu output' could fail silently; add error handling or validation for the fallback values.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:35 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:30 +00:00

feature/tofu

Inline review

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:30 +00:00

feature/tofu

Using exec with user-provided arguments ($@) before --destroy creates a command injection risk if malicious arguments are passed.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:29 +00:00

feature/tofu

Authentication credentials should be explicitly documented or validated to ensure they're properly set via environment variables.

gitea_admin commented on pull request Forte/launchpad#15

2026-04-28 06:52:29 +00:00

feature/tofu

Inline review