Merged
Conversation
Review Summary by QodoEnable all users for Codex PR review workflow
WalkthroughsDescription• Add allow-users configuration to Codex PR review workflow • Permits all users to trigger automated PR reviews Diagramflowchart LR
A["Codex PR Review Workflow"] -- "Add allow-users config" --> B["All users permitted"]
File Changes1. .github/workflows/codex-pr-review.yml
|
Code Review by Qodo
1. Wildcard allow-users on PRs
|
github-actions
bot
added
area/ci
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
FutureUnreal
added a commit
that referenced
this pull request
Mar 1, 2026
Merge pull request #34 from datawhalechina/main
3 tasks
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| sandbox: read-only | ||
| safety-strategy: drop-sudo | ||
| prompt-file: .github/prompts/codex-pr-review.md | ||
| allow-users: "*" |
There was a problem hiding this comment.
1. Wildcard allow-users on prs 🐞 Bug ⛨ Security
allow-users: "*" broadens who can run the Codex action in a pull_request_target workflow that has write permissions and uses OPENAI_API_KEY. This increases exposure to cost/resource abuse (anyone can open PRs) and increases risk if the action is ever compromised, since it runs with elevated repo permissions.
Agent Prompt
### Issue description
`allow-users: "*"` opens the Codex PR review action to all PR authors in a `pull_request_target` workflow that has write permissions and consumes `OPENAI_API_KEY`. This expands the set of untrusted users who can trigger an expensive privileged workflow.
### Issue Context
- Workflow runs on `pull_request_target` and is designed to comment on fork PRs.
- Other workflows in this repo use `author_association` checks to limit AI automation to trusted users.
### Fix Focus Areas
- .github/workflows/codex-pr-review.yml[3-18]
- .github/workflows/codex-pr-review.yml[48-66]
### Suggested changes
1) Add a job-level `if:` guard restricting execution to trusted associations, e.g.:
```yaml
if: |
github.event.pull_request.draft == false &&
(github.event.pull_request.author_association == 'OWNER' ||
github.event.pull_request.author_association == 'MEMBER' ||
github.event.pull_request.author_association == 'COLLABORATOR' ||
github.event.pull_request.author_association == 'CONTRIBUTOR')
```
2) Replace `allow-users: "*"` with a narrower allowlist (specific users/teams) or remove it to retain the action’s default gating behavior.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
|
GitHub API is unreachable from this runner (
REPO="${PR_REPO:-$GITHUB_REPOSITORY}"
PR="${PR_NUMBER}"
LATEST_COMMIT_SHA="$(jq -r .pull_request.head.sha "$GITHUB_EVENT_PATH")"
# Size label (XS = 1 line changed, 1 file)
gh pr edit "$PR" --repo "$REPO" --add-label "size/XS"
# Inline comment on the added line (RIGHT side, new file line 65)
gh api "repos/$REPO/pulls/$PR/comments" \
-f body="$(cat <<'EOF'
**[High]** [SECURITY-VULNERABILITY] `allow-users: "*"` opens `openai/codex-action` runs to all users on `pull_request_target`
**Why this is a problem**: `openai/codex-action` defaults to “write access only” and its security guidance warns that setting `allow-users: "*"` can make you “the target of API key abuse”. In this workflow, the action runs on `pull_request_target` with `secrets.OPENAI_API_KEY` available and write-capable `github.token`, so untrusted PR authors can trigger repeated expensive runs and increase prompt-injection risk.
**Suggested fix**:
```yaml
jobs:
pr-review:
if: |
github.event.pull_request.draft == false &&
github.event.pull_request.author_association != 'NONE'
steps:
- name: Run Codex review
uses: openai/codex-action@v1
with:
openai-api-key: ${{ secrets.OPENAI_API_KEY }}
# remove: allow-users: "*"EOF Summary reviewgh pr review "$PR" --repo "$REPO" --comment -f body="$(cat <<'EOF' 🤖 Codex PR ReviewThis PR changes the Codex PR Review workflow to allow all GitHub users to trigger PR Size: XS
Issues Found
Critical Issues (Must Fix)
High Priority Issues (Should Fix)
Review Coverage
Automated review by Codex AI |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review Summary
No issues found. This is a minimal, well-scoped 1-line CI configuration change that adds allow-users: "*" to the existing Codex PR Review workflow. The change is intentional and consistent with the stated goal of enabling automated code review for all contributors.
PR Size: XS
| Metric | Value |
|---|---|
| Lines added | 1 |
| Lines deleted | 0 |
| Files changed | 1 |
Issues Found
| Category | Critical | High | Medium | Low |
|---|---|---|---|---|
| Logic & Correctness | 0 | 0 | 0 | 0 |
| Security | 0 | 0 | 0 | 0 |
| Error Handling | 0 | 0 | 0 | 0 |
| Type Safety | 0 | 0 | 0 | 0 |
| Documentation | 0 | 0 | 0 | 0 |
| Test Coverage | 0 | 0 | 0 | 0 |
| Code Clarity | 0 | 0 | 0 | 0 |
Review Coverage
- Logic and correctness
- Security (OWASP Top 10)
- Error handling
- Type safety
- Documentation accuracy
- Test coverage
- Code clarity
Notes
- Evaluated the security posture of
allow-users: "*"combined withpull_request_targettrigger. Determined the risk is acceptable and intentional: the workflow checks out the base branch SHA (not PR head), the concurrency group limits parallel runs, and theallow-usersparameter is a designed access-control feature ofopenai/codex-action.
Automated review by Claude AI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概要
为 Codex PR Review 工作流添加
allow-users: "*"配置,使所有贡献者的 PR 都能触发自动代码审查。问题
此前
codex-pr-review.yml未设置allow-users参数,可能导致部分贡献者提交的 PR 无法触发 Codex 自动审查流程。关联 Issue:
解决方案
在
openai/codex-action@v1的with参数中添加allow-users: "*",允许所有用户的 PR 触发 Codex 审查。变更内容
核心变更
.github/workflows/codex-pr-review.yml:在 Codex action 配置中新增allow-users: "*"参数(+1 行)测试
自测方式
Checklist
由 Claude AI 自动生成