fix: block mixed-case denylist bypass in setup-python-env action

[Copilot]

Summary

The denylist in setup-python-env was case-sensitive, allowing flags like --Index-Url=attacker.com or --Extra-Index-Url=evil.com to bypass the registry-override block while still passing the allowlist check.

Fix: lowercase each token before the denylist [[ =~ ]] comparison using ${arg,,}:

arg_lower="${arg,,}"
if [[ "$arg_lower" =~ ^--(index-url|extra-index-url|trusted-host|find-links)(=|$) ]]; then
  echo "::error::Blocked dangerous extra-args token: '$arg'. Registry overrides are not permitted." >&2
  exit 1
fi

The original $arg is preserved in the error message for clarity.

Testing

• Not run (why?)
• uv run poe check
• Other: Shell-in-YAML composite action — no existing test harness; change is a single-line bash hardening; verified logic manually

Checklist

• Linked issue or task reference
• Added/updated tests where relevant
• Updated docs/README if needed
• No secrets or sensitive data added
• Considered backward compatibility and deployment impact

Additional context

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Security: Case-sensitive denylist in setup-python-env allows bypass via mixed-case flags</issue_title>
<issue_description>## Summary

The denylist regex in the setup-python-env composite action is case-sensitive, allowing an attacker with write access to a calling workflow to bypass it by using mixed-case flag names.

Details

• File: .github/actions/setup-python-env/action.yml
• Line: 44
• Category: CI/CD and GitHub Actions Security (Category 14)
• Severity: Medium

Original Review Finding

Category: CI/CD and GitHub Actions Security (Category 14)
Severity: Medium

The denylist regex is case-sensitive. An attacker with write access to a calling workflow could bypass it by using mixed-case flag names — for example --Index-Url=(attacker.com/redacted) or --Extra-Index-Url=(evil.com/redacted). These would fail to match the denylist pattern but would pass the allowlist check (which permits uppercase letters via [a-zA-Z0-9=._:/@+-]+).

While uv may or may not accept these mixed-case flags depending on the version, the intent of the denylist is silently bypassed, leaving an unintended control gap.

Recommendation: Lowercase the token before the denylist comparison:

arg_lower="${arg,,}"
if [[ "$arg_lower" =~ ^--(index-url|extra-index-url|trusted-host|find-links)(=|$) ]]; then
  echo "::error::Blocked dangerous extra-args token: '$arg'. Registry overrides are not permitted." >&2
  exit 1
fi

Alternatively, use shopt -s nocasematch before the loop (and restore with shopt -u nocasematch after) to make all subsequent [[ =~ ]] comparisons case-insensitive.

Proposed Fix

Either:

1. Lowercase the argument before comparing against the denylist: arg_lower="${arg,,}" and match against $arg_lower
2. Use shopt -s nocasematch to make [[ =~ ]] comparisons case-insensitive

References

• Related PR: feat: add agentic workflows and security posture #51
• Review comment

Generated by PR Review Comment — Create Issue for issue #51

Comments on the Issue (you are @copilot in this section)

• Fixes Security: Case-sensitive denylist in setup-python-env allows bypass via mixed-case flags #72

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR fixes a security vulnerability in the setup-python-env composite action where a case-sensitive denylist allowed attackers to bypass registry-override protections using mixed-case flag names (e.g., --Index-Url instead of --index-url).

Changes:

• Added case-insensitive comparison to the denylist check by lowercasing input tokens before regex matching