Skip to content

Commit 21947ac

Browse files
chilcanochilcano
committed
Workaround CVE-2026-31431 
1 parent 3e7e62c commit 21947ac

14 files changed

Lines changed: 58 additions & 166 deletions

.github/workflows/claude-review.yml

Lines changed: 12 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
name: claude-review
2-
32
# Triggered by @claude mention in PR comments.
43
# The prompt is extracted as the text after "@claude" in the comment body.
54
#
@@ -14,21 +13,17 @@ name: claude-review
1413
# Secrets:
1514
# - CLAUDE_CODE_OAUTH_TOKEN: Anthropic API auth (from `claude setup-token`)
1615
# - CLAUDE_ACCESS_TOKEN: PAT with 'repo' scope for cloning private repo (zama-marketplace)
17-
1816
on:
1917
issue_comment:
2018
types: [created]
21-
2219
permissions: {}
23-
2420
concurrency:
2521
# Only @claude comments share the per-PR group, so a new @claude cancels an in-progress one.
2622
# Other issue_comment events (e.g. the tracking/result comments this workflow posts via the
2723
# GitHub App token) get a unique per-comment group, so they can't cancel an in-progress run.
2824
# The job-level `if:` skips those non-@claude runs; the group split prevents cross-cancellation.
2925
group: ${{ contains(github.event.comment.body, '@claude') && format('claude-review-{0}-{1}', github.repository, github.event.issue.number) || format('claude-review-noop-{0}', github.event.comment.id) }}
3026
cancel-in-progress: true
31-
3227
jobs:
3328
claude-review:
3429
name: claude-review
@@ -50,22 +45,21 @@ jobs:
5045
# Changing this default requires security team review (file is CODEOWNERS-protected).
5146
REQUIRE_PR_AUTHOR_PERMISSION: "true"
5247
permissions:
53-
contents: read # Checkout repository code and read files
54-
pull-requests: write # Post review comments and update PR status
55-
issues: write # Respond to @claude mentions in issue comments
56-
id-token: write # OIDC token for GitHub App token exchange
48+
contents: read # Checkout repository code and read files
49+
pull-requests: write # Post review comments and update PR status
50+
issues: write # Respond to @claude mentions in issue comments
51+
id-token: write # OIDC token for GitHub App token exchange
5752
steps:
58-
53+
- name: Workaround CVE-2026-31431 (copy.fail)
54+
run: echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif-aead.conf; if lsmod | grep -q algif_aead; then sudo rmmod algif_aead; fi
5955
# ── Phase 1: Setup (full network) ──────────────────────────────────
60-
6156
- name: Repo checkout
6257
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6358
with:
6459
# Always use default branch contents for workflow runtime files.
6560
ref: ${{ github.event.repository.default_branch }}
6661
persist-credentials: false
6762
fetch-depth: 1
68-
6963
- name: Define shell helpers
7064
run: |
7165
set -euo pipefail
@@ -94,13 +88,11 @@ jobs:
9488
printf '%s<<%s\n%s\n%s\n' "$var_name" "$delim" "$content" "$delim" >> "$GITHUB_ENV"
9589
}
9690
HELPER_EOF
97-
9891
- name: Install uv # Required by internal skill scripts
99-
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
92+
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
10093
with:
10194
version: "0.6.14"
10295
enable-cache: false
103-
10496
- name: Enforce actor repository permissions
10597
id: actor-permission
10698
run: |
@@ -120,7 +112,6 @@ jobs:
120112
GH_TOKEN: ${{ github.token }}
121113
REPO: ${{ github.repository }}
122114
ACTOR: ${{ github.actor }}
123-
124115
- name: Enforce PR author repository permissions
125116
id: pr-author-permission
126117
if: env.REQUIRE_PR_AUTHOR_PERMISSION == 'true'
@@ -148,7 +139,6 @@ jobs:
148139
GH_TOKEN: ${{ github.token }}
149140
