ros/claude-code
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code.git synced 2026-01-30 04:02:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1c91d294d4f7c63b9a657fb4b6abf83e860a911
claude-code/.github/workflows/claude-dedupe-issues.yml
Claude e1c91d294d fix: prevent API key exfiltration in dedupe workflow 
Security fix to address potential prompt injection attack vector where
malicious issue content could exploit gh api/comment permissions to
exfiltrate the ANTHROPIC_API_KEY.

Changes:
- Remove gh api:* and gh issue comment:* from dedupe command allowed-tools
- Command now outputs structured JSON to /tmp/dedupe-result.json
- Comment posting moved to isolated workflow step without API key access
- Added URL validation to prevent injection in comment content

The Claude Code step can now only read issues (gh issue view/search/list),
while comment posting happens in a separate step that only has GITHUB_TOKEN.
2025-11-19 02:33:20 +00:00

149 lines
5.3 KiB
YAML
Raw Blame History

name: Claude Issue Dedupe
description: Automatically dedupe GitHub issues using Claude Code
on:
issues:
types: [opened]
workflow_dispatch:
inputs:
issue_number:
description: 'Issue number to process for duplicate detection'
required: true
type: string
jobs:
claude-dedupe-issues:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
issues: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Claude Code slash command
id: claude
uses: anthropics/claude-code-base-action@beta
with:
prompt: "/dedupe ${{ github.repository }}/issues/${{ github.event.issue.number || inputs.issue_number }}"
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: "--model claude-sonnet-4-5-20250929"
# Note: GH_TOKEN only provides read access for issue viewing/searching
# Comment posting is handled in a separate isolated step below
claude_env: |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# SECURITY: This step runs in isolation without access to ANTHROPIC_API_KEY
# It only has GITHUB_TOKEN for posting comments, preventing secret exfiltration
- name: Post duplicate comment (isolated from API key)
if: success()
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }}
RESULT_FILE="/tmp/dedupe-result.json"
if [ ! -f "$RESULT_FILE" ]; then
echo "No dedupe result file found, skipping comment"
exit 0
fi
# Check if we should skip
if jq -e '.skip' "$RESULT_FILE" > /dev/null 2>&1; then
REASON=$(jq -r '.reason // "unknown"' "$RESULT_FILE")
echo "Skipping comment: $REASON"
exit 0
fi
# Get duplicates array
DUPLICATES=$(jq -r '.duplicates // []' "$RESULT_FILE")
COUNT=$(echo "$DUPLICATES" | jq 'length')
if [ "$COUNT" -eq 0 ]; then
echo "No duplicates found, skipping comment"
exit 0
fi
# Build comment body (limit to 3 duplicates for safety)
SAFE_COUNT=$((COUNT > 3 ? 3 : COUNT))
COMMENT="Found $SAFE_COUNT possible duplicate issue"
if [ "$SAFE_COUNT" -ne 1 ]; then
COMMENT="${COMMENT}s"
fi
COMMENT="${COMMENT}:"
COMMENT="${COMMENT}
"
for i in $(seq 0 $((SAFE_COUNT - 1))); do
URL=$(echo "$DUPLICATES" | jq -r ".[$i]")
# Validate URL format to prevent injection
if [[ "$URL" =~ ^https://github\.com/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/issues/[0-9]+$ ]]; then
COMMENT="${COMMENT}
$((i + 1)). $URL"
fi
done
COMMENT="${COMMENT}
This issue will be automatically closed as a duplicate in 3 days.
- If your issue is a duplicate, please close it and 👍 the existing issue instead
- To prevent auto-closure, add a comment or 👎 this comment
🤖 Generated with [Claude Code](https://claude.ai/code)"
# Post the comment
gh issue comment "$ISSUE_NUMBER" --repo "${{ github.repository }}" --body "$COMMENT"
echo "Posted duplicate comment on issue #$ISSUE_NUMBER"
- name: Log duplicate comment event to Statsig
if: always()
env:
STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
run: |
ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }}
REPO=${{ github.repository }}
if [ -z "$STATSIG_API_KEY" ]; then
echo "STATSIG_API_KEY not found, skipping Statsig logging"
exit 0
fi
# Prepare the event payload
EVENT_PAYLOAD=$(jq -n \
--arg issue_number "$ISSUE_NUMBER" \
--arg repo "$REPO" \
--arg triggered_by "${{ github.event_name }}" \
'{
events: [{
eventName: "github_duplicate_comment_added",
value: 1,
metadata: {
repository: $repo,
issue_number: ($issue_number | tonumber),
triggered_by: $triggered_by,
workflow_run_id: "${{ github.run_id }}"
},
time: (now | floor | tostring)
}]
}')
# Send to Statsig API
echo "Logging duplicate comment event to Statsig for issue #${ISSUE_NUMBER}"
RESPONSE=$(curl -s -w "\n%{http_code}" -X POST https://events.statsigapi.net/v1/log_event \
-H "Content-Type: application/json" \
-H "STATSIG-API-KEY: ${STATSIG_API_KEY}" \
-d "$EVENT_PAYLOAD")
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
BODY=$(echo "$RESPONSE" | head -n-1)
if [ "$HTTP_CODE" -eq 200 ] || [ "$HTTP_CODE" -eq 202 ]; then
echo "Successfully logged duplicate comment event for issue #${ISSUE_NUMBER}"
else
echo "Failed to log duplicate comment event for issue #${ISSUE_NUMBER}. HTTP ${HTTP_CODE}: ${BODY}"
fi
Reference in New Issue View Git Blame Copy Permalink