anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 22:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: require explicit acknowledgment for wildcard write permission bypass

Browse Source 
SECURITY FIX: Addresses authorization_bypass vulnerability (LOW severity)

The allowed_non_write_users='*' configuration previously bypassed write
permission checks for all users with only a warning. This created a
security misconfiguration risk.

Changes:
- Added new input 'bypass_write_permission_check_acknowledgment' required
  when using wildcard (*)
- Modified checkWritePermissions() to throw error if wildcard used without
  explicit acknowledgment flag
- Updated all documentation (security.md, usage.md) with new requirement
- Updated example workflows to include acknowledgment flag
- Added tests for new validation behavior

This prevents accidental security misconfigurations while maintaining the
feature for intentional use cases like issue triage workflows.

Affected file: src/github/validation/permissions.ts:27
Category: authorization_bypass
Severity: LOW
This commit is contained in:
Claude
2026-01-13 23:29:39 +00:00
parent 4778aeae4c
commit 0085208689
15 changed files with 89 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.claude/commands/label-issue.md
View File

@@ -17,7 +17,6 @@ TASK OVERVIEW:
1. First, fetch the list of labels available in this repository by running: `gh label list`. Run exactly this command with nothing else.
2. Next, use gh commands to get context about the issue:
- Use `gh issue view ${{ github.event.issue.number }}` to retrieve the current issue's details
- Use `gh search issues` to find similar issues that might provide context for proper categorization
- You have access to these Bash commands:
@@ -27,7 +26,6 @@ TASK OVERVIEW:
- Bash(gh search:\*) - to search for similar issues
3. Analyze the issue content, considering:
- The issue title and description
- The type of issue (bug report, feature request, question, etc.)
- Technical areas mentioned
@@ -36,7 +34,6 @@ TASK OVERVIEW:
- Components affected
4. Select appropriate labels from the available labels list provided above:
- Choose labels that accurately reflect the issue's nature
- Be specific but comprehensive
- IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list