From 8763fd50fab9ddd00639f3686597083052e4f789 Mon Sep 17 00:00:00 2001 From: Andrew Nesbitt Date: Thu, 7 May 2026 13:38:31 +0100 Subject: [PATCH] fix(security): close gh permission gaps in settings.json Split from #88 per review. - gh auth token / gh auth refresh -> permissions.deny. gh auth token prints the GitHub token to stdout with no prompt, so any injection that reaches Bash can capture and exfil it via the already-allowlisted api.github.com. - gh workflow run -> permissions.ask. - gh api --method / gh api --input (flag-first variants) added alongside the existing gh api * --method * patterns so argument ordering can't sidestep the match. --- .claude/settings.json | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.claude/settings.json b/.claude/settings.json index 10b1af46..aa1e45be 100644 --- a/.claude/settings.json +++ b/.claude/settings.json @@ -63,7 +63,9 @@ "Bash(docker login *)", "Bash(npm publish *)", "Bash(pip install --upgrade *)", - "Bash(uv self update *)" + "Bash(uv self update *)", + "Bash(gh auth token*)", + "Bash(gh auth refresh*)" ], "ask": [ "Bash(git push *)", @@ -85,11 +87,14 @@ "Bash(gh repo edit *)", "Bash(gh repo delete *)", "Bash(gh api * --method *)", + "Bash(gh api --method *)", "Bash(gh api * --input *)", + "Bash(gh api --input *)", "Bash(gh secret *)", "Bash(gh ssh-key *)", "Bash(gh release upload *)", - "Bash(gh release delete *)" + "Bash(gh release delete *)", + "Bash(gh workflow run *)" ] } }