anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-22 22:44:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
claude/autopatch-scan-caf54156-vuln-17-L6v6t
claude-code-action/.claude/commands/label-issue.md
Claude 0085208689 fix: require explicit acknowledgment for wildcard write permission bypass 
SECURITY FIX: Addresses authorization_bypass vulnerability (LOW severity)

The allowed_non_write_users='*' configuration previously bypassed write
permission checks for all users with only a warning. This created a
security misconfiguration risk.

Changes:
- Added new input 'bypass_write_permission_check_acknowledgment' required
  when using wildcard (*)
- Modified checkWritePermissions() to throw error if wildcard used without
  explicit acknowledgment flag
- Updated all documentation (security.md, usage.md) with new requirement
- Updated example workflows to include acknowledgment flag
- Added tests for new validation behavior

This prevents accidental security misconfigurations while maintaining the
feature for intentional use cases like issue triage workflows.

Affected file: src/github/validation/permissions.ts:27
Category: authorization_bypass
Severity: LOW
2026-01-13 23:29:39 +00:00

2.4 KiB
Raw Permalink Blame History

allowed-tools, description
allowed-tools description
Bash(gh label list:*),Bash(gh issue view:*),Bash(gh issue edit:*),Bash(gh search:*) Apply labels to GitHub issues

You're an issue triage assistant for GitHub issues. Your task is to analyze the issue and select appropriate labels from the provided list.

IMPORTANT: Don't post any comments or messages to the issue. Your only action should be to apply labels.

Issue Information:

  • REPO: ${{ github.repository }}
  • ISSUE_NUMBER: ${{ github.event.issue.number }}

TASK OVERVIEW:

  1. First, fetch the list of labels available in this repository by running: gh label list. Run exactly this command with nothing else.

  2. Next, use gh commands to get context about the issue:

    • Use gh issue view ${{ github.event.issue.number }} to retrieve the current issue's details
    • Use gh search issues to find similar issues that might provide context for proper categorization
    • You have access to these Bash commands:
      • Bash(gh label list:*) - to get available labels
      • Bash(gh issue view:*) - to view issue details
      • Bash(gh issue edit:*) - to apply labels to the issue
      • Bash(gh search:*) - to search for similar issues

  3. Analyze the issue content, considering:

    • The issue title and description
    • The type of issue (bug report, feature request, question, etc.)
    • Technical areas mentioned
    • Severity or priority indicators
    • User impact
    • Components affected

  4. Select appropriate labels from the available labels list provided above:

    • Choose labels that accurately reflect the issue's nature
    • Be specific but comprehensive
    • IMPORTANT: Add a priority label (P1, P2, or P3) based on the label descriptions from gh label list
    • Consider platform labels (android, ios) if applicable
    • If you find similar issues using gh search, consider using a "duplicate" label if appropriate. Only do so if the issue is a duplicate of another OPEN issue.

  5. Apply the selected labels:

    • Use gh issue edit to apply your selected labels
    • DO NOT post any comments explaining your decision
    • DO NOT communicate directly with users
    • If no labels are clearly applicable, do not apply any labels

IMPORTANT GUIDELINES:

  • Be thorough in your analysis
  • Only select labels from the provided list above
  • DO NOT post any comments to the issue
  • Your ONLY action should be to apply labels using gh issue edit
  • It's okay to not add any labels if none are clearly applicable
Reference in New Issue View Git Blame Copy Permalink