From 6cad158a175744eb2e76f7f5fd108ec63145598c Mon Sep 17 00:00:00 2001 From: Max Flanagan Date: Sun, 5 Apr 2026 20:26:08 -0400 Subject: [PATCH] security: reject PATH_TO_CLAUDE_CODE_EXECUTABLE with control characters (#1185) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dirname() preserves embedded newlines, so a value like `/usr/bin/claude\n/attacker/path` writes two lines to GITHUB_PATH, injecting an attacker-controlled directory into PATH for all subsequent workflow steps. Validate the input immediately after reading it and throw if it contains any control characters (0x00-0x1f, 0x7f). This is fail-closed rather than silent stripping — a path with control characters is always misconfigured or malicious. Fixes #1160 Co-authored-by: Claude Sonnet 4.6 --- src/entrypoints/run.ts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/entrypoints/run.ts b/src/entrypoints/run.ts index 2ab42f1..5e7239e 100644 --- a/src/entrypoints/run.ts +++ b/src/entrypoints/run.ts @@ -47,6 +47,11 @@ import type { ClaudeRunResult } from "../../base-action/src/run-claude-sdk"; async function installClaudeCode(): Promise { const customExecutable = process.env.PATH_TO_CLAUDE_CODE_EXECUTABLE; if (customExecutable) { + if (/[\x00-\x1f\x7f]/.test(customExecutable)) { + throw new Error( + "PATH_TO_CLAUDE_CODE_EXECUTABLE contains control characters (e.g. newlines), which is not allowed", + ); + } console.log(`Using custom Claude Code executable: ${customExecutable}`); const claudeDir = dirname(customExecutable); // Add to PATH by appending to GITHUB_PATH