Is your feature request related to a problem? Please describe.
When running dnscontrol on untrusted pull requests, there is one theoretical avenue for exfiltrating sensitive data on the actions runner: require. It appears to be capable of unrestricted file access, as long as the file is parseable as javascript. In particular the ability to use it on /proc makes me nervous, though the requirement to be parseable as javascript makes it hard to exploit.
Describe the solution you'd like
Limiting require to some well known root dir, perhaps the starting working directory of dnscontrol, or the directory containing the main config file.
Describe alternatives you've considered
Just blocking /proc, but there can be any number of unexpected files on a linux system that could end up being security sensitive...
Is your feature request related to a problem? Please describe.
When running dnscontrol on untrusted pull requests, there is one theoretical avenue for exfiltrating sensitive data on the actions runner: require. It appears to be capable of unrestricted file access, as long as the file is parseable as javascript. In particular the ability to use it on /proc makes me nervous, though the requirement to be parseable as javascript makes it hard to exploit.
Describe the solution you'd like
Limiting require to some well known root dir, perhaps the starting working directory of dnscontrol, or the directory containing the main config file.
Describe alternatives you've considered
Just blocking /proc, but there can be any number of unexpected files on a linux system that could end up being security sensitive...