security: reject PATH_TO_CLAUDE_CODE_EXECUTABLE with control characters (#1185)

dirname() preserves embedded newlines, so a value like `/usr/bin/claude\n/attacker/path` writes two lines to GITHUB_PATH, injecting an attacker-controlled directory into PATH for all subsequent workflow steps. Validate the input immediately after reading it and throw if it contains any control characters (0x00-0x1f, 0x7f). This is fail-closed rather than silent stripping — a path with control characters is always misconfigured or malicious. Fixes #1160 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 20:26:08 -04:00 · 2026-04-05 20:26:08 -04:00 · 6cad158a17
commit 6cad158a17
parent 0f1fe5ef85
1 changed files with 5 additions and 0 deletions
--- a/src/entrypoints/run.ts
+++ b/src/entrypoints/run.ts
@ -47,6 +47,11 @@ import type { ClaudeRunResult } from "../../base-action/src/run-claude-sdk";
 async function installClaudeCode(): Promise<void> {
  const customExecutable = process.env.PATH_TO_CLAUDE_CODE_EXECUTABLE;
  if (customExecutable) {
+    if (/[\x00-\x1f\x7f]/.test(customExecutable)) {
+      throw new Error(
+        "PATH_TO_CLAUDE_CODE_EXECUTABLE contains control characters (e.g. newlines), which is not allowed",
+      );
+    }
    console.log(`Using custom Claude Code executable: ${customExecutable}`);
    const claudeDir = dirname(customExecutable);
    // Add to PATH by appending to GITHUB_PATH