prisma-risk / tsoracle / 26435223560
95%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 88
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 95.462%. Remained the same
26435223560

push

github

web-flow 
fix(ci): validate tag_suffix and pass version via env to block shell injection (#476)

The release-images workflow added a workflow_dispatch input tag_suffix
in commit a321970 that flowed unvalidated into the version job output
(v=0.0.0-${SUFFIX}) and was then interpolated directly into shell
assignments (V=${{ needs.version.outputs.v }}) in the build-image and
manifest jobs after docker/login-action authenticated to GHCR. Because
GitHub expression substitution happens before the shell parses the run
script, a suffix like `x; cmd #` or `x$(cmd)` became executable shell
syntax in jobs with packages:write — arbitrary command execution with
the registry credentials needed to tamper with published tsoracle
container images.

Two-layer fix:

1. Allowlist the suffix at the source. The version job now rejects any
   tag_suffix that does not match ^[A-Za-z0-9_.-]+$ (the Docker tag
   charset, which is the natural fit since the value is appended to
   0.0.0- and used as a container tag). The workflow fails loudly at
   the version step before any GHCR login.

2. Pass the resolved version into downstream jobs via `env: V:` instead
   of inlining ${{ needs.version.outputs.v }} into the run script. The
   value lands in an environment variable that the shell reads as data,
   not source code, so even if a future contributor adds a new
   suffix-producing branch in the version step and forgets to
   validate, the sinks cannot execute it.

The same `env: V:` indirection is applied to the chart job for
defense-in-depth. That job is gated on tag-push and not reachable from
workflow_dispatch, but the parallel sink (V=${{ needs.version.outputs.v }})
was fed by ${GITHUB_REF_NAME#tsoracle-v}, and git tag names are
permissive enough to contain shell metacharacters — closing it here
costs nothing.

Verified with a local shell PoC that the patched version step rejects
both `x; touch /tmp/marker #` and `x$(touch /tmp/marker)` with exit 1
and produces no marker file, while ac... (continued)

12979 of 13596 relevant lines covered (95.46%)

366958.38 hits per line

Jobs
ID Job ID Ran Files Coverage
1 26435223560.1 88
95.46
 GitHub Action Run
Source Files on build 26435223560