security: PR body file handling, output sanitization, YAML adversarial tests, supply-chain attestations

[cotti]

Summary

P0 security remediation for docs-builder, addressing four items from
elastic/docs-eng-team#532.
Each commit is self-contained and can be reviewed independently.

Issues addressed

#	Issue	Fix
1	#505	ChangelogCommand.EvaluatePr now reads PR body content from PR_BODY_FILE (a path under RUNNER_TEMP) when set, falling back to PR_BODY when not. Caps reads at 256 KiB with Stream.ReadExactlyAsync + ArrayPool<byte>. AOT-friendly LoggerMessage source generators for warning paths.
2	#491	New Elastic.Changelog.Utilities.OutputSanitizer (defense-in-depth) strips C0/DEL control chars and enforces per-field length caps. Applied to every PR-derived output in ChangelogPrEvaluationService.SetOutputs() and every artifact-derived output in ChangelogArtifactEvaluationService.SetOutputs(). 19 unit tests covering null/empty inputs, control-char stripping, length truncation, and a GITHUB_OUTPUT delimiter-injection attempt.
3	#497 (YAML side)	YAML serialization audit: ReleaseNotesSerialization already uses WithQuotingNecessaryStrings() + DisableAliases() + a defensive title-quoting pass with full \uXXXX escaping. Added 12 [Theory] cases + 2 [Fact] cases covering quotes, colons, hash/anchor/alias markers, pipes, folded scalars, embedded newlines+colons, RTL overrides, and multi-line titles that try to inject impact: / action: siblings. All assert exact round-trip equality and that no neighbouring field is polluted.
4	#518 (producer side)	New reusable .github/actions/check-shai-hulud composite extracted from ci.yml's inline check. prerelease.yml and release.yml containers job now: restore npm deps explicitly → run shai-hulud check before docker login → publish → resolve manifest digest per image (docker buildx imagetools inspect) → mint a signed actions/attest-build-provenance@v4 attestation for each of docs-builder, docs-builder-mcp, docs-builder-api. Adds id-token: write + attestations: write permissions.

Commits

• cf47ea20 Get the PR Body as a file and safely handle it
• 8daa6e50 Add sanitization for input
• 50054b40 Add Serialization round-trip tests
• de75f67a Add shai-hulud checks

Verified

• ./build.sh (version + clean + lint + AOT compile) passes.
• 17 ReleaseNotesSerializationTests pass (12 new theory cases + 3 pre-existing + 2 misc).
• 19 OutputSanitizerTests pass.

Coordination

After this PR merges, the next push to main will trigger
prerelease.yml, which publishes a new :edge digest and its
attestation. Only after that push lands should the companion
elastic/docs-actions security/verify-edge-attestation PR be merged
— that PR adds gh attestation verify to the consumer side, which
would fail until at least one signed :edge exists.

Test plan

• Run dotnet test tests/Elastic.Changelog.Tests — sanitizer tests pass.
• Run dotnet test tests/Elastic.Documentation.Configuration.Tests — YAML round-trip tests pass.
• Local ./build.sh AOT compile passes.
• After merge, observe prerelease.yml run; confirm:
  - shai-hulud step passes,
  - three Attest <image> steps succeed,
  - gh attestation verify oci://ghcr.io/elastic/docs-builder@<digest> -R elastic/docs-builder (run locally) verifies the new edge digest.

Made with Cursor

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR hardens the docs-builder supply chain and CI output security across multiple dimensions. It introduces a new check-shai-hulud GitHub Action to detect known npm supply-chain attack payloads by hash matching against hardcoded SHA-256/SHA-1 values, integrated into CI, prerelease, and release workflows. A new OutputSanitizer utility prevents GitHub Actions output injection by truncating and stripping control characters from attacker-controlled values, applied to all changelog artifact and PR-derived outputs. The ChangelogCommand now reads large PR bodies from temporary files with 256KiB limits instead of relying solely on environment variables. Prerelease and release workflows gain container image provenance signing with resolved immutable digests instead of mutable tags. Tests verify OutputSanitizer behavior under attack conditions and ensure YAML serialization resists field injection through adversarial titles.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.54% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the four main security remediation items: PR body file handling, output sanitization, YAML adversarial tests, and supply-chain attestations.
Description check	✅ Passed	The description comprehensively covers all four security fixes with detailed explanation, linked issues, implementation details, test verification, and post-merge coordination requirements.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch security/output-sanitizer

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs`:
- Line 88: The InlineData entry in ReleaseNotesSerializationTests uses the
literal sequence "\\u202E right-to-left override" instead of the actual U+202E
bidi character; update the InlineData value in the
ReleaseNotesSerializationTests test (the InlineData attribute) to use the real
control character by replacing "\\u202E right-to-left override" with "\u202E
right-to-left override" (i.e., a single backslash so the C# string contains the
U+202E character) to match the other adversarial test cases.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 367ba6de-47ec-4010-a765-c96aec58f86d

📥 Commits

Reviewing files that changed from the base of the PR and between b7a44d2 and de75f67.

📒 Files selected for processing (10)

• .github/actions/check-shai-hulud/action.yml
• .github/workflows/ci.yml
• .github/workflows/prerelease.yml
• .github/workflows/release.yml
• src/services/Elastic.Changelog/Evaluation/ChangelogArtifactEvaluationService.cs
• src/services/Elastic.Changelog/Evaluation/ChangelogPrEvaluationService.cs
• src/services/Elastic.Changelog/Utilities/OutputSanitizer.cs
• src/tooling/docs-builder/Commands/ChangelogCommand.cs
• tests/Elastic.Changelog.Tests/Utilities/OutputSanitizerTests.cs
• tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify escaped unicode literals are not accidentally used where actual control chars are intended.
rg -nP '\[InlineData\(".*\\\\u[0-9A-Fa-f]{4}' tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs

Repository: elastic/docs-builder

Length of output: 115

---

🏁 Script executed:

cd tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes && wc -l ReleaseNotesSerializationTests.cs

Repository: elastic/docs-builder

Length of output: 102

---

🏁 Script executed:

sed -n '70,100p' tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs

Repository: elastic/docs-builder

Length of output: 1112

---

🏁 Script executed:

sed -n '74,152p' tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs

Repository: elastic/docs-builder

Length of output: 2753

---

Use the actual U+202E character to match the pattern of other adversarial test cases.

Line 88 uses "\\u202E..." (escaped sequence producing the literal string \u202E), while other test cases like "Title ending with backslash \\" and "Title with newline\nthen colon: ..." use actual control characters. To properly exercise bidi-control handling in the serialization round-trip, this should use the actual U+202E character instead.

Proposed fix

-[InlineData("\\u202E right-to-left override")]
+[InlineData("\u202E right-to-left override")]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	[InlineData("\\u202E right-to-left override")]
	[InlineData("\u202E right-to-left override")]

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@tests/Elastic.Documentation.Configuration.Tests/ReleaseNotes/ReleaseNotesSerializationTests.cs`
at line 88, The InlineData entry in ReleaseNotesSerializationTests uses the
literal sequence "\\u202E right-to-left override" instead of the actual U+202E
bidi character; update the InlineData value in the
ReleaseNotesSerializationTests test (the InlineData attribute) to use the real
control character by replacing "\\u202E right-to-left override" with "\u202E
right-to-left override" (i.e., a single backslash so the C# string contains the
U+202E character) to match the other adversarial test cases.