Fix shell injection vulnerability in test-powershell-module.yml workflow

[fix-it-felix-sentry]

Summary

This PR fixes a high-severity shell injection vulnerability in the GitHub Actions workflow file .github/workflows/test-powershell-module.yml.

Changes

Replaced direct interpolation of ${{ inputs.* }} expressions in run: steps with environment variables to prevent potential code injection attacks. This follows GitHub's security best practices for handling untrusted input in workflows.

Vulnerable code pattern (before):

run: |
  Write-Host "Running tests for ${{ inputs.module-name }} module..."

Fixed code pattern (after):

env:
  MODULE_NAME: ${{ inputs.module-name }}
run: |
  Write-Host "Running tests for $env:MODULE_NAME module..."

Security Impact

The previous implementation was vulnerable to shell injection attacks where malicious input could execute arbitrary code in the GitHub Actions runner. This could potentially:

• Steal secrets and credentials
• Modify code or workflow results
• Compromise the CI/CD pipeline

References

• Parent ticket: https://linear.app/getsentry/issue/VULN-1092
• Child ticket: https://linear.app/getsentry/issue/GDX-418
• GitHub Actions Security Hardening
• GitHub Security Lab Research
• Semgrep Rule

[linear]

VULN-1092 Command Injection vulnerabilities in getsentry/app-runner in 4 locations

GDX-418 Command Injection vulnerabilities in getsentry/app-runner in 4 locations