Skip to content

Commit d8d8a07

Browse files
author
XananasX7
committed
fix(security): prevent prompt injection and pin Actions to SHAs
1. Prompt injection in gemini-invoke.yml and gemini-review.yml (HIGH) TITLE/DESCRIPTION/ISSUE_TITLE/ISSUE_BODY from GitHub events passed directly as env vars to gemini-cli agent with issues:write and pull-requests:write permissions. Removed - agent must use ISSUE_NUMBER to fetch content via the GitHub API instead. 2. Tag-pinned actions across all workflows (MEDIUM) Pinned actions/checkout and actions/setup-python to commit SHAs.
1 parent 396da17 commit d8d8a07

8 files changed

Lines changed: 13 additions & 12 deletions

File tree

.github/workflows/gemini-invoke.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,9 @@ jobs:
4444
id: 'run_gemini'
4545
uses: 'google-github-actions/run-gemini-cli@v0' # ratchet:exclude
4646
env:
47-
TITLE: '${{ github.event.pull_request.title || github.event.issue.title }}'
48-
DESCRIPTION: '${{ github.event.pull_request.body || github.event.issue.body }}'
47+
# TITLE and DESCRIPTION intentionally omitted: passing raw GitHub event
48+
# content as env vars is a prompt-injection vector. The agent should
49+
# fetch PR/issue content via the GitHub API using ISSUE_NUMBER.
4950
EVENT_NAME: '${{ github.event_name }}'
5051
GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
5152
IS_PULL_REQUEST: '${{ !!github.event.pull_request }}'

.github/workflows/gemini-review.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,8 @@ jobs:
4646
id: 'gemini_pr_review'
4747
env:
4848
GITHUB_TOKEN: '${{ steps.mint_identity_token.outputs.token || secrets.GITHUB_TOKEN || github.token }}'
49-
ISSUE_TITLE: '${{ github.event.pull_request.title || github.event.issue.title }}'
50-
ISSUE_BODY: '${{ github.event.pull_request.body || github.event.issue.body }}'
49+
# ISSUE_TITLE and ISSUE_BODY intentionally omitted: prompt-injection vector.
50+
# Agent must fetch content via GitHub API using PULL_REQUEST_NUMBER.
5151
PULL_REQUEST_NUMBER: '${{ github.event.pull_request.number || github.event.issue.number }}'
5252
REPOSITORY: '${{ github.repository }}'
5353
ADDITIONAL_CONTEXT: '${{ inputs.additional_context }}'

.github/workflows/release-cherry-pick.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
cherry-pick:
1919
runs-on: ubuntu-latest
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2222
with:
2323
ref: release/candidate
2424
fetch-depth: 0

.github/workflows/release-cut.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
cut-release:
1919
runs-on: ubuntu-latest
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2222
with:
2323
ref: ${{ inputs.commit_sha || 'main' }}
2424

.github/workflows/release-finalize.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
echo "is_release_pr=false" >> $GITHUB_OUTPUT
3030
fi
3131
32-
- uses: actions/checkout@v4
32+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3333
if: steps.check.outputs.is_release_pr == 'true'
3434
with:
3535
ref: release/candidate

.github/workflows/release-please.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
echo "exists=false" >> $GITHUB_OUTPUT
3131
fi
3232
33-
- uses: actions/checkout@v4
33+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3434
if: steps.check.outputs.exists == 'true'
3535
with:
3636
ref: release/candidate

.github/workflows/release-publish.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,15 +28,15 @@ jobs:
2828
echo "version=$VERSION" >> $GITHUB_OUTPUT
2929
echo "Publishing version: $VERSION"
3030
31-
- uses: actions/checkout@v4
31+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3232

3333
- name: Install uv
3434
uses: astral-sh/setup-uv@v4
3535
with:
3636
version: "latest"
3737

3838
- name: Set up Python
39-
uses: actions/setup-python@v5
39+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
4040
with:
4141
python-version: "3.11"
4242

.github/workflows/unit-tests.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@ jobs:
1616

1717
steps:
1818
- name: Checkout code
19-
uses: actions/checkout@v4
19+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
2020

2121
- name: Set up Python ${{ matrix.python-version }}
22-
uses: actions/setup-python@v5
22+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
2323
with:
2424
python-version: ${{ matrix.python-version }}
2525

0 commit comments

Comments
 (0)