SEC-004 conformance: sanitize close-issue comment body and add explicit handler exemptions (#27448)

Author: Copilot

actions/setup/js/close_agentic_workflows_issues.cjs

@@ -2,8 +2,11 @@
 /// <reference types="@actions/github-script" />
 
 const { resolveExecutionOwnerRepo } = require("./repo_helpers.cjs");
+const { sanitizeContent } = require("./sanitize_content.cjs");
 
 const TARGET_LABEL = "agentic-workflows";
+// Keep a conservative, explicit upper bound for comment sanitization.
+const MAX_COMMENT_BODY_LENGTH = 65536;
 const NO_REPRO_MESSAGE = `Closing as no repro.
 
 If this is still reproducible, please open a new issue with clear reproduction steps.`;
@@ -31,6 +34,23 @@ async function closeIssueAsNotPlanned(issueId) {
   });
 }
 
+/**
+ * Build the close-comment body with SEC-004 sanitization guarantees.
+ *
+ * @param {(content: string, options?: { maxLength?: number }) => string} [sanitize=sanitizeContent]
+ * @returns {string}
+ */
+function getNoReproCommentBody(sanitize = sanitizeContent) {
+  const body = sanitize(NO_REPRO_MESSAGE, { maxLength: MAX_COMMENT_BODY_LENGTH });
+  if (typeof body !== "string") {
+    throw new Error("Close comment body sanitization must return a string");
+  }
+  if (body.trim().length === 0) {
+    throw new Error("Close comment body is empty after sanitization");
+  }
+  return body;
+}
+
 /**
  * Close all open issues with the "agentic-workflows" label.
  * @returns {Promise<void>}
@@ -63,11 +83,11 @@ async function main() {
       owner,
       repo,
       issue_number: issue.number,
-      body: NO_REPRO_MESSAGE,
+      body: getNoReproCommentBody(),
     });
 
     await closeIssueAsNotPlanned(issue.node_id);
   }
 }
 
-module.exports = { main, closeIssueAsNotPlanned, CLOSE_ISSUE_MUTATION, NO_REPRO_MESSAGE };
+module.exports = { main, closeIssueAsNotPlanned, CLOSE_ISSUE_MUTATION, NO_REPRO_MESSAGE, MAX_COMMENT_BODY_LENGTH, getNoReproCommentBody };

actions/setup/js/close_agentic_workflows_issues.test.cjs

@@ -56,7 +56,7 @@ describe("close_agentic_workflows_issues", () => {
       owner: "testowner",
       repo: "testrepo",
       issue_number: 101,
-      body: module.NO_REPRO_MESSAGE,
+      body: module.getNoReproCommentBody(),
     });
 
     expect(mockGithub.graphql).toHaveBeenCalledTimes(1);
@@ -75,4 +75,18 @@ describe("close_agentic_workflows_issues", () => {
     expect(mockGithub.rest.issues.createComment).not.toHaveBeenCalled();
     expect(mockGithub.graphql).not.toHaveBeenCalled();
   });
+
+  it("sanitizes and validates the close comment body", async () => {
+    const module = await import("./close_agentic_workflows_issues.cjs");
+    const { sanitizeContent } = await import("./sanitize_content.cjs");
+    const sanitize = vi.fn().mockReturnValue(module.NO_REPRO_MESSAGE);
+
+    expect(module.getNoReproCommentBody()).toBe(sanitizeContent(module.NO_REPRO_MESSAGE, { maxLength: module.MAX_COMMENT_BODY_LENGTH }));
+    expect(module.getNoReproCommentBody(sanitize)).toBe(module.NO_REPRO_MESSAGE);
+    expect(sanitize).toHaveBeenCalledWith(module.NO_REPRO_MESSAGE, { maxLength: module.MAX_COMMENT_BODY_LENGTH });
+    expect(() => module.getNoReproCommentBody(() => "")).toThrow("Close comment body is empty after sanitization");
+    expect(() => module.getNoReproCommentBody(() => "   ")).toThrow("Close comment body is empty after sanitization");
+    expect(() => module.getNoReproCommentBody(() => " \n\t ")).toThrow("Close comment body is empty after sanitization");
+    expect(() => module.getNoReproCommentBody(() => 42)).toThrow("Close comment body sanitization must return a string");
+  });
 });

actions/setup/js/mcp_cli_bridge.cjs

@@ -3,6 +3,8 @@
 /**
  * mcp_cli_bridge.cjs
  *
+ * @safe-outputs-exempt SEC-004: "body" references are transport payloads/responses, not user-authored comment bodies
+ *
  * Node.js bridge that handles MCP session protocol for CLI wrapper scripts.
  * Each CLI wrapper is a thin bash script that invokes this bridge with the
  * server configuration and user-provided command + arguments.

actions/setup/js/mount_mcp_as_cli.cjs

@@ -4,6 +4,8 @@
 /**
  * mount_mcp_as_cli.cjs
  *
+ * @safe-outputs-exempt SEC-004: "body" references are JSON-RPC transport payloads, not user-authored comment bodies
+ *
  * Mounts MCP servers as local CLI tools by reading the manifest written by
  * start_mcp_gateway.cjs, querying each server for its tool list, and generating
  * a standalone bash wrapper script per server in ${RUNNER_TEMP}/gh-aw/mcp-cli/bin/.

actions/setup/js/start_mcp_gateway.cjs

@@ -7,6 +7,8 @@ require("./shim.cjs");
 /**
  * start_mcp_gateway.cjs
  *
+ * @safe-outputs-exempt SEC-004: "body" references are local healthcheck response payloads, not user-authored comment bodies
+ *
  * Starts the MCP gateway process that proxies MCP servers through a unified HTTP endpoint.
  * Following the MCP Gateway Specification:
  *   https://github.com/github/gh-aw/blob/main/docs/src/content/docs/reference/mcp-gateway.md

scripts/check-safe-outputs-conformance.sh

@@ -138,6 +138,11 @@ check_sanitization() {
     for handler in actions/setup/js/*.cjs; do
         # Skip test and utility files
         [[ "$handler" =~ (test|parse|buffer) ]] && continue
+
+        # Skip files with a documented SEC-004 exemption annotation
+        if grep -q "@safe-outputs-exempt[[:space:]]\\+SEC-004" "$handler"; then
+            continue
+        fi
 
         # Check if handler has body/content fields
         if grep -q "\"body\"\|body:" "$handler"; then