Unsafe flag injection possible through unvalidated flags input

[0x5t4l1n]

Hello maintainers,

I would like to report a security hardening issue/design weakness in the google-github-actions/deploy-cloudrun GitHub Action related to unvalidated user-controlled CLI flags.

Summary

The flags and update_traffic_flags inputs are parsed and appended directly to the constructed gcloud run deploy command without validation or restriction.

Because gcloud follows a last-wins flag precedence model, attacker-controlled flags appended later in the command can override security-sensitive parameters previously set by the action, including:

• --project
• --format
• --log-http
• --impersonate-service-account

Root Cause

The action retrieves user-controlled input via:

getInput('flags')

Then parses and appends it using:

parseFlags(flags)
deployCmd.concat(flagList)

No sanitization, allowlisting, or restriction is applied before execution.

Security Concern

If workflows pass untrusted input into flags (for example through pull_request_target, issue comments, PR body content, or external workflow_dispatch inputs), this may allow:

• overriding deployment targets,
• leaking sensitive HTTP metadata using --log-http,
• altering workflow behavior/output formatting,
• or impersonating alternative service accounts where IAM allows it.

Example

with:
  flags: ${{ github.event.pull_request.body }}

Attacker-controlled PR body:

--log-http

This causes verbose HTTP logging during deployment execution.

Suggested Mitigations

• Blocklist or allowlist dangerous flags
• Reject duplicate security-sensitive parameters
• Add validation for unsafe inputs
• Add stronger documentation warnings against passing untrusted input into flags

Google VRP previously reviewed this behavior and permitted public disclosure.

Thank you.