From d222fccf5e7394c762be52404f3fe5c7a8c60430 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 15:23:48 +0000
Subject: [PATCH 1/2] Initial plan


From 17faad8e1c522e21b1efdf8b71055eae50086106 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 15:25:18 +0000
Subject: [PATCH 2/2] Add denylist for dangerous uv sync registry-override
 flags in setup-python-env action

Co-authored-by: pmalarme <686568+pmalarme@users.noreply.github.com>
---
 .github/actions/setup-python-env/action.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/actions/setup-python-env/action.yml b/.github/actions/setup-python-env/action.yml
index f4ea0e5..9455985 100644
--- a/.github/actions/setup-python-env/action.yml
+++ b/.github/actions/setup-python-env/action.yml
@@ -38,6 +38,11 @@ runs:
           # Validate each whitespace-split token: must start with '-' and contain only safe flag characters.
           # NOTE: '--' (end-of-options marker) is intentionally allowed; positional args would fail validation.
           for arg in $EXTRA_ARGS; do
+            # Denylist: block flags that could redirect dependency resolution to an attacker-controlled index.
+            if [[ "$arg" =~ ^--(index-url|extra-index-url|trusted-host|find-links)(=|$) ]]; then
+              echo "::error::Blocked dangerous extra-args token: '$arg'. Registry overrides are not permitted." >&2
+              exit 1
+            fi
             if [[ ! "$arg" =~ ^-[a-zA-Z0-9=._:/@+-]+$ ]]; then
               echo "::error::Unsafe extra-args token: '$arg'. Each token must start with '-' and contain only safe flag characters." >&2
               exit 1