Security: Replace extra-args denylist with allowlist in setup-python-env composite action

[Copilot]

The extra-args input in the setup-python-env composite action used a denylist to block a handful of dangerous uv sync flags, leaving many others (e.g. --python, --no-build-isolation, --constraint, --no-sources) unguarded.

Changes

• .github/actions/setup-python-env/action.yml — Replace two-step denylist (blocked-flags regex + character pattern) with a strict bash allowlist. Only four flags are permitted; anything else fails immediately with a descriptive error:

  allowed_args=(
    "--all-packages"
    "--prerelease=if-necessary-or-explicit"
    "-U"
    "--upgrade"
  )
  for arg in $EXTRA_ARGS; do
    allowed=false
    for a in "${allowed_args[@]}"; do
      [[ "$arg" == "$a" ]] && allowed=true && break
    done
    if [[ "$allowed" != "true" ]]; then
      echo "::error::Unrecognized extra-args token: '$arg'. Only the following flags are permitted: ${allowed_args[*]}." >&2
      exit 1
    fi
  done

• .github/actions/setup-python-env/README.md — Update Security note to document the allowlist approach and enumerate the four permitted flags.

The four allowed flags cover all current usages in the repo (--all-packages in python-docs.yml; -U/--upgrade/--prerelease=… documented in the README example).

Testing

• Not run (why?)
• uv run poe check
• Other: Bash unit test of allowlist logic — all valid flags pass, all dangerous flags (--index-url, --python, --no-build-isolation, --constraint, --no-sources) correctly rejected

Checklist

• Linked issue or task reference
• Added/updated tests where relevant
• Updated docs/README if needed
• No secrets or sensitive data added
• Considered backward compatibility and deployment impact

Additional context

• All existing callers pass only --all-packages or no extra-args; no breaking change to current workflows.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Security: Replace extra-args denylist with allowlist in setup-python-env composite action</issue_title>
<issue_description>The extra-args input in .github/actions/setup-python-env/action.yml (line 42) uses a denylist to block specific dangerous uv sync flags, but this approach is insufficient — many other flags that can alter dependency resolution semantics remain unblocked.

Unblocked flags that could be dangerous:

• --python — could redirect to a different Python interpreter
• --no-build-isolation — disables build isolation, allowing unbounded environment access
• --constraint / --override-requires-python — alter dependency resolution
• --no-sources — skips workspace packages

Recommendation: Replace the denylist with an allowlist of explicitly supported flags. For example:

allowed_args=(
  "--all-packages"
  "--prerelease=if-necessary-or-explicit"
  "-U"
  "--upgrade"
)
for arg in $EXTRA_ARGS; do
  allowed=false
  for a in "${allowed_args[@]}"; do [[ "$arg" == "$a" ]] && allowed=true && break; done
  if [[ "$allowed" != "true" ]]; then
    echo "::error::Unrecognized extra-args token: '$arg'." >&2; exit 1
  fi
done

Alternatively, remove extra-args entirely and expose structured boolean/enum inputs for each supported flag.

---

File: .github/actions/setup-python-env/action.yml, line 42
Severity: Medium
Categories: Input Validation and Sanitization (Category 1) + CI/CD Security (Category 14)

Original review finding:

Category: Input Validation and Sanitization (Category 1) + CI/CD Security (Category 14)
Severity: Medium

The extra-args guard uses a denylist to block specific dangerous flags (--index-url, --extra-index-url, --trusted-host, --find-links), but many other uv sync flags that can alter dependency resolution semantics are not blocked, for example:

• --python — could redirect to a different Python interpreter
• --no-build-isolation — disables build isolation, allowing unbounded environment access
• --constraint / --override-requires-python — alter dependency resolution
• --no-sources — skips workspace packages

If any caller ever forwards a dynamic/user-sourced string to extra-args (despite the README warning), the denylist provides insufficient protection.

Recommendation: Replace the denylist with an allowlist of explicitly supported flags.

Related PR: #51
Review comment: #51 (comment)

Generated by PR Review Comment — Create Issue for issue #51

Comments on the Issue (you are @copilot in this section)

• Fixes Security: Replace extra-args denylist with allowlist in setup-python-env composite action #67

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

This PR hardens the .github/actions/setup-python-env composite action by replacing the previous extra-args denylist with a strict allowlist, reducing the risk of unsafe uv sync flag injection while keeping current workflow usage supported.

Changes:

• Replace denylist-based token validation for extra-args with an explicit allowlist of four permitted uv sync flags.
• Update the action README security note to document the allowlist behavior and enumerate permitted flags.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
.github/actions/setup-python-env/action.yml	Enforces a strict allowlist for extra-args tokens before passing them to uv sync.
.github/actions/setup-python-env/README.md	Updates documentation to reflect allowlist validation and lists permitted flags.