potiuk opened a new pull request, #149:
URL: https://github.com/apache/airflow-steward/pull/149
## Summary
Adds two mandatory pre-classification steps to `security-issue-triage`:
- **Step 2.5 — Apply the Security Model verbatim**: the classifier must
quote the relevant 2-3 sentences of the project's Security Model and explain
how the tracker maps to (or escapes) that wording. A trust-boundary cheat-sheet
codifies the common attacker/target combinations into default dispositions, so
the classifier cannot skip the boundary analysis silently.
- **Step 2.6 — Closed-tracker precedent search**: extends the existing
fuzzy-dup search to look for closed-as-invalid and closed-as-not-CVE-worthy
precedents (today the search only finds open-tracker dedup candidates). A
STRONG rejection precedent lowers proposal confidence and often swings the
disposition.
## Motivation
In a 2026-05-14 triage sweep against `airflow-s/airflow-s`, the first-pass
classification got 8 of 9 trackers wrong — proposed VALID/DEFENSE-IN-DEPTH for
cases that had direct NOT-CVE-WORTHY precedents (e.g. airflow-s#258 for the
`__classname__ → import_string` pattern, airflow-s#215 / #237 for
cross-DAG-read via Execution API). The misclassifications were caught after a
second round of human pushback ("check past similar issues; read the Security
Model deeply"). This PR codifies "read the Security Model deeply" and "check
past similar issues" as mandatory steps in the skill instead of relying on the
human to push back.
## Test plan
- [ ] Re-run `/security-issue-triage` against airflow-s#404-#412 (the cases
that originally tripped this) and confirm the new Step 2.5 trust-boundary
cheat-sheet produces the correct first-pass dispositions for each.
- [ ] Confirm Step 2.6 finds airflow-s#258 when triaging a new report
describing `import_string()` with attacker-controlled classnames inside the
Triggerer / parser / worker pool.
- [ ] Run `gh search issues` against a closed tracker label that doesn't
exist (e.g. `closed:invalid`-but-no-matches) to confirm the empty case is
handled cleanly.
- [ ] Budget check: total `gh search` calls per tracker stay within the
documented ≤5 envelope (the new closed search shares the same 5-call cap with
the existing open search).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
