lintai docs

Appearance

Rule Reference

SEC325lintai-ai-securitysupply-chainhardeningpreviewgithub_workflowwarn

GitHub Actions: untrusted expression in run

GitHub Actions workflow interpolates untrusted expression data directly inside a run command

Public lane
supply-chain
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
github_workflow
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Reproducibility, provenance, and dependency hardening review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

supply-chainsidecar lane

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Shell safety depends on how the interpolated expression is consumed inside the run command.

Promotion requirements

Needs corpus-backed precision review, external usefulness evidence, and completed stable checklist metadata.

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC328GitHub Actions: write-capable third-party actionGitHub Actions workflow combines explicit write-capable permissions with a third-party actionsupply-chainhardeninggithub_workflow
SEC324GitHub Actions: unpinned third-party actionGitHub Actions workflow uses a third-party action that is not pinned to a full commit SHAsupply-chainhardeninggithub_workflow
SEC326GitHub Actions: pull_request_target checkoutGitHub Actions pull_request_target workflow checks out untrusted pull request head contentsupply-chainhardeninggithub_workflow
SEC327GitHub Actions: write-all tokenGitHub Actions workflow grants GITHUB_TOKEN write-all permissionssupply-chainhardeninggithub_workflow

Why It Matters

Directly interpolating untrusted expression data into a shell run: step can turn workflow inputs or event data into shell syntax. The risk depends on how the value is consumed, which is why this rule stays preview even though the trigger is structural.

What Triggers

SEC325 applies to semantically confirmed GitHub Actions workflow YAML and triggers when:

  • a run: command directly embeds untrusted expression data such as ${{ inputs.* }} or event payload values
  • and the expression is used inline in the shell command rather than first being assigned into a safer indirection path

Example that triggers:

yaml
- run: echo ${{ inputs.version }}

Example that stays clean:

yaml
- run: VERSION=${{ inputs.version }}

False Positives

This rule stays Preview because shell safety depends on how the interpolated value is ultimately consumed. The signal is still useful because direct inline interpolation is a high-risk composition pattern in CI.

Remediation

Avoid interpolating untrusted expression data directly inside run: commands. Route the value through validated environment handling or a safer non-shell boundary first.