Add claude GitHub actions 1763377440348

[the-nulldev]

No description provided.

[github-actions]

🔒 Security Review Summary

This PR adds two GitHub Actions workflows for Claude AI integration. I've identified 3 critical security vulnerabilities that need to be addressed:

Critical Issues:

1. Privilege Escalation Risk - Missing write permission restrictions on pull_request trigger
2. Prompt Injection Vulnerability - Unsafe handling of user-controlled input in workflow triggers
3. Action Version Pinning - Using floating tags instead of commit SHAs

Details:

---

1. ⚠️ CRITICAL: Privilege Escalation via pull_request Trigger

File: .github/workflows/claude-code-review.yml
Lines: 3-5

Issue: The workflow triggers on pull_request events from ANY fork without proper permission restrictions. This allows malicious actors to:

• Submit a PR that triggers the workflow with elevated permissions
• Potentially access secrets (ANTHROPIC_API_KEY)
• Execute arbitrary commands via Claude's bash capabilities

Impact: HIGH - API key exposure, unauthorized API usage, potential lateral movement

Recommendation:

on:
  pull_request_target:  # Use pull_request_target instead
    types: [opened, synchronize]

AND add explicit environment protection:

jobs:
  claude-review:
    environment: 
      name: claude-review
      # Configure environment protection rules in repo settings

---

2. ⚠️ CRITICAL: Prompt Injection Vulnerability

File: .github/workflows/claude.yml
Lines: 16-19

Issue: The workflow uses contains() to check user-controlled content (issue titles, bodies, comments) without sanitization. An attacker can craft malicious input to inject commands or exfiltrate data.

Impact: HIGH - Command injection, data exfiltration, API abuse

Recommendation:

1. Use pull_request_target instead of allowing comments to trigger workflows
2. Implement strict input validation
3. Use a dedicated GitHub App with limited scope instead of GITHUB_TOKEN
4. Add rate limiting per user
5. Restrict to trusted contributors only:

if: |
  (github.event_name == 'issue_comment' && 
   contains(github.event.comment.body, '@claude') &&
   (github.event.comment.author_association == 'OWNER' || 
    github.event.comment.author_association == 'MEMBER' ||
    github.event.comment.author_association == 'COLLABORATOR'))

---

3. ⚠️ HIGH: Action Version Not Pinned to Commit SHA

Files: Both workflow files
Lines: claude-code-review.yml:30,36 | claude.yml:29,35

Issue: Using @v4 and @v1 tags instead of commit SHAs allows:

• Tag hijacking attacks
• Supply chain compromises
• Unexpected breaking changes

Impact: MEDIUM-HIGH - Potential malicious code execution

Recommendation:

# Instead of:
uses: actions/checkout@v4
uses: anthropics/claude-code-action@v1

# Use commit SHAs with comments:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: anthropics/claude-code-action@<commit-sha> # v1.x.x

Update regularly and verify checksums.

---

Additional Security Recommendations:

4. Least Privilege: The id-token: write permission seems unnecessary - remove unless required for OIDC
5. Secret Exposure: Ensure ANTHROPIC_API_KEY has IP restrictions and usage monitoring enabled
6. Audit Logging: Enable detailed logging for all Claude action executions
7. Timeout Protection: Add timeout-minutes: 10 to prevent resource exhaustion
8. Tool Restrictions: The claude_args in line 53 allows bash commands - ensure these are properly sandboxed

---

Summary:

Risk Level: 🔴 HIGH
Action Required: Address items 1-3 before merging

These vulnerabilities could lead to API key theft, unauthorized resource access, and potential repository compromise. Please remediate before deployment.