[plan] Fix high-severity template injection in cloclo.md #5753
Description
Objective
Fix the HIGH severity template injection vulnerability in .github/workflows/cloclo.md by replacing envsubst with safe in-place string substitution.
Context
The cloclo.md workflow uses envsubst on potentially untrusted data from ${{ needs.activation.outputs.text }}, creating a code injection vulnerability. This is marked as HIGH severity in the static analysis.
Current Vulnerable Pattern
env:
GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }}
run: |
cat << 'PROMPT_EOF' | envsubst > "$GH_AW_PROMPT"
[template content with $GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT]
PROMPT_EOFRequired Changes
- Replace the envsubst pattern with sed-based substitution:
env:
GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT: ${{ needs.activation.outputs.text }}
run: |
# Write template with placeholder directly to target file
cat << 'PROMPT_EOF' > "$GH_AW_PROMPT"
[template content with __GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT__]
PROMPT_EOF
# Safely substitute using sed (escapes pipe character to avoid delimiter conflicts)
sed -i "s|__GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT__|${GH_AW_NEEDS_ACTIVATION_OUTPUTS_TEXT//|/\\|}|g" "$GH_AW_PROMPT"- Replace all
$VARreferences in the template with__VAR__placeholders - Recompile the workflow:
make recompile
Files to Modify
.github/workflows/cloclo.md
Testing
Test the fix with malicious-looking input:
# Test content with shell metacharacters: $, `, \, $(), etc.
echo "Test: \$(malicious_command) and \`backdoor\` and \${VAR}"Verify:
- Content is treated as literal text (not expanded)
- Workflow completes successfully
- Output contains the literal special characters
- No shell expansion occurs
Acceptance Criteria
- envsubst removed from cloclo.md
- Safe sed-based substitution implemented
- Template uses
__VAR__placeholder format - No
.templatefiles created - Workflow recompiled successfully
- Passes zizmor static analysis scan
- Manual test confirms no injection possible
Related to [plan] Fix template injection vulnerabilities using in-place string substitution #5752
AI generated by Plan Command for discussion #5735