actions/claude-code-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: reject PATH_TO_CLAUDE_CODE_EXECUTABLE with control characters (#1185)

Browse Source 
dirname() preserves embedded newlines, so a value like
`/usr/bin/claude\n/attacker/path` writes two lines to GITHUB_PATH,
injecting an attacker-controlled directory into PATH for all subsequent
workflow steps.

Validate the input immediately after reading it and throw if it
contains any control characters (0x00-0x1f, 0x7f). This is fail-closed
rather than silent stripping — a path with control characters is always
misconfigured or malicious.

Fixes #1160

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Max Flanagan 2026-04-05 20:26:08 -04:00 committed by GitHub
parent 0f1fe5ef85
commit 6cad158a17
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/entrypoints/run.ts
View File

@ -47,6 +47,11 @@ import type { ClaudeRunResult } from "../../base-action/src/run-claude-sdk";
async function installClaudeCode(): Promise<void> { async function installClaudeCode(): Promise<void> {
const customExecutable = process.env.PATH_TO_CLAUDE_CODE_EXECUTABLE; const customExecutable = process.env.PATH_TO_CLAUDE_CODE_EXECUTABLE;
if (customExecutable) { if (customExecutable) {
if (/[\x00-\x1f\x7f]/.test(customExecutable)) {
throw new Error(
"PATH_TO_CLAUDE_CODE_EXECUTABLE contains control characters (e.g. newlines), which is not allowed",
);
}
console.log(`Using custom Claude Code executable: ${customExecutable}`); console.log(`Using custom Claude Code executable: ${customExecutable}`);
const claudeDir = dirname(customExecutable); const claudeDir = dirname(customExecutable);
// Add to PATH by appending to GITHUB_PATH // Add to PATH by appending to GITHUB_PATH