Skip to content

ci: Escape new-pr.yml #3117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Twixes merged 3 commits into from
Feb 18, 2026
Merged

ci: Escape new-pr.yml #3117

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
61f1fd1
fix: prevent script injection in new-pr.yml workflow
cursoragent Feb 18, 2026
c03124f
Quotes not needed now
Twixes Feb 18, 2026
526812b
The other content is safe
Twixes Feb 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/new-pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
echo "is-shame-worthy=false" >> "$GITHUB_OUTPUT"
fi
env:
RAW_BODY: ${{ github.event.pull_request.body }}
RAW_BODY: ${{ toJSON(github.event.pull_request.body) }}
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

toJSON() breaks empty-body detection

toJSON() wraps the value in JSON encoding, so an empty PR body becomes the string "" (two quote characters) and a null body becomes the string null. Neither of these are empty/whitespace-only, so the [[ -z "${FILTERED_BODY//[[:space:]]/}" ]] check on line 24 will never evaluate to true for PRs with no description — the shaming logic is effectively dead.

Additionally, toJSON() collapses multi-line content into a single line with literal \n escape sequences. The sed filter on lines 19–21 was designed to work line-by-line (stripping ##, *, - [ lines). With everything on one line, if the body contains ## or * anywhere, sed deletes the entire body — causing valid descriptions to be incorrectly flagged as empty.

A safer approach that preserves the injection protection while keeping the detection logic working would be to keep the env var indirection (which already prevents injection) but drop toJSON():

Suggested change
RAW_BODY: ${{ toJSON(github.event.pull_request.body) }}
RAW_BODY: ${{ github.event.pull_request.body }}

Passing user input through env: and referencing it as $RAW_BODY in the script (rather than inline ${{ }} in run:) is already sufficient to prevent script injection, since the value is set as an environment variable rather than interpolated into the shell script.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: .github/workflows/new-pr.yml
Line: 30

Comment:
**`toJSON()` breaks empty-body detection**

`toJSON()` wraps the value in JSON encoding, so an empty PR body becomes the string `""` (two quote characters) and a null body becomes the string `null`. Neither of these are empty/whitespace-only, so the `[[ -z "${FILTERED_BODY//[[:space:]]/}" ]]` check on line 24 will never evaluate to true for PRs with no description — the shaming logic is effectively dead.

Additionally, `toJSON()` collapses multi-line content into a single line with literal `\n` escape sequences. The `sed` filter on lines 19–21 was designed to work line-by-line (stripping `##`, `*`, `- [` lines). With everything on one line, if the body contains `## ` or `*` anywhere, `sed` deletes the **entire** body — causing valid descriptions to be incorrectly flagged as empty.

A safer approach that preserves the injection protection while keeping the detection logic working would be to keep the env var indirection (which already prevents injection) but drop `toJSON()`:

```suggestion
                  RAW_BODY: ${{ github.event.pull_request.body }}
```

Passing user input through `env:` and referencing it as `$RAW_BODY` in the script (rather than inline `${{ }}` in `run:`) is already sufficient to prevent script injection, since the value is set as an environment variable rather than interpolated into the shell script.

How can I resolve this? If you propose a fix, please make it concise.


- name: Shame if PR has no description
if: steps.is-shame-worthy.outputs.is-shame-worthy == 'true'
Expand Down