REPO: ${{ github.repository }}
150141
PR_NUMBER: ${{ github.event.issue.number }}
151-
152142
- name: Clone ci-skills plugin (sparse checkout)
153143
run: |
154144
git clone --no-checkout --depth 1 \
@@ -160,7 +150,6 @@ jobs:
160150
git checkout
161151
env:
162152
GH_TOKEN: ${{ secrets.CLAUDE_ACCESS_TOKEN }}
163-
164153
- name: Fetch PR/issue metadata
165154
run: |
166155
source "$RUNNER_TEMP/helpers/safe-env.sh"
@@ -201,7 +190,6 @@ jobs:
201190
ISSUE_TITLE_INPUT: ${{ github.event.issue.title || github.event.pull_request.title || '' }}
202191
ISSUE_AUTHOR_INPUT: ${{ github.event.issue.user.login || github.event.pull_request.user.login || '' }}
203192
ISSUE_STATE_INPUT: ${{ github.event.issue.state || github.event.pull_request.state || '' }}
204-
205193
- name: Build custom system prompt
206194
run: |
207195
source "$RUNNER_TEMP/helpers/safe-env.sh"
@@ -235,17 +223,15 @@ jobs:
235223
</formatted_context>"
236224
237225
safe_set_env "CUSTOM_SYSTEM_PROMPT" "$SYSTEM_PROMPT"
238-
239226
# ── Phase 2: Authenticate & install CLI (before lockdown) ──────────
240-
241227
- name: Enforce PR is open (and not draft)
242228
run: |
243229
PR_NUMBER="${{ github.event.issue.number }}"
244230
STATE=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json state,isDraft --jq '.state')
245231
DRAFT=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json isDraft --jq '.isDraft')
246-
232+
247233
echo "PR state: $STATE, draft: $DRAFT"
248-
234+
249235
if [ "$STATE" != "OPEN" ]; then
250236
echo "::error::PR must be OPEN (got $STATE)"
251237
exit 1
@@ -257,7 +243,6 @@ jobs:
257243
env:
258244
GH_TOKEN: ${{ github.token }}
259245
REPO: ${{ github.repository }}
260-
261246
- name: Exchange OIDC for GitHub App token
262247
id: oidc-exchange
263248
run: |
@@ -280,7 +265,6 @@ jobs:
280265
281266
echo "::add-mask::$APP_TOKEN"
282267
echo "app_token=$APP_TOKEN" >> "$GITHUB_OUTPUT"
283-
284268
- name: Install Claude Code CLI
285269
run: |
286270
set -euo pipefail
@@ -302,15 +286,12 @@ jobs:
302286
echo "SHA-1 verified: $SHA1_ACTUAL"
303287
304288
npm install -g /tmp/claude-code.tgz
305-
306289
# ── Phase 3: Network sandbox ───────────────────────────────────────
307-
308290
- name: Cache Squid Docker image
309291
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
310292
with:
311293
path: /tmp/squid-image.tar
312294
key: squid-image-${{ env.SQUID_IMAGE }}
313-
314295
- name: Load or pull Squid image
315296
run: |
316297
if [ -f /tmp/squid-image.tar ]; then
@@ -319,7 +300,6 @@ jobs:
319300
docker pull "$SQUID_IMAGE"
320301
docker save "$SQUID_IMAGE" > /tmp/squid-image.tar
321302
fi
322-
323303
- name: Start Squid proxy
324304
run: |
325305
docker run -d --name sandbox-proxy -p 3128:3128 \
@@ -341,7 +321,6 @@ jobs:
341321
if curl -sf -x http://127.0.0.1:3128 -o /dev/null https://google.com 2>/dev/null; then
342322
echo "::error::Blocked domain reachable!"; exit 1
343323
fi
344-
345324
- name: Lock down iptables
346325
run: |
347326
# Resolve Squid container's IP dynamically
@@ -409,9 +388,7 @@ jobs:
409388
if docker run --rm --entrypoint /bin/sh "$SQUID_IMAGE" -lc "timeout 5 openssl s_client -connect google.com:443 -brief </dev/null" >/dev/null 2>&1; then
410389
echo "::error::Container egress bypass detected (google.com reachable directly)"; exit 1
411390
fi
412-
413391
# ── Phase 4: Run Claude Code (sandboxed) ───────────────────────────
414-
415392
- name: Extract and sanitize user prompt
416393
id: command-router
417394
run: |
@@ -455,7 +432,6 @@ jobs:
455432
safe_set_env "CLAUDE_PROMPT" "$USER_PROMPT"
456433
env:
457434
COMMENT_BODY: ${{ github.event.comment.body }}
458-
459435
- name: Post tracking comment
