[Safe Outputs Conformance] SEC-005: Cross-repository handlers lack allowlist validation

[github-actions]

Conformance Check Failure

Check ID: SEC-005
Severity: HIGH
Category: Security

Problem Description

Four handler files accept a target-repo parameter for cross-repository operations but do not perform any allowlist validation before proceeding. The Safe Outputs specification requires that cross-repository targets be validated against an allowlist (allowedRepos, validateTargetRepo, or checkAllowedRepo) to prevent unauthorized repository access or prompt-injection attacks that redirect operations to unintended repositories.

Affected Components

• actions/setup/js/dynamic_checkout.cjs — exposes switchTo(targetRepo, opts) which performs cross-repo checkout without allowlist check
• actions/setup/js/extra_empty_commit.cjs — detects cross-repo targets but does not validate them against an allowlist before acting
• actions/setup/js/find_repo_checkout.cjs — normalizes and resolves repo slugs for checkout without allowlist validation
• actions/setup/js/get_base_branch.cjs — accepts an optional targetRepo parameter for cross-repo base branch lookups without allowlist validation

Current Behavior

These handlers accept arbitrary repository references (e.g., owner/repo slugs) and operate on them directly without verifying that the target is an approved/expected repository.

Expected Behavior

Per the Safe Outputs specification, any handler that accepts a cross-repository target MUST validate it against an allowlist before performing any API calls or git operations. Allowed validation patterns include:

• A function named validateTargetRepo(repo) or checkAllowedRepo(repo)
• A variable/config reference like allowedRepos checked before proceeding

Remediation Steps

This task can be assigned to a Copilot coding agent with the following steps:

1. Add a shared utility function (e.g., validateTargetRepo) in a common module that checks a given owner/repo slug against an allowlist (e.g., sourced from an input, env var, or hardcoded set).
2. Call validateTargetRepo(targetRepo) at the entry point of each affected handler, before any git or GitHub API operations are performed.
3. Throw a standardized error (or call core.setFailed) with a clear message if the target repo is not in the allowlist.
4. Update each of the four handlers listed above to import and invoke the shared validation function.

Verification

After remediation, verify the fix by running:

bash scripts/check-safe-outputs-conformance.sh

The check SEC-005 should pass with: [PASS] SEC-005: All cross-repo handlers validate allowlists

References

• Safe Outputs Specification: docs/src/content/docs/reference/safe-outputs-specification.md
• Conformance Checker: scripts/check-safe-outputs-conformance.sh
• Run ID: §22586671855
• Date: 2026-03-02

Generated by Daily Safe Outputs Conformance Checker

• expires on Mar 3, 2026, 5:06 PM UTC