githubnext · jamesadevine · May 7, 2026 · May 7, 2026 · May 7, 2026
diff --git a/src/compile/extensions/trigger_filters.rs b/src/compile/extensions/trigger_filters.rs
@@ -102,8 +102,10 @@ impl CompilerExtension for TriggerFiltersExtension {
         steps.push(format!(
             r#"- bash: |
     mkdir -p /tmp/ado-aw-scripts
+    curl -fsSL "{RELEASE_BASE_URL}/v{version}/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt
     curl -fsSL "{RELEASE_BASE_URL}/v{version}/scripts.zip" -o /tmp/ado-aw-scripts/scripts.zip
-    cd /tmp/ado-aw-scripts && unzip -o scripts.zip
+    cd /tmp/ado-aw-scripts && grep "scripts.zip" checksums.txt | sha256sum -c -
+    cd /tmp/ado-aw-scripts && unzip -jo scripts.zip gate-eval.py
   displayName: "Download ado-aw scripts (v{version})"
   condition: succeeded()"#,
         ));
@@ -224,6 +226,18 @@ mod tests {
             steps[0].contains("scripts.zip"),
             "should download scripts.zip"
         );
+        assert!(
+            steps[0].contains("checksums.txt"),
+            "should download checksums.txt"
+        );
+        assert!(
+            steps[0].contains("sha256sum -c -"),
+            "should verify scripts.zip checksum"
+        );
+        assert!(
+            steps[0].contains("unzip -jo scripts.zip gate-eval.py"),
+            "should extract only gate-eval.py"
+        );
         assert!(steps[1].contains("prGate"), "second step should be PR gate");
         assert!(
             steps[1].contains("python3 '/tmp/ado-aw-scripts/gate-eval.py'"),

diff --git a/src/safeoutputs/upload_build_attachment.rs b/src/safeoutputs/upload_build_attachment.rs
@@ -718,6 +718,20 @@ mod tests {
             .is_err());
     }
 
+    #[test]
+    fn test_validation_rejects_newline_in_file_path() {
+        assert!(make_params(Some(1), "agent-report", "out\n/report.pdf")
+            .validate()
+            .is_err());
+    }
+
+    #[test]
+    fn test_validation_rejects_carriage_return_in_file_path() {
+        assert!(make_params(Some(1), "agent-report", "out\r/report.pdf")
+            .validate()
+            .is_err());
+    }
+
     #[test]
     fn test_result_serializes_correctly_with_build_id() {
         let result = UploadBuildAttachmentResult::new(

diff --git a/src/safeoutputs/upload_pipeline_artifact.rs b/src/safeoutputs/upload_pipeline_artifact.rs
@@ -721,6 +721,20 @@ mod tests {
             .is_err());
     }
 
+    #[test]
+    fn test_validation_rejects_newline_in_file_path() {
+        assert!(make_params(None, "report", "out\n/report.pdf")
+            .validate()
+            .is_err());
+    }
+
+    #[test]
+    fn test_validation_rejects_carriage_return_in_file_path() {
+        assert!(make_params(None, "report", "out\r/report.pdf")
+            .validate()
+            .is_err());
+    }
+
     #[test]
     fn test_validation_rejects_colon_in_file_path() {
         assert!(make_params(None, "report", "C:\\out\\report.pdf")

diff --git a/src/safeoutputs/upload_workitem_attachment.rs b/src/safeoutputs/upload_workitem_attachment.rs
@@ -10,6 +10,7 @@ use super::PATH_SEGMENT;
 use crate::sanitize::{SanitizeContent, sanitize as sanitize_text};
 use crate::tool_result;
 use crate::safeoutputs::{ExecutionContext, ExecutionResult, Executor, Validate};
+use crate::validate::contains_newline;
 use anyhow::{Context, ensure};
 
 /// Parameters for uploading an attachment to a work item
@@ -45,6 +46,10 @@ impl Validate for UploadWorkitemAttachmentParams {
             !self.file_path.contains('\0'),
             "file_path must not contain null bytes"
         );
+        ensure!(
+            !contains_newline(&self.file_path),
+            "file_path must not contain newlines or carriage returns"
+        );
         ensure!(
             !self
                 .file_path
@@ -494,6 +499,28 @@ mod tests {
         assert!(result.is_err());
     }
 
+    #[test]
+    fn test_validation_rejects_newline_in_file_path() {
+        let params = UploadWorkitemAttachmentParams {
+            work_item_id: 42,
+            file_path: "output\n/report.pdf".to_string(),
+            comment: None,
+        };
+        let result: Result<UploadWorkitemAttachmentResult, _> = params.try_into();
+        assert!(result.is_err());
+    }
+
+    #[test]
+    fn test_validation_rejects_carriage_return_in_file_path() {
+        let params = UploadWorkitemAttachmentParams {
+            work_item_id: 42,
+            file_path: "output\r/report.pdf".to_string(),
+            comment: None,
+        };
+        let result: Result<UploadWorkitemAttachmentResult, _> = params.try_into();
+        assert!(result.is_err());
+    }
+
     #[test]
     fn test_result_serializes_correctly() {
         let params = UploadWorkitemAttachmentParams {

diff --git a/src/validate.rs b/src/validate.rs
@@ -25,6 +25,8 @@ pub fn is_safe_path_segment(s: &str) -> bool {
         && !s.contains('/')
         && !s.contains('\\')
         && !s.starts_with('.')
+        && !s.contains('\n')
+        && !s.contains('\r')
 }
 
 /// Characters allowed in engine.command paths (absolute path chars only).
@@ -460,6 +462,8 @@ mod tests {
         assert!(!is_safe_path_segment("foo\\bar"));
         assert!(!is_safe_path_segment(".hidden"));
         assert!(!is_safe_path_segment("foo..bar"));
+        assert!(!is_safe_path_segment("foo\nbar"));
+        assert!(!is_safe_path_segment("foo\rbar"));
     }
 
     #[test]