[CI Failure Doctor] Runtime import fuzz accepts truncated secrets expression in run 22356701883

[github-actions]

CI Failure Investigation - Run #37716

Summary

The fuzz job now fails because processExpressions treats Secret: $\{\{ secrets.TOKEN }T as safe: the regex only matches well-formed $\{\{ ... }} blocks, so truncated expressions that still contain $\{\{ secrets. slip through and the harness complains after the function already returned success.

Failure Details

• Run: 22356701883
• Commit: 67de926
• Trigger: push

Root Cause Analysis

processExpressions stops at const expressionRegex = /\$\{\{([\s\S]*?)\}\}/g, so inputs that do not finish the }} (for example Secret: $\{\{ secrets.TOKEN }T) never register as expressions. The loop never evaluates them or rejects them, so the function returns the original string even though the payload contains secrets.. runtime_import_fuzz_test.go asserts that any secrets. expression should fail, so the fuzz target crashes once the corpus entry is minimized.

Failed Jobs and Errors

• fuzz (FuzzRuntimeImportProcessExpressions) – runtime_import_fuzz_test.go:260: Content with $\{\{ secrets. expression was processed successfully, and result still contains Secret: $\{\{ secrets.TOKEN }T before the harness bails out.

Investigation Findings

• Replicate locally with go test -run=FuzzRuntimeImportProcessExpressions/9661e56aa0ec2781 ./pkg/parser; the failing corpus lives at testdata/fuzz/FuzzRuntimeImportProcessExpressions/9661e56aa0ec2781.
• The logs show runtime_import_fuzz_test.go:270 warning that the result still contains $\{\{ secrets.TOKEN }T, which proves processExpressions never consumed the expression.
• Because the regex requires }}, truncated closing braces bypass the evaluator even though the security invariant is that secrets. expressions must never succeed.

Recommended Actions

• Detect $\{\{ secrets. sequences even when the closing braces are malformed and treat them as unsafe before returning success from processExpressions.
• Add a regression that replays testdata/fuzz/FuzzRuntimeImportProcessExpressions/9661e56aa0ec2781 or a similar truncated expression to ensure the harness fails instead of reporting success.
• Log this pattern so future additions to processExpressions also consider partial or malformed markers as security violations.

Prevention Strategies

• Keep the runtime import fuzz targets running in CI to catch new variations of malformed secrets expressions.
• Consider sanitizing or normalizing the $\{\{/}} markers before the regex match so invisible bytes or missing braces can’t bypass detection.

AI Team Self-Improvement

When inspecting runtime import failures, always check whether $\{\{ secrets. survives the process even if the regex never matches, and add fuzz corpus entries for truncated markers so new fixes keep the invariant alive.

Historical Context

#18165 described a similar bypass where bytes inserted between $ and \{\{ prevented the regex from matching. This run shows the same weakness in the regex when the closing }} is corrupted or missing, so treat both signatures as part of the same regression.

🩺 Diagnosis provided by CI Failure Doctor

To install this workflow, run gh aw add githubnext/agentics/workflows/ci-doctor.md@ea350161ad5dcc9624cf510f134c6a9e39a6f94d. View source at https://github.com/githubnext/agentics/tree/ea350161ad5dcc9624cf510f134c6a9e39a6f94d/workflows/ci-doctor.md.

• expires on Feb 25, 2026, 3:18 PM UTC

[github-actions]

This issue is being closed as outdated. A newer issue has been created: #18173

View newer issue

---

This action was performed automatically by the CI Failure Doctor workflow.