fix: validate universe domain input to prevent SSRF credential leak

[adilburaksen]

Summary

The universe input in upload-cloud-storage (and deploy-cloud-functions) is interpolated directly into the GCS/Cloud Functions API endpoint without validation:

// @google-cloud/storage SDK (storage.ts:728)
let apiEndpoint = `https://storage.${universe}`;

Setting universe: attacker.com routes all API requests — including the Bearer GCP access token — to storage.attacker.com.

Fix

Validates universe against a strict allowlist: the public Google Cloud universe (googleapis.com) or Trusted Partner Cloud subdomains (e.g. us-central1.rep.googleapis.com).

if (!/^([a-z0-9-]+\.)*googleapis\.com$/.test(universe)) {
  throw new Error(`Invalid universe domain "${universe}": ...`);
}

Tests Added

• Rejects attacker.com → Invalid universe domain error
• Rejects attacker.com#.googleapis.com (fragment injection) → error
• Accepts us-central1.rep.googleapis.com (valid TPC universe) → no validation error

Related

Companion fix for get-secretmanager-secrets (same SSRF class): google-github-actions/get-secretmanager-secrets#328