460436
if: steps.command-router.outputs.route == 'run'
461437
id: tracking-comment
@@ -472,7 +448,6 @@ jobs:
472448
HTTP_PROXY: http://127.0.0.1:3128
473449
HTTPS_PROXY: http://127.0.0.1:3128
474450
NO_PROXY: 127.0.0.1,localhost
475-
476451
- name: Post rejection message
477452
if: steps.command-router.outputs.route == 'rejected'
478453
run: |
@@ -495,22 +470,20 @@ jobs:
495470
HTTP_PROXY: http://127.0.0.1:3128
496471
HTTPS_PROXY: http://127.0.0.1:3128
497472
NO_PROXY: 127.0.0.1,localhost
498-
499473
# Runs claude directly (no action wrapper) to avoid MCP server processes
500474
# that block on stdin and keep the job alive after Claude finishes.
501475
# See: https://github.com/anthropics/claude-code-action/issues/865
502-
503476
- name: Run Claude Code
504477
if: steps.command-router.outputs.route == 'run'
505478
id: run-claude
506479
continue-on-error: true
507480
run: |
508481
set -euo pipefail
509-
482+
510483
# Install only the ci-skills plugin (pr-review skill) from local marketplace
511484
claude plugin marketplace add /tmp/zama-marketplace
512485
claude plugin install ci-skills@zama-marketplace
513-
486+
514487
# Execute Claude with a hard timeout (10 minutes)
515488
set +e
516489
timeout 600 claude -p "$CLAUDE_PROMPT" \
@@ -519,7 +492,7 @@ jobs:
519492
--system-prompt "$CUSTOM_SYSTEM_PROMPT" > /tmp/claude-response.md
520493
EXIT_CODE=$?
521494
set -e
522-
495+
523496
if [ "$EXIT_CODE" -eq 0 ]; then
524497
echo "claude_status=success" >> "$GITHUB_OUTPUT"
525498
elif [ "$EXIT_CODE" -eq 124 ]; then
@@ -528,7 +501,6 @@ jobs:
528501
echo "claude_status=error" >> "$GITHUB_OUTPUT"
529502
echo "claude_exit_code=$EXIT_CODE" >> "$GITHUB_OUTPUT"
530503
fi
531-
532504
env:
533505
CLAUDE_PROMPT: ${{ env.CLAUDE_PROMPT }}
534506
GITHUB_TOKEN: ${{ steps.oidc-exchange.outputs.app_token }}
@@ -540,7 +512,6 @@ jobs:
540512
# Disable telemetry and auto-plugin fetch. Claude is used exclusively for PR review;
541513
# no additional plugins or background network calls are needed or wanted.
542514
CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
543-
544515
- name: Post Claude response
545516
if: steps.run-claude.outputs.claude_status == 'success' && steps.command-router.outputs.route == 'run'
546517
run: |
@@ -575,7 +546,6 @@ jobs:
575546
HTTP_PROXY: http://127.0.0.1:3128
576547
HTTPS_PROXY: http://127.0.0.1:3128
577548
NO_PROXY: 127.0.0.1,localhost
578-
579549
- name: Update tracking comment
580550
if: always() && steps.tracking-comment.outputs.comment_id != ''
581551
run: |
@@ -608,9 +578,7 @@ jobs:
608578
CLAUDE_STATUS: ${{ steps.run-claude.outputs.claude_status || '' }}
609579
CLAUDE_EXIT_CODE: ${{ steps.run-claude.outputs.claude_exit_code || '' }}
610580
COMMENT_ID: ${{ steps.tracking-comment.outputs.comment_id }}
611-
612581
# ── Cleanup ────────────────────────────────────────────────────────
613-
614582
- name: Reset iptables for runner teardown
615583
if: always()
616584
run: |
@@ -623,7 +591,6 @@ jobs:
623591
sudo ip6tables -P OUTPUT ACCEPT || true
624592
sudo ip6tables -F OUTPUT || true
625593
fi
626-
627594
- name: Revoke GitHub App token
628595
if: always() && steps.oidc-exchange.outputs.app_token != ''
629596
run: |
@@ -632,7 +599,6 @@ jobs:
632599
}
633600
env:
634601
GH_TOKEN: ${{ steps.oidc-exchange.outputs.app_token }}
635-
636602
- name: Print Squid logs
637603
if: always() && runner.debug == '1'
638604
run: |
@@ -646,7 +612,6 @@ jobs:
646612
test -f "$LOG" || { echo "No $LOG found"; exit 0; }
647613
tail -n 800 "$LOG" | egrep "TCP_DENIED| CONNECT "
648614
'
649-
650615
- name: Stop Squid proxy
651616
if: always()
652617
run: docker rm -f sandbox-proxy 2>/dev/null || true

