Skip to content

ci(fix-security-vulnerability): Use opus 4.6 #19416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nicohrubec merged 1 commit into from
Feb 19, 2026
Merged

ci(fix-security-vulnerability): Use opus 4.6 #19416

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/fix-security-vulnerability.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,5 +51,6 @@ jobs:
- Label: "Security"
- Body: Include the full vulnerability details, your analysis,
the recommended dismissal reason, and why the alert cannot/should not be fixed.
model: claude-opus-4-6
claude_args: |
--max-turns 20 --allowedTools "Bash(gh api repos/getsentry/sentry-javascript/dependabot/alerts/*),Bash(gh pr create *),Bash(gh issue create *),Bash(yarn why *),Bash(yarn install*),Bash(yarn dedupe-deps:*),Bash(npm view *),Bash(git checkout *),Bash(git add *),Bash(git commit *),Edit,Write"
--max-turns 20 --allowedTools "Bash(gh api *repos/getsentry/sentry-javascript/dependabot/alerts/*),Bash(gh pr create *),Bash(gh issue create *),Bash(yarn why *),Bash(yarn install*),Bash(yarn dedupe-deps:*),Bash(npm view *),Bash(git checkout *),Bash(git add *),Bash(git commit *),Edit,Write"
Copy link

@sentry sentry bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The allowedTools pattern for gh api includes an unintentional leading wildcard *, making it overly permissive and conflicting with explicit prompt instructions.
Severity: MEDIUM

Suggested Fix

Remove the leading wildcard * from the allowedTools pattern. The pattern should be Bash(gh api repos/getsentry/sentry-javascript/dependabot/alerts/*) to strictly enforce the intended command structure and prevent the use of forbidden flags.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/fix-security-vulnerability.yml#L56

Potential issue: In the `fix-security-vulnerability.yml` workflow, the `allowedTools`
pattern for `gh api` was changed to `Bash(gh api
*repos/getsentry/sentry-javascript/dependabot/alerts/*)`. The leading wildcard `*`
before `repos/` is likely unintentional and creates an overly permissive security rule.
This change allows the AI assistant to potentially bypass explicit instructions in the
prompt that forbid using flags like `--paginate`. While the prompt instructs the model
to use an exact command format, this technical loophole weakens the security boundary
intended to restrict the AI's actions.

Did we get this right? 👍 / 👎 to inform future reviews.

Copy link

@cursor cursor bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overly permissive wildcard weakens security tool restriction

Medium Severity

The leading * wildcard in Bash(gh api *repos/getsentry/sentry-javascript/dependabot/alerts/*) allows arbitrary text before repos/, including CLI flags like --method PATCH. The SKILL.md teaches the agent to dismiss alerts via gh api --method PATCH repos/.../dependabot/alerts/<number>, which the original pattern blocked but the new pattern permits. This undermines the defense-in-depth for the prompt's "Do NOT dismiss any alerts" instruction. A narrower fix (e.g., adding a second pattern for /repos/...) would preserve least-privilege.

Fix in Cursor Fix in Web

Triggered by project rule: PR Review Guidelines for Cursor Bot

Loading