Add validation for language-matrix input to prevent invalid JSON

Copilot · greenc-FNAL · Copilot · commit 77358e71c81d · 2026-02-13T16:18:43.000Z
Co-authored-by: greenc-FNAL &lt;2372949+greenc-FNAL@users.noreply.github.com&gt;
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -228,6 +228,11 @@ jobs:
           # If detection was skipped, use all languages or the provided language-matrix
           if [ "${{ needs.pre-check.outputs.skip_detection }}" = "true" ]; then
             if [ "${{ github.event_name }}" = "workflow_call" ] && [ -n "${{ inputs.language-matrix }}" ]; then
+              # Validate that language-matrix is valid JSON
+              if ! echo '${{ inputs.language-matrix }}' | python3 -c "import sys, json; json.load(sys.stdin)" 2>/dev/null; then
+                echo "::error::Invalid language-matrix input: must be valid JSON array"
+                exit 1
+              fi
               echo "languages=${{ inputs.language-matrix }}" >> "$GITHUB_OUTPUT"
             else
               echo 'languages=["cpp", "python", "actions"]' >> "$GITHUB_OUTPUT"
