Fix command injection vulnerability in CI workflow via untrusted fork PR#439
Draft
Copilot wants to merge 2 commits into
Draft
Fix command injection vulnerability in CI workflow via untrusted fork PR#439Copilot wants to merge 2 commits into
Copilot wants to merge 2 commits into
Conversation
|
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
pranaygp
changed the title
…nt variables
Replace direct interpolation of ${{ matrix.app.name }} in shell commands with environment
variables passed via the env: section. All paths are now quoted to prevent command injection
from untrusted fork PRs.
Affected jobs:
- e2e-local-dev: Setup canary, Resolve symlinks, Run E2E Tests
- e2e-local-prod: Setup canary, Run E2E Tests
- e2e-local-postgres: Setup canary, Run E2E Tests
Co-authored-by: pranaygp <1797812+pranaygp@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix command injection in CI workflow
Fix command injection vulnerability in CI workflow via untrusted fork PR
Nov 26, 2025
VaguelySerious
added a commit
that referenced
this pull request
May 21, 2026
Sets WORKFLOW_SERVER_URL_OVERRIDE in packages/world-vercel/src/utils.ts to https://workflow-server-git-peter-v4.vercel.sh so that e2e tests running off this SDK branch exercise the v4-enabled workflow-server preview instead of production. The override is the inline mechanism documented at the constant — when set, it wins over both the default (https://vercel-workflow.com) and the VERCEL_WORKFLOW_SERVER_URL env var. The same pattern is used in v4 testing on the workflow- server side: CI rewrites this string on PR branches. Reset to '' before merging to main. Companion to vercel/workflow-server#439. Updates four tests in utils.test.ts that previously assumed the override is empty. Each affected assertion gets a comment noting what the expectation looks like on main; flipping back to the main behavior is a one-line edit per test when the override is reset. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
VaguelySerious
added a commit
that referenced
this pull request
May 21, 2026
The adapter's createWorkflowRunEvent / getEvent / getWorkflowRunEvents
now call the v4 endpoints internally instead of v2/v3. Public function
signatures and the EventResult / Event / PaginatedResponse<Event>
shapes returned to the workflow runtime are unchanged — only the wire
protocol switches.
Wire-format changes the SDK now drives:
- Event metadata rides in x-wf-* request/response headers.
- User payload is CBOR-encoded by the SDK at the eventData[field]
boundary and shipped as opaque body bytes; never parsed on the
server.
- POST event response carries the materialized EventResult as a
CBOR body — see workflow-server PR #439's
"Return materialized entity in POST event response body" commit
for the matching server-side change. The SDK no longer needs a
second round-trip after POST to read run/step state.
- LIST events uses the v4 binary-frame stream
(application/vnd.workflow.v4-frames). Per-event `/refs` calls
are gone — payloads come back inline in each frame.
What goes away:
- packages/world-vercel/src/refs.ts (deleted) — the /refs ref-
hydration path is no longer needed.
- hydrateEventRefs / collectPendingRefs / eventDataRefFieldMap and
the EventResultResolveWireSchema / EventResultLazyWireSchema /
EventWithRefsSchema wire schemas (deleted).
- The lazy-refs branching inside createWorkflowRunEvent — the
server already respects `remoteRefBehavior` (still sent for
`eventsNeedingResolve` types) and bakes the resolution decision
into its CBOR response.
What stays:
- v1Compat path on `createWorkflowRunEvent` (runs.create.v1 /
runs.cancel.v1) — still uses v1 endpoints for legacy migrations
that haven't moved to event sourcing.
- validateUlidTimestamp on run_created, the HookNotFoundError
translation on hook_disposed/hook_received 404s, and the
stripEventDataRefs path for resolveData='none'.
Not yet covered:
- listEventsByCorrelationId throws a clear error — v4 has no
by-correlation-id list endpoint yet; callers in the hot path
have been fetching hooks directly anyway. A future server PR
can add /api/v4/events?correlationId= if needed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Direct interpolation of
${{ matrix.app.name }}in shell commands allows command injection from fork PRs that modifyscripts/create-test-matrix.mjs.Changes
${{ matrix.app.name }}interpolation with environment variables in shell commandsBefore:
After:
Jobs fixed
e2e-local-dev: Setup canary, Resolve symlinks, Run E2E Testse2e-local-prod: Setup canary, Run E2E Testse2e-local-postgres: Setup canary, Run E2E TestsView original Slack conversation
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.