Skip to content

[compiler-threat-spec] spec: add CTR-012 and update rule mappings in compiler threat detection spec #31133

Closed
#31135
Closed
[compiler-threat-spec] spec: add CTR-012 and update rule mappings in compiler threat detection spec#31133
#31135
Assignees
pelikhancopilot-swe-agent
Labels
agentic-workflowsautomationcompilersecurityspecification
@github-actions

Description

@github-actions
github-actions
bot
opened on May 9, 2026

Summary

Daily threat spec optimizer run (2026-05-09). Reconciled implementation against specs/compiler-threat-detection-spec.md.

Threats Reviewed

  • Reviewed all pkg/workflow/*validation*.go files against the existing CTR-001 through CTR-011 catalog.
  • Recent commits (2-day window): one refactoring commit for the approach-validator workflow — no new compiler security code introduced.

Already-Covered Threats (Mapping Updates Only)

The following implementation files existed but were not reflected in the spec's Section 6.1 mapping table:

File Threat Assigned To
strict_mode_network_validation.go Rejects wildcard * domains in strict mode CTR-011 (extended)
expression_syntax_validation.go Structural expression syntax validation (balanced braces, quotes) CTR-010 (extended)
heredoc_validation.go Heredoc delimiter injection defense CTR-006 (extended)
github_app_permissions_validation.go GitHub App-only permission scope enforcement CTR-001 (extended)

New Rule: CTR-012 Safe-Outputs Wildcard Push Scope

push_to_pull_request_branch_validation.go detects two misconfiguration patterns when safe-outputs.push-to-pull-request-branch: target: "*" is used:

  1. No wildcard fetch — target "*" allows pushing to any PR branch, but without fetch: ["*"] in checkout the agent cannot reach those branches at runtime (warning suppressed for public repos)
  2. No access constraints — no title-prefix or labels filter means the agent may push to any PR with no additional gating

This threat is distinct from CTR-008 (which addresses the pull_request_target pwn-request attack vector) — CTR-012 addresses unconstrained write scope within the safe-outputs subsystem.

Rule IDs Changed

  • CTR-001 — mapping extended
  • CTR-006 — mapping extended
  • CTR-010 — mapping extended
  • CTR-011 — rule description extended + mapping extended
  • CTR-012 — new rule added

Files Changed

  • specs/compiler-threat-detection-spec.md — spec v1.0.2

References: §25590431982

Generated by Daily Compiler Threat Spec Optimizer · ● 9.4M ·

  • expires on May 16, 2026, 3:33 AM UTC

Note

This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download bundle artifact

The bundle file is available in the agent artifact in the workflow run linked above.

To create a pull request with the changes:

# Download the artifact from the workflow run
gh run download 25590431982 -n agent -D /tmp/agent-25590431982

# Fetch the bundle into a local branch
git fetch /tmp/agent-25590431982/aw-spec-ctr-012-safe-outputs-wildcard-push-scope.bundle refs/heads/spec/ctr-012-safe-outputs-wildcard-push-scope:refs/heads/spec/ctr-012-safe-outputs-wildcard-push-scope-049ac02d8fa09674
git checkout spec/ctr-012-safe-outputs-wildcard-push-scope-049ac02d8fa09674

# Push the branch to origin
git push origin spec/ctr-012-safe-outputs-wildcard-push-scope-049ac02d8fa09674

# Create the pull request
gh pr create --title '[compiler-threat-spec] spec: add CTR-012 and update rule mappings in compiler threat detection spec' --base main --head spec/ctr-012-safe-outputs-wildcard-push-scope-049ac02d8fa09674 --repo github/gh-aw

Metadata

Metadata

Assignees

Labels

agentic-workflowsautomationcompilersecurityspecification

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions