Disagreement · 7fd1739d-anthropic-1

PR body interpolation is vulnerable to shell/markdown injection from branch name and upstream-controlled content

mismatch

repo 6f7fc663·PR #17·reviewed 1 week ago

Primary finding

PR body interpolation is vulnerable to shell/markdown injection from branch name and upstream-controlled content

mediumsecuritymedium

.github/workflows/sync-upstream.yml:76-95

The branch name is derived from `date -u +%Y%m%d` so it is safe today, but the pattern interpolates `$BRANCH` and `$AHEAD` directly into a shell-quoted string that is then re-expanded via `printf '%b'`. If `BRANCH` ever incorporates upstream-derived data (a likely future change, e.g. embedding the upstream short SHA via `git rev-parse upstream/main`), `%b` interprets backslash escapes which could break out of the code fence or inject content. Lower severity today because the current source of $BRANCH is a date, but the construction is fragile and should use `--body-file` with a heredoc instead of `printf %b` on an interpolated string.

Recommendation

Build the PR body via a heredoc into a file and pass it to `gh pr create --body-file`. Avoid `printf %b` on data-bearing strings; or at minimum use `printf '%s'` with literal newlines from the heredoc.

Counterpart finding

Hardcoded upstream repo and branch names reduce robustness

mediummaintainabilityhigh

.github/workflows/sync-upstream.yml:33-34
.github/workflows/sync-upstream.yml:39
.github/workflows/sync-upstream.yml:54
.github/workflows/sync-upstream.yml:89

The workflow assumes the upstream default branch is named "main" and that the upstream repo location remains constant. If the upstream project renames its default branch or moves repositories, fetch/merge steps will fail. Similarly, creating a PR against "main" will be incorrect if the fork's default branch changes. These hardcoded values make the workflow brittle and prone to silent breakage when defaults change.

Recommendation

Parameterize both the upstream repository and branch, and the fork base branch. - Define env vars or workflow inputs, e.g.: - env: BASE_BRANCH: ${{ github.event.repository.default_branch }} - env: UPSTREAM_REPO: aaronjmars/aeon (or from a repository variable) - env: UPSTREAM_BRANCH: main (or discover via GitHub API or `git remote show upstream`) - Replace occurrences: - `git fetch upstream main` -> `git fetch upstream "$UPSTREAM_BRANCH"` - `git rev-list --count HEAD..upstream/main` -> `...HEAD..upstream/$UPSTREAM_BRANCH` - `git merge --no-edit upstream/main` -> `... upstream/$UPSTREAM_BRANCH` - `gh pr create --base main` -> `--base "$BASE_BRANCH"`

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