Harden ADR workflow against issue-title command injection#2274
Open
arpitjain099 wants to merge 1 commit into
Open
Harden ADR workflow against issue-title command injection#2274arpitjain099 wants to merge 1 commit into
arpitjain099 wants to merge 1 commit into
Conversation
The "ADR accepted" workflow runs on the `issues` (closed) event and
interpolates `github.event.issue.title` directly into `run:` shell scripts
(the `printf` slug step and the `git commit -m` step). Because GitHub Actions
substitutes `${{ ... }}` into the script text before the shell runs, an issue
title containing shell metacharacters is evaluated by bash. The job checks out
the repo with an SSH deploy key and auto-merges the resulting PR, so the value
runs in a context that has write access.
This passes the title through an `ISSUE_TITLE` environment variable and
references it as `"$ISSUE_TITLE"`, which the shell treats as data rather than
re-evaluating. This is the pattern GitHub documents for untrusted run-step
expressions (actions/expression-injection).
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi folks. I work on software supply chain security and have been reviewing GitHub Actions workflows across federal and public-sector repositories for untrusted-input handling. This is a small hardening change to
adr-accepted.yml.The workflow triggers on
issues(closed) and usesgithub.event.issue.titleinside tworun:steps: theprintfthat builds the slug, and thegit commit -mline. Actions expands${{ ... }}into the script body before bash executes it, so a closed issue whose title contains backticks or$(...)would have that text run as a shell command. The job checks out the repo withSSH_PRIVATE_KEYand auto-merges the generated PR, so the title is evaluated in a context that can write to the repository.The fix moves the title into an
ISSUE_TITLEenvironment variable and references"$ISSUE_TITLE"in the scripts. Environment values are not re-parsed by the shell, so the title is treated strictly as data. This is the approach GitHub recommends for theactions/expression-injectionweakness. No behavior changes for normal ADR titles.I left the
write-file-actioninputs alone since those are action inputs written into a markdown file that a human reviews before merge, not shell. Happy to adjust naming or split this further if you prefer.