Skip to content

fix: restore authorization check on Claude workflow caller #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
danielewood merged 1 commit into from
Feb 17, 2026
Merged

fix: restore authorization check on Claude workflow caller #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/workflows/claude.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,17 @@ jobs:
(github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
(github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
(github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
) && (
github.event.sender.login == github.repository_owner ||
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check github.event.sender.login == github.repository_owner may not work as intended for organization-owned repositories. For repositories owned by an organization (like sensiblebit/certkit), github.repository_owner is the organization name (e.g., "sensiblebit"), not a user login. A user's login will never equal the organization name, so this check will always evaluate to false for organization repositories.

If the intent is to check if the sender is the repository owner (for user-owned repos) OR an organization member/owner (for org-owned repos), this check only handles the first case. For organization repositories, you should rely on the author_association checks (OWNER, MEMBER, COLLABORATOR) which correctly identify organization members and owners.

Consider removing this redundant check, or document that it's only for potential user-owned forks and has no effect on the main organization repository.

Suggested change
github.event.sender.login == github.repository_owner ||

Copilot uses AI. Check for mistakes.
github.event.comment.author_association == 'OWNER' ||
github.event.comment.author_association == 'MEMBER' ||
github.event.comment.author_association == 'COLLABORATOR' ||
github.event.review.author_association == 'OWNER' ||
github.event.review.author_association == 'MEMBER' ||
github.event.review.author_association == 'COLLABORATOR' ||
github.event.issue.author_association == 'OWNER' ||
github.event.issue.author_association == 'MEMBER' ||
github.event.issue.author_association == 'COLLABORATOR'
Comment on lines +36 to +38
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The authorization check for the issues event type assigned is incorrect. When an issue is assigned (not opened), github.event.sender is the person performing the assignment, but the code checks github.event.issue.author_association, which is the association of the person who originally created the issue. This means an unauthorized user could assign an existing issue that contains @claude in its body/title and trigger the workflow with the OAuth token.

To fix this security issue, you should check github.event.sender's authorization directly. However, GitHub Actions doesn't expose sender.author_association directly. The safest approach is to either:

  1. Remove the assigned trigger type from the issues event, keeping only opened
  2. Use a separate API call to check the sender's association (more complex)
  3. Rely only on the github.event.sender.login == github.repository_owner check combined with explicit allowlist checking

Alternatively, if the assigned trigger is not actually needed for the Claude workflow functionality (since Claude is typically triggered by opening issues or commenting, not by assignment), remove it entirely.

Copilot uses AI. Check for mistakes.
)
uses: sensiblebit/.github/.github/workflows/claude.yml@main
secrets:
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Security

- Restore authorization checks on Claude Code workflow to prevent unauthorized users from triggering the workflow and exposing OAuth token secret ([#46])

### Changed

- Migrate CI workflows and pre-commit hooks to organization-wide reusable workflows in `sensiblebit/.github` ([#45])
- Consolidate CI from 16 jobs to 10 by merging jobs with identical setup: branch-name + commit-messages + verified-commits → PR Conventions, go-build + go-vet + goimports → Go Checks, web-test + wrangler-build → Web, web-lint + markdownlint → Lint
- Remove redundant `go vet` and `go test` steps from release workflow — tags are created from main which already passed CI
- Consolidate Dependabot GitHub Actions PRs into a single grouped PR instead of one per action
Expand Down Expand Up @@ -544,6 +549,8 @@ Initial release.
[`a62908f`]: https://github.com/sensiblebit/certkit/commit/a62908f
[`55b5c1e`]: https://github.com/sensiblebit/certkit/commit/55b5c1e
[`8cf81d9`]: https://github.com/sensiblebit/certkit/commit/8cf81d9
[#46]: https://github.com/sensiblebit/certkit/pull/46
[#45]: https://github.com/sensiblebit/certkit/pull/45
[#24]: https://github.com/sensiblebit/certkit/pull/24
[#25]: https://github.com/sensiblebit/certkit/pull/25
[#26]: https://github.com/sensiblebit/certkit/pull/26
Expand Down