Add denylist for dangerous uv sync registry-override flags in setup-python-env action

[Copilot]

The extra-args validation in the setup-python-env composite action only enforced an allowlist regex, which permitted flags like --index-url, --extra-index-url, --trusted-host, and --find-links. These flags can silently redirect uv sync to an attacker-controlled package index — a supply-chain risk if extra-args is ever sourced from dynamic input.

Changes

• .github/actions/setup-python-env/action.yml — adds an explicit denylist check inside the validation loop, evaluated before the allowlist regex:

  for arg in $EXTRA_ARGS; do
    # Denylist: block flags that could redirect dependency resolution to an attacker-controlled index.
    if [[ "$arg" =~ ^--(index-url|extra-index-url|trusted-host|find-links)(=|$) ]]; then
      echo "::error::Blocked dangerous extra-args token: '$arg'. Registry overrides are not permitted." >&2
      exit 1
    fi
    if [[ ! "$arg" =~ ^-[a-zA-Z0-9=._:/@+-]+$ ]]; then
      echo "::error::Unsafe extra-args token: '$arg'. Each token must start with '-' and contain only safe flag characters." >&2
      exit 1
    fi
  done

  Catches both --flag=value and bare --flag forms for all four blocked flags.

Testing

• Not run (why?)
• uv run poe check
• Other: Validated denylist and allowlist logic manually with representative test cases covering allowed flags, all four blocked flag forms (=value and bare), and injection attempts.

Checklist

• Linked issue or task reference
• Added/updated tests where relevant
• Updated docs/README if needed
• No secrets or sensitive data added
• Considered backward compatibility and deployment impact

Additional context

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.