Skip to content

fix(ci): harden release workflow inputs#1684

Open
gilescope wants to merge 1 commit into
mainfrom
codex/fix-shell-injection-vulnerability-in-workflow
Open

fix(ci): harden release workflow inputs#1684
gilescope wants to merge 1 commit into
mainfrom
codex/fix-shell-injection-vulnerability-in-workflow

Conversation

@gilescope

Copy link
Copy Markdown
Contributor

Motivation

  • A user-controlled runtime-tag-release / suffix value was being interpolated directly into run: shell blocks, allowing shell metacharacters to be expanded before the shell runs and enabling command injection in privileged release jobs.
  • The goal is to eliminate pre-shell expression interpolation and validate inputs so only safe characters are used for generated filenames and tags.

Description

  • Add allowlist validation for the top-level suffix in .github/workflows/release-image.yml and for runtime-tag-release in .github/workflows/srtool-build.yml to permit only letters, numbers, dots, underscores, and hyphens.
  • Stop embedding ${{ ... }} expressions directly inside run: scripts by exporting derived srtool WASM filenames into environment variables (WASM_FILE, COMPACT_WASM_FILE, COMPRESSED_WASM_FILE) and then referencing those shell variables inside the run: blocks.
  • Move matrix.platform usages into env: PLATFORM: ${{ matrix.platform }} and use $PLATFORM inside run: blocks so no ${{ ... }} expressions appear in shell scripts.
  • Update checksum generation, artifact upload, and related steps to use the safe environment variables and preserve existing attestation/upload functionality.

Testing

  • Parsed both modified workflows with Ruby YAML (YAML.load_file) to ensure syntactic validity, which succeeded.
  • Ran a Python run-block scanner that verifies no ${{ ... }} GitHub expressions remain inside run: blocks for the touched workflows, which succeeded.
  • Executed a Bash regex unit check confirming allowed example suffixes/tags are accepted and malicious payloads with shell metacharacters are rejected, which succeeded.
  • Ran git diff --check to ensure no whitespace or diff issues, which succeeded, and noted actionlint was not available in the environment so full linting could not be run locally.

Codex Task

Signed-off-by: Giles Cope <gilescope@gmail.com>
@gilescope gilescope force-pushed the codex/fix-shell-injection-vulnerability-in-workflow branch from 6bc4ea2 to ae28755 Compare June 11, 2026 16:57
@gilescope gilescope added skip-changes-check-all ai-assisted Created or modified with AI assistance labels Jun 11, 2026
@gilescope gilescope enabled auto-merge June 12, 2026 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aardvark ai-assisted Created or modified with AI assistance codex skip-changes-check-all

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants