security: fix /undo authz bypass and GITHUB_OUTPUT heredoc injection

[Kavirubc]

Summary

Security fixes

• /undo authorization bypass (internal/steps/command_handler.go): Any GitHub user who could comment on an issue could issue /undo with no permission check. Since the bot scans for its own "Transferred from" marker to find a transfer target, an attacker could plant a forged bot-looking comment and then post /undo to redirect the issue to any repository the bot token has write access to. Fixed by adding the same OWNER/MEMBER/COLLABORATOR association guard that handleClaudeCodeTrigger already enforces.

• GITHUB_OUTPUT heredoc injection (internal/steps/claude_code_handler.go): writeGitHubOutput used a hardcoded EOF heredoc delimiter. A collaborator whose comment contained the literal string \nEOF\n could prematurely terminate the heredoc and inject arbitrary key=value pairs into the GitHub Actions runner output (e.g. override claude_code_mode). Fixed by generating a random 8-byte hex-suffixed delimiter per call (e.g. EOF_a3f9b2c1).

Dependency pinning

• google.golang.org/grpc: upgraded from v1.71.0-dev (pre-release) to v1.71.1 (stable tagged release). Also pulls stable patches for golang.org/x/crypto, golang.org/x/net, and google.golang.org/genproto/googleapis/api.

GitHub security features enabled (via API)

• Dependabot security updates: enabled
• Secret scanning: enabled
• Secret scanning push protection: enabled
• Branch protection: require_last_push_approval enabled

Full codebase audit notes

The deep audit (every .go file, all workflows, Dockerfile, action.yml, go.mod) found no additional vulnerabilities beyond the two fixed above. TLS InsecureSkipVerify is not used, no hardcoded secrets, no exec.Command with user-controlled input, no expression injection in workflow run: steps.

Test plan

• go build ./... and go vet ./... pass (verified locally)
• go test ./... passes
• Non-collaborator /undo comment is skipped (check logs)
• Multi-line query containing \nEOF\n does not inject extra GITHUB_OUTPUT variables

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores

  • Updated project dependencies, including gRPC, cryptography, networking, and API libraries to latest stable versions.

• Bug Fixes

  • Improved output handling with randomized delimiter management to prevent potential injection vulnerabilities.
  • Added authorization checks to the /undo command, restricting usage to repository owners, members, and collaborators.

[coderabbitai]

Warning

Rate limit exceeded

@Kavirubc has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 25 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1fee2017-2ec6-4cab-bf7d-a32d7fe41da7

📥 Commits

Reviewing files that changed from the base of the PR and between 30a2ff1 and d643690.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod
• internal/steps/claude_code_handler.go
• internal/steps/command_handler.go

📝 Walkthrough

Walkthrough

This pull request updates dependencies (gRPC, crypto, and networking libraries), hardens GitHub Actions output handling against delimiter injection by using randomized heredoc delimiters, and adds authorization validation to the /undo command to restrict it to owners, members, and collaborators.

Changes

Security Hardening and Dependency Updates

Layer / File(s)	Summary
Dependency Updates go.mod	gRPC bumped to v1.71.1; transitive crypto (v0.32.0), net (v0.34.0), and genproto/api (20250106) versions advanced.
GitHub Actions Output Safety internal/steps/claude_code_handler.go	Imports crypto/rand and encoding/hex; writeGitHubOutput switches from fixed EOF heredoc delimiter to randomized delimiter to prevent injection.
Command Authorization Gate internal/steps/command_handler.go	handleUndo validates comment author association, allowing only OWNER, MEMBER, or COLLABORATOR; unauthorized attempts are logged and skipped.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

security, bug

Poem

🐰 A rabbit hops through code so fine,
With random seeds in place of EOF line,
And guards the /undo gate with care—
Authorized voices only, if you dare!
Security blooms in three swift bounds,
Where randomness and checks abound.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the two main security fixes: authorization bypass prevention in /undo and heredoc injection prevention in GITHUB_OUTPUT handling.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch security/fix-undo-authz-and-heredoc-injection

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Kavirubc]

Hi all,

These were enabled as well

Thanks.