rhysd · hugo-syn · Aug 3, 2023 · Aug 4, 2023 · Aug 4, 2023 · Aug 4, 2023
diff --git a/coverage.txt b/coverage.txt
diff --git a/expr_insecure.go b/expr_insecure.go
@@ -24,6 +24,10 @@ func (m *UntrustedInputMap) findObjectProp(name string) (*UntrustedInputMap, boo
 		if c, ok := m.Children[name]; ok {
 			return c, true
 		}
+		c, ok := m.Children["**"]
+		if name != "*" && ok {
+			return c, true
+		}
 	}
 	return nil, false
 }

diff --git a/expr_insecure_test.go b/expr_insecure_test.go
@@ -54,7 +54,7 @@ func TestExprInsecureBuiltinUntrustedInputs(t *testing.T) {
 	rec = func(m map[string]*UntrustedInputMap, path []string) {
 		for k, v := range m {
 			p := append(path, k)
-			if k == "*" {
+			if k == "*" || k == "**" {
 				if len(m) != 1 {
 					t.Errorf("%v has * key but it also has other keys in %v", k, p)
 				}

diff --git a/testdata/err/evaluated_template.out b/testdata/err/evaluated_template.out
@@ -1,4 +1,4 @@
 test.yaml:22:20: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type object [expression]
 test.yaml:22:38: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type {cache-hit: string} [expression]
 test.yaml:22:63: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type array<any> [expression]
-test.yaml:24:20: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type null [expression]
+test.yaml:24:20: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type null [expression]
diff --git a/testdata/examples/type_checks.out b/testdata/examples/type_checks.out
@@ -1,4 +1,4 @@
 test.yaml:7:28: property access of object must be type of string but got "number" [expression]
 test.yaml:9:24: property "os" is not defined in object type {id: string; network: string} [expression]
 test.yaml:11:24: receiver of object dereference "owner" must be type of object but got "string" [expression]
-test.yaml:13:20: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type {string => string} [expression]
+test.yaml:13:20: object, array, and null values should not be evaluated in template with ${{ }} but evaluating the value of type {string => string} [expression]
diff --git a/testdata/ok/issue-113.yaml b/testdata/ok/issue-113.yaml
@@ -7,4 +7,4 @@ jobs:
       - run: |
           if [[ -z ${{ env.FOO }} ]]; then
             echo "FOO is empty"
-          fi
+          fi