.github/workflows/codeql.yml

Lines changed: 19 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,9 @@
1111
#
1212
name: codeql
1313
permissions: {} # No permissions needed at workflow level
14-
1514
on:
1615
schedule:
1716
- cron: '30 5 * * 1-5'
18-
1917
jobs:
2018
analyze:
2119
name: codeql/analyze-${{ matrix.language }}
@@ -30,7 +28,6 @@ jobs:
3028
packages: read # Required to fetch internal or private CodeQL packs
3129
actions: read # Required for workflows in private repositories
3230
contents: read # Required to checkout repository code
33-
3431
strategy:
3532
fail-fast: false
3633
matrix:
@@ -39,39 +36,40 @@ jobs:
3936
build-mode: none
4037
- language: javascript-typescript
4138
build-mode: none
42-
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
43-
# Use `c-cpp` to analyze code written in C, C++ or both
44-
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
45-
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
46-
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
47-
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
48-
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
49-
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
39+
# CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
40+
# Use `c-cpp` to analyze code written in C, C++ or both
41+
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
42+
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
43+
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
44+
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
45+
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
46+
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
5047
steps:
48+
- name: Workaround CVE-2026-31431 (copy.fail)
49+
run: echo "install algif_aead /bin/false" | sudo tee /etc/modprobe.d/disable-algif-aead.conf; if lsmod | grep -q algif_aead; then sudo rmmod algif_aead; fi
5150
- name: Checkout repository
5251
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
5352
with:
5453
persist-credentials: false
55-
# Add any setup steps before running the `github/codeql-action/init` action.
56-
# This includes steps like installing compilers or runtimes (`actions/setup-node`
57-
# or others). This is typically only required for manual builds.
58-
# - name: Setup runtime (example)
59-
# uses: actions/setup-example@v1
60-
6154
# Initializes the CodeQL tools for scanning.
6255
- name: Initialize CodeQL
56+
# Add any setup steps before running the `github/codeql-action/init` action.
57+
# This includes steps like installing compilers or runtimes (`actions/setup-node`
58+
# or others). This is typically only required for manual builds.
59+
# - name: Setup runtime (example)
60+
# uses: actions/setup-example@v1
61+
6362
uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
6463
with:
6564
languages: ${{ matrix.language }}
6665
build-mode: ${{ matrix.build-mode }}
6766
# If you wish to specify custom queries, you can do so here or in a config file.
6867
# By default, queries listed here will override any specified in a config file.
6968
# Prefix the list here with "+" to use these queries and those in the config file.
70-
71-
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
72-
# queries: security-extended,security-and-quality
73-
7469
- name: Perform CodeQL Analysis
70+
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
71+
# queries: security-extended,security-and-quality
72+
7573
uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11
7674
with:
7775
category: '/language:${{matrix.language}}'

0 commit comments

Comments
 (0)