From adf452fd4e3ed99f408a5d46c6c80a24b660d359 Mon Sep 17 00:00:00 2001
From: FarhanAnjum-opti <farhan.anjum@optimizely.com>
Date: Mon, 23 Sep 2024 20:27:22 +0600
Subject: [PATCH 1/3] github actions yaml files vulnerable to script injections
 corrected

---
 .github/workflows/csharp_release.yml   |  7 +++----
 .github/workflows/integration_test.yml | 12 ++++++++----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/csharp_release.yml b/.github/workflows/csharp_release.yml
index 90e680a7..8f989fc6 100644
--- a/.github/workflows/csharp_release.yml
+++ b/.github/workflows/csharp_release.yml
@@ -15,8 +15,7 @@ jobs:
       - name: Set semantic version variable
         id: set_version
         run: |
-          TAG=${{ env.TAG }}
-          SEMANTIC_VERSION=$(echo "${TAG}" | grep -Po "(?<=^|[^0-9])([0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?(-[a-zA-Z]+[0-9]*)?)")
+          SEMANTIC_VERSION=$(echo "$TAG" | grep -Po "(?<=^|[^0-9])([0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?(-[a-zA-Z]+[0-9]*)?)")
           if [ -z "${SEMANTIC_VERSION}" ]; then
             echo "Tag did not start with a semantic version number (e.g., #.#.#; #.#.#.#; #.#.#.#-beta)"
             exit 1
@@ -25,10 +24,10 @@ jobs:
       - name: Output tag & semantic version
         id: outputs
         run: |
-          echo ${{ env.TAG }}
+          echo "$TAG"
           echo ${{ steps.set_version.outputs.semantic_version }}
     outputs:
-      tag: ${{ env.TAG }}
+      tag: $TAG
       semanticVersion: ${{ steps.set_version.outputs.semantic_version }}
   
   buildFrameworkVersions:
diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
index 423e2dfe..cf9a96b3 100644
--- a/.github/workflows/integration_test.yml
+++ b/.github/workflows/integration_test.yml
@@ -23,15 +23,19 @@ jobs:
         path: 'home/runner/travisci-tools'
         ref: 'master'
     - name: set SDK Branch if PR
+      env: 
+        HEAD_REF: ${{ github.head_ref }}
       if: ${{ github.event_name == 'pull_request' }}
       run: |
-        echo "SDK_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
-        echo "TRAVIS_BRANCH=${{ github.head_ref }}" >> $GITHUB_ENV
+        echo "SDK_BRANCH=$HEAD_REF" >> $GITHUB_ENV
+        echo "TRAVIS_BRANCH=$HEAD_REF" >> $GITHUB_ENV
     - name: set SDK Branch if not pull request
+      env:
+        REF_NAME: ${{ github.ref_name }}
       if: ${{ github.event_name != 'pull_request' }}
       run: |
-        echo "SDK_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
-        echo "TRAVIS_BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
+        echo "SDK_BRANCH=$REF_NAME" >> $GITHUB_ENV
+        echo "TRAVIS_BRANCH=$REF_NAME" >> $GITHUB_ENV
     - name: Trigger build
       env:
         SDK: csharp

From 8a426a8736cdcc8c2a5560cb6eeb87fed1f2e289 Mon Sep 17 00:00:00 2001
From: Mike Chu <michael.chu@optimizely.com>
Date: Mon, 23 Sep 2024 12:32:58 -0400
Subject: [PATCH 2/3] build: update NUnit.Console to 3.18.2

CI error similar to https://github.com/nunit/nunit3-vs-adapter/issues/1049
---
 .github/workflows/csharp.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/csharp.yml b/.github/workflows/csharp.yml
index f417b0e8..75e8fa20 100644
--- a/.github/workflows/csharp.yml
+++ b/.github/workflows/csharp.yml
@@ -48,9 +48,9 @@ jobs:
         run: msbuild /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=$(pwd)/keypair.snk /p:Configuration=Release ./OptimizelySDK.NETFramework.sln
       - name: Install & Run NUnit tests
         run: |
-          nuget install NUnit.Console -Version 3.15.2 -DirectDownload -OutputDirectory .
+          nuget install NUnit.Console -Version 3.18.2 -DirectDownload -OutputDirectory .
           # https://docs.nunit.org/articles/nunit/running-tests/Console-Command-Line.html
-          ./NUnit.ConsoleRunner.3.15.2\tools\nunit3-console.exe /timeout 10000 /process Separate ./OptimizelySDK.Tests/bin/Release/OptimizelySDK.Tests.dll
+          ./NUnit.ConsoleRunner.3.18.2\tools\nunit3-console.exe /timeout 10000 /process Separate ./OptimizelySDK.Tests/bin/Release/OptimizelySDK.Tests.dll
   
   netStandard16:
     name: Build Standard 1.6

From 64471cb1855aa236c7797c0a09a1c868b9247878 Mon Sep 17 00:00:00 2001
From: Mike Chu <michael.chu@optimizely.com>
Date: Mon, 23 Sep 2024 16:24:38 -0400
Subject: [PATCH 3/3] chore: downgrade to NUnit.Console 3.18.1

v3.18.2 introduced an incompatibility
---
 .github/workflows/csharp.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/csharp.yml b/.github/workflows/csharp.yml
index 75e8fa20..4303e0e2 100644
--- a/.github/workflows/csharp.yml
+++ b/.github/workflows/csharp.yml
@@ -48,9 +48,9 @@ jobs:
         run: msbuild /p:SignAssembly=true /p:AssemblyOriginatorKeyFile=$(pwd)/keypair.snk /p:Configuration=Release ./OptimizelySDK.NETFramework.sln
       - name: Install & Run NUnit tests
         run: |
-          nuget install NUnit.Console -Version 3.18.2 -DirectDownload -OutputDirectory .
+          nuget install NUnit.Console -Version 3.18.1 -DirectDownload -OutputDirectory .
           # https://docs.nunit.org/articles/nunit/running-tests/Console-Command-Line.html
-          ./NUnit.ConsoleRunner.3.18.2\tools\nunit3-console.exe /timeout 10000 /process Separate ./OptimizelySDK.Tests/bin/Release/OptimizelySDK.Tests.dll
+          ./NUnit.ConsoleRunner.3.18.1\tools\nunit3-console.exe /timeout 10000 /process Separate ./OptimizelySDK.Tests/bin/Release/OptimizelySDK.Tests.dll
   
   netStandard16:
     name: Build Standard 1.6