feat: add time-based comment filtering to tag mode#512
Merged
Conversation
Implement time-based filtering for GitHub comments and reviews to prevent malicious actors from editing existing comments after Claude is triggered to inject harmful content. Changes: - Add updatedAt and lastEditedAt fields to GraphQL queries - Update GitHubComment and GitHubReview types with timestamp fields - Implement filterCommentsToTriggerTime() and filterReviewsToTriggerTime() - Add extractTriggerTimestamp() to extract trigger time from webhooks - Update tag and review modes to pass trigger timestamp to data fetcher Security benefits: - Prevents comment injection attacks via post-trigger edits - Maintains chronological integrity of conversation context - Ensures only comments in their final state before trigger are processed - Backward compatible with graceful degradation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
4fdc05d to
50eed8d
Compare
ddworken
approved these changes
Aug 29, 2025
EffortlessSteven
added a commit
to EffortlessSteven/claude-code-action
that referenced
this pull request
Jun 5, 2026
Issue/PR comments (anthropics#512) and the issue/PR body (anthropics#710) are filtered to the trigger timestamp so content created or edited after an authorized trigger cannot be injected into Claude's prompt (TOCTOU protection). Reviews and inline review comments were not: fetchGitHubData returned reviewData filtered by actor only, and formatReviewComments renders it into the prompt, so a review submitted or edited after the trigger reached Claude verbatim. filterReviewsToTriggerTime already existed (added alongside the comment filter in anthropics#512) but was only wired to the image-download list, never to the returned reviewData. Apply filterReviewsToTriggerTime to reviewData.nodes and filterCommentsToTriggerTime to each review's inline comments, alongside the existing actor filter. Strengthen the two integration tests to assert that post-trigger and edited-after reviews/comments are dropped.
EffortlessSteven
added a commit
to EffortlessSteven/claude-code-action
that referenced
this pull request
Jun 5, 2026
Issue/PR comments (anthropics#512) and the issue/PR body (anthropics#710) are filtered to the trigger timestamp so content created or edited after an authorized trigger cannot be injected into Claude's prompt (TOCTOU protection). Reviews and inline review comments were not: fetchGitHubData returned reviewData filtered by actor only, and formatReviewComments renders it into the prompt, so a review submitted or edited after the trigger reached Claude verbatim. filterReviewsToTriggerTime already existed (added alongside the comment filter in anthropics#512) but was only wired to the image-download list, never to the returned reviewData. Filter reviewData.nodes through filterReviewsToTriggerTime and each review's inline comments through filterCommentsToTriggerTime, alongside the existing actor filter, then build the review image-processing lists from those already-filtered nodes (removing a now-redundant second filter pass). Strengthen the two integration tests to assert post-trigger and edited-after reviews/comments are dropped.
EffortlessSteven
added a commit
to EffortlessSteven/claude-code-action
that referenced
this pull request
Jun 5, 2026
Issue/PR comments (anthropics#512) and the issue/PR body (anthropics#710) are filtered to the trigger timestamp so content created or edited after an authorized trigger cannot be injected into Claude's prompt (TOCTOU protection). Reviews and inline review comments were not: fetchGitHubData returned reviewData filtered by actor only, and formatReviewComments renders it into the prompt, so a review submitted or edited after the trigger reached Claude verbatim. filterReviewsToTriggerTime already existed (added alongside the comment filter in anthropics#512) but was only wired to the image-download list, never to the returned reviewData. Filter reviewData.nodes through filterReviewsToTriggerTime and each review's inline comments through filterCommentsToTriggerTime, alongside the existing actor filter, then build the review image-processing lists from those already-filtered nodes (removing a now-redundant second filter pass). Strengthen the two integration tests to assert post-trigger and edited-after reviews/comments are dropped.
ashwin-ant
pushed a commit
that referenced
this pull request
Jun 22, 2026
) Issue/PR comments (#512) and the issue/PR body (#710) are filtered to the trigger timestamp so content created or edited after an authorized trigger cannot be injected into Claude's prompt (TOCTOU protection). Reviews and inline review comments were not: fetchGitHubData returned reviewData filtered by actor only, and formatReviewComments renders it into the prompt, so a review submitted or edited after the trigger reached Claude verbatim. filterReviewsToTriggerTime already existed (added alongside the comment filter in #512) but was only wired to the image-download list, never to the returned reviewData. Filter reviewData.nodes through filterReviewsToTriggerTime and each review's inline comments through filterCommentsToTriggerTime, alongside the existing actor filter, then build the review image-processing lists from those already-filtered nodes (removing a now-redundant second filter pass). Strengthen the two integration tests to assert post-trigger and edited-after reviews/comments are dropped.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement time-based filtering for GitHub comments and reviews to prevent malicious actors from editing existing comments after Claude is triggered to inject harmful content.
Changes:
🤖 Generated with Claude Code