Enforce SEC-005 allowlist validation for workflow_dispatch target repo overrides (#27242)

Copilot · web-flow · commit b50d2586f3b0 · 2026-04-19T17:27:27.000-07:00
diff --git a/actions/setup/js/invocation_context_helpers.cjs b/actions/setup/js/invocation_context_helpers.cjs
@@ -1,7 +1,8 @@
 // @ts-check
 /// <reference types="@actions/github-script" />
 
-const { parseRepoSlug: parseSharedRepoSlug } = require("./repo_helpers.cjs");
+const { parseRepoSlug: parseSharedRepoSlug, parseAllowedRepos, validateTargetRepo } = require("./repo_helpers.cjs");
+const { ERR_VALIDATION } = require("./error_codes.cjs");
 
 /**
  * @typedef {{ owner: string, repo: string }} RepoRef
@@ -106,6 +107,22 @@ function parseJSONPayload(value) {
   return null;
 }
 
+/**
+ * Validate workflow_dispatch target repository against allowlist configuration.
+ * Enforces SEC-005 by rejecting disallowed cross-repository target overrides.
+ * @param {RepoRef} workflowRepo
+ * @param {RepoRef} targetRepo
+ */
+function checkAllowedRepo(workflowRepo, targetRepo) {
+  const defaultRepo = `${workflowRepo.owner}/${workflowRepo.repo}`;
+  const targetRepoSlug = `${targetRepo.owner}/${targetRepo.repo}`;
+  const allowedRepos = parseAllowedRepos(process.env.GH_AW_ALLOWED_REPOS);
+  const validation = validateTargetRepo(targetRepoSlug, defaultRepo, allowedRepos);
+  if (!validation.valid) {
+    throw new Error(`${ERR_VALIDATION}: ${validation.error}`);
+  }
+}
+
 /**
  * Resolve workflow repo and effective event context across invocation styles:
  * - native events
@@ -145,13 +162,17 @@ function resolveInvocationContext(rawContext) {
     if (inputs && typeof inputs === "object") {
       const inputsEventName = typeof inputs.event_name === "string" ? inputs.event_name : typeof inputs.eventName === "string" ? inputs.eventName : "";
       const parsedPayload = parseJSONPayload(inputs.event_payload) || parseJSONPayload(inputs.eventPayload);
+      const targetRepo = parseRepoSlug(inputs.target_repo) || parseRepoSlug(inputs.targetRepo);
+      if (targetRepo) {
+        checkAllowedRepo(workflowRepo, targetRepo);
+      }
       if (inputsEventName) {
         eventName = inputsEventName;
       }
       if (parsedPayload) {
         eventPayload = parsedPayload;
       }
-      eventRepo = eventRepo || parseRepoSlug(inputs.event_repo) || parseRepoSlug(inputs.eventRepo) || parseRepoSlug(inputs.target_repo) || parseRepoSlug(inputs.targetRepo);
+      eventRepo = eventRepo || parseRepoSlug(inputs.event_repo) || parseRepoSlug(inputs.eventRepo) || targetRepo;
     }
   }
 
diff --git a/actions/setup/js/invocation_context_helpers.test.cjs b/actions/setup/js/invocation_context_helpers.test.cjs
@@ -67,4 +67,69 @@ describe("invocation_context_helpers", () => {
     expect(resolved.eventRepo).toEqual({ owner: "target-owner", repo: "target-repo" });
     expect(resolved.eventPayload.issue.number).toBe(777);
   });
+
+  it.each(["target_repo", "targetRepo"])("rejects workflow_dispatch %s when not in allowlist", targetRepoKey => {
+    const originalAllowedRepos = process.env.GH_AW_ALLOWED_REPOS;
+    try {
+      process.env.GH_AW_ALLOWED_REPOS = "allowed-owner/allowed-repo";
+
+      expect(() =>
+        resolveInvocationContext({
+          eventName: "workflow_dispatch",
+          repo: { owner: "side-owner", repo: "side-repo" },
+          payload: {
+            inputs: {
+              [targetRepoKey]: "target-owner/target-repo",
+            },
+          },
+        })
+      ).toThrow(/ERR_VALIDATION: Repository 'target-owner\/target-repo' is not in the allowed-repos list/);
+    } finally {
+      if (originalAllowedRepos === undefined) {
+        delete process.env.GH_AW_ALLOWED_REPOS;
+      } else {
+        process.env.GH_AW_ALLOWED_REPOS = originalAllowedRepos;
+      }
+    }
+  });
+
+  it("allows workflow_dispatch target_repo when it is in allowlist", () => {
+    const originalAllowedRepos = process.env.GH_AW_ALLOWED_REPOS;
+    try {
+      process.env.GH_AW_ALLOWED_REPOS = "target-owner/target-repo";
+
+      const resolved = resolveInvocationContext({
+        eventName: "workflow_dispatch",
+        repo: { owner: "side-owner", repo: "side-repo" },
+        payload: {
+          inputs: {
+            target_repo: "target-owner/target-repo",
+          },
+        },
+      });
+
+      expect(resolved.eventRepo).toEqual({ owner: "target-owner", repo: "target-repo" });
+    } finally {
+      if (originalAllowedRepos === undefined) {
+        delete process.env.GH_AW_ALLOWED_REPOS;
+      } else {
+        process.env.GH_AW_ALLOWED_REPOS = originalAllowedRepos;
+      }
+    }
+  });
+
+  it("allows workflow_dispatch without target_repo inputs", () => {
+    const resolved = resolveInvocationContext({
+      eventName: "workflow_dispatch",
+      repo: { owner: "side-owner", repo: "side-repo" },
+      payload: {
+        inputs: {
+          event_name: "issues",
+        },
+      },
+    });
+
+    expect(resolved.eventName).toBe("issues");
+    expect(resolved.eventRepo).toEqual({ owner: "side-owner", repo: "side-repo" });
+  });
 });
