anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-24 23:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent TOCTOU race condition on issue/PR body edits (#710)

Browse Source 
Add trigger-time validation for issue/PR body content to prevent attackers
from exploiting a race condition where they edit the body between when an
authorized user triggers @claude and when Claude processes the request.

The existing filterCommentsToTriggerTime() already protected comments -
this extends the same pattern to the main issue/PR body via isBodySafeToUse().

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Ashwin Bhat
2025-12-01 10:59:39 -05:00
committed by GitHub
parent 6d79044f1d
commit 6337623ebb
4 changed files with 304 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/github/types.ts
View File

@@ -58,6 +58,8 @@ export type GitHubPullRequest = {
headRefName: string;
headRefOid: string;
createdAt: string;
updatedAt?: string;
lastEditedAt?: string;
additions: number;
deletions: number;
state: string;
@@ -83,6 +85,8 @@ export type GitHubIssue = {
body: string;
author: GitHubAuthor;
createdAt: string;
updatedAt?: string;
lastEditedAt?: string;
state: string;
comments: {
nodes: GitHubComment[];