This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 742e920 fix(security): close gh permission gaps in settings.json (#89)
742e920 is described below
commit 742e920de0f88a54f37efd0083ea7af9f1bbc6f6
Author: Andrew Nesbitt <[email protected]>
AuthorDate: Thu May 7 18:41:22 2026 +0100
fix(security): close gh permission gaps in settings.json (#89)
Split from #88 per review.
- gh auth token / gh auth refresh -> permissions.deny. gh auth token
prints the GitHub token to stdout with no prompt, so any injection
that reaches Bash can capture and exfil it via the
already-allowlisted api.github.com.
- gh workflow run -> permissions.ask.
- gh api --method / gh api --input (flag-first variants) added
alongside the existing gh api * --method * patterns so argument
ordering can't sidestep the match.
---
.claude/settings.json | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/.claude/settings.json b/.claude/settings.json
index 10b1af4..aa1e45b 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -63,7 +63,9 @@
"Bash(docker login *)",
"Bash(npm publish *)",
"Bash(pip install --upgrade *)",
- "Bash(uv self update *)"
+ "Bash(uv self update *)",
+ "Bash(gh auth token*)",
+ "Bash(gh auth refresh*)"
],
"ask": [
"Bash(git push *)",
@@ -85,11 +87,14 @@
"Bash(gh repo edit *)",
"Bash(gh repo delete *)",
"Bash(gh api * --method *)",
+ "Bash(gh api --method *)",
"Bash(gh api * --input *)",
+ "Bash(gh api --input *)",
"Bash(gh secret *)",
"Bash(gh ssh-key *)",
"Bash(gh release upload *)",
- "Bash(gh release delete *)"
+ "Bash(gh release delete *)",
+ "Bash(gh workflow run *)"
]
}
}
