Conformance Check Failure
Check ID: SEC-004
Severity: MEDIUM
Category: Security (Content Sanitization)
Problem Description
The Safe Outputs conformance checker (scripts/check-safe-outputs-conformance.sh) flags actions/setup/js/artifact_client.cjs because it contains a body: field but no sanitization token (sanitize / stripHTML / escapeMarkdown / cleanContent), and carries no @safe-outputs-exempt SEC-004 annotation.
SEC-004 requires that agent-authored content destined for a GitHub API (issue/PR/comment bodies) be sanitized before use. Investigation shows this is a heuristic false positive: the two body occurrences in artifact_client.cjs are HTTP request bodies for the Actions artifact (Twirp) service, not user-authored comment content:
actions/setup/js/artifact_client.cjs:78 — body: JSON.stringify(body) (Twirp RPC request payload)actions/setup/js/artifact_client.cjs:187 — body: fs.createReadStream(filePath) (file upload stream)
Neither value is agent safe-output content written back to a GitHub issue/PR/comment. The correct remediation is to add a documented @safe-outputs-exempt SEC-004 annotation, matching the established pattern already used for transport-payload body references elsewhere in this codebase (mcp_cli_bridge.cjs, mount_mcp_as_cli.cjs, start_mcp_gateway.cjs).
Affected Components
- Files:
actions/setup/js/artifact_client.cjs (body at lines 78 and 187)
- Handlers: none — this is the artifact upload/download client, not a safe-output content handler
🔍 Current vs Expected Behavior
Current Behavior
artifact_client.cjs uses body: for HTTP request payloads (a JSON-stringified Twirp request and a file read stream). The SEC-004 heuristic matches body: and, finding no sanitization helper and no exemption annotation, reports a MEDIUM failure.
Expected Behavior
Since these body values are HTTP transport payloads — not agent-authored content reflected into a GitHub API — the file should carry a documented @safe-outputs-exempt SEC-004 annotation explaining the false positive, consistent with the existing transport-payload exemptions in actions/setup/js/.
Remediation Steps
This task can be assigned to a Copilot coding agent:
- Confirm the two
body occurrences in actions/setup/js/artifact_client.cjs (lines 78 and 187) are HTTP request payloads (Twirp JSON request body and an upload file stream), not agent safe-output content.
- Add a documented exemption annotation near the top of the file in the same style as
actions/setup/js/mcp_cli_bridge.cjs, e.g.:
// @safe-outputs-exempt SEC-004: "body" references are HTTP transport payloads (Twirp RPC request body / artifact upload stream), not user-authored comment bodies.
Verification
After remediation, run:
bash scripts/check-safe-outputs-conformance.sh
The SEC-004 check should report PASS and the Medium Failures count should drop to 0.
References
- Safe Outputs Specification:
docs/src/content/docs/specs/safe-outputs-specification.md
- Conformance Checker:
scripts/check-safe-outputs-conformance.sh (SEC-004, lines ~135-162)
- Existing exemption pattern:
actions/setup/js/mcp_cli_bridge.cjs, actions/setup/js/start_mcp_gateway.cjs
- Run ID: 27400439574
Generated by ✅ Daily Safe Outputs Conformance Checker · 66.5 AIC · ⌖ 12.9 AIC · ⊞ 6.6K · ◷
Conformance Check Failure
Check ID: SEC-004
Severity: MEDIUM
Category: Security (Content Sanitization)
Problem Description
The Safe Outputs conformance checker (
scripts/check-safe-outputs-conformance.sh) flagsactions/setup/js/artifact_client.cjsbecause it contains abody:field but no sanitization token (sanitize/stripHTML/escapeMarkdown/cleanContent), and carries no@safe-outputs-exempt SEC-004annotation.SEC-004 requires that agent-authored content destined for a GitHub API (issue/PR/comment bodies) be sanitized before use. Investigation shows this is a heuristic false positive: the two
bodyoccurrences inartifact_client.cjsare HTTP request bodies for the Actions artifact (Twirp) service, not user-authored comment content:actions/setup/js/artifact_client.cjs:78—body: JSON.stringify(body)(Twirp RPC request payload)actions/setup/js/artifact_client.cjs:187—body: fs.createReadStream(filePath)(file upload stream)Neither value is agent safe-output content written back to a GitHub issue/PR/comment. The correct remediation is to add a documented
@safe-outputs-exempt SEC-004annotation, matching the established pattern already used for transport-payloadbodyreferences elsewhere in this codebase (mcp_cli_bridge.cjs,mount_mcp_as_cli.cjs,start_mcp_gateway.cjs).Affected Components
actions/setup/js/artifact_client.cjs(bodyat lines 78 and 187)🔍 Current vs Expected Behavior
Current Behavior
artifact_client.cjsusesbody:for HTTP request payloads (a JSON-stringified Twirp request and a file read stream). The SEC-004 heuristic matchesbody:and, finding no sanitization helper and no exemption annotation, reports a MEDIUM failure.Expected Behavior
Since these
bodyvalues are HTTP transport payloads — not agent-authored content reflected into a GitHub API — the file should carry a documented@safe-outputs-exempt SEC-004annotation explaining the false positive, consistent with the existing transport-payload exemptions inactions/setup/js/.Remediation Steps
This task can be assigned to a Copilot coding agent:
bodyoccurrences inactions/setup/js/artifact_client.cjs(lines 78 and 187) are HTTP request payloads (Twirp JSON request body and an upload file stream), not agent safe-output content.actions/setup/js/mcp_cli_bridge.cjs, e.g.://@safe-outputs-exemptSEC-004: "body" references are HTTP transport payloads (Twirp RPC request body / artifact upload stream), not user-authored comment bodies.Verification
After remediation, run:
The SEC-004 check should report PASS and the Medium Failures count should drop to 0.
References
docs/src/content/docs/specs/safe-outputs-specification.mdscripts/check-safe-outputs-conformance.sh(SEC-004, lines ~135-162)actions/setup/js/mcp_cli_bridge.cjs,actions/setup/js/start_mcp_gateway.cjs