eliott/openwork
1
0
Fork 0
mirror of https://github.com/different-ai/openwork synced 2026-04-25 17:15:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent shell injection in opencode-agents workflow (#722)

Browse Source 
The triage-issue job interpolated $ISSUE_TITLE and $ISSUE_BODY unquoted
inside a double-quoted shell string, allowing any GitHub user to execute
arbitrary commands by opening an issue with shell metacharacters.

The duplicate-prs job similarly interpolated $COMMENT unquoted into a
gh pr comment --body argument.

Fix both by using printf with %s (prevents shell interpretation) and
--body-file (avoids inline interpolation entirely).

Co-authored-by: xj <gh-xj@users.noreply.github.com>
This commit is contained in:
xj
2026-03-03 16:19:49 -08:00
committed by GitHub
parent 36ae4ee500
commit 86dc0feeb4
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/workflows/opencode-agents.yml vendored
View File

@@ -29,11 +29,11 @@ jobs:
ISSUE_TITLE: ${{ github.event.issue.title }}
ISSUE_BODY: ${{ github.event.issue.body }}
run: |
opencode run --agent triage "The following issue was just opened, triage it:
Title: $ISSUE_TITLE
$ISSUE_BODY"
cat > /tmp/issue_prompt.txt <<'PROMPT_EOF'
The following issue was just opened, triage it:
PROMPT_EOF
printf '\nTitle: %s\n\n%s\n' "$ISSUE_TITLE" "$ISSUE_BODY" >> /tmp/issue_prompt.txt
opencode run --agent triage "$(cat /tmp/issue_prompt.txt)"
duplicate-prs:
if: github.event_name == 'pull_request_target' && github.event.pull_request.user.login != 'opencode-agent[bot]'
@@ -72,8 +72,11 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
COMMENT=$(opencode run --agent duplicate-pr "$(cat pr_info.txt)")
opencode run --agent duplicate-pr "$(cat pr_info.txt)" > /tmp/comment_output.txt
gh pr comment "$PR_NUMBER" --body "_The following comment was made by an LLM, it may be inaccurate:_
$COMMENT"
{
echo "_The following comment was made by an LLM, it may be inaccurate:_"
echo ""
cat /tmp/comment_output.txt
} > /tmp/comment_body.txt
gh pr comment "$PR_NUMBER" --body-file /tmp/comment_body.txt