fix(ci): prevent script injection in GitHub Actions workflows#559
Merged
Conversation
Bind GitHub context values (github.ref, github.base_ref, step outputs,
and job matrix values) to env vars and reference them as shell/JS
variables instead of interpolating ${{ }} directly into run: and
github-script bodies. Inline expansion lets context data execute as
shell; routing through env: removes the injection surface.
github.base_ref in breaking-change-check.yml is the most notable case —
a fork PR's source branch name flows into 'git fetch'.
Matrix-derived test args (path/ignore/extra-deps) are kept unquoted
where word-splitting into multiple args is intended.
Files: release-prepare.yml, breaking-change-check.yml,
dependabot-auto-merge.yml, integration-testing.yml,
integration-testing-regression.yml
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
Hweinstock
approved these changes
Jun 30, 2026
Contributor
|
Unrelated test failure: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Hardens our GitHub Actions workflows against script injection (the AppSec/ACAT "Script Injection in GitHub Actions workflows" finding class).
Several
run:andactions/github-scriptsteps interpolated GitHub context values directly into the script body via${{ … }}. The Actions runner substitutes those before the shell/JS parses the line, so context data can execute as code. The fix follows GitHub's recommended pattern: bind each expression to anenv:variable and reference the shell/JS variable instead (env:assignments are not an injection vector). No behavior changes.Files & what changed
github.base_ref(a fork PR's source branch name) flowed intogit fetch; now viaenv:. Thegithub-scriptstep readssteps.griffe.outputs.exit_codefromprocess.env.steps.metadata.outputs.*(dependency names/versions/update-type) routed throughenv:in both echo steps.matrix.extra-deps,matrix.path,matrix.ignore,matrix.grouprouted throughenv:. The pytest path/deps vars are intentionally left unquoted so they word-split into args exactly as before.github.refin the "must run from main" error message routed throughenv:.Testing
Workflow-only changes. Validated by:
${{ }}expressions remain inside anyrun:/script:body across the entire.github/workflows/tree