Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Block untrusted PR code execution in
pull_request_targetbefore widening torelease-*.Line 6 expands a privileged
pull_request_targetworkflow to more branches, while Line 50 checks outgithub.event.pull_request.head.shaand later runs repo code with secrets (Lines 88 and 99). This is a direct untrusted-code + secret exposure path (CWE-829, CWE-200). Add a trust gate (same-repo only) or move this job to a safer trigger pattern.Suggested hardening patch
e2e-test: name: E2E Mock vLLM Test permissions: contents: read # Only runs when a maintainer adds the run-e2e-test label specifically. # Does not trigger on other labels or on synchronize (new pushes). - if: github.event.action == 'labeled' && github.event.label.name == 'run-e2e-test' + if: >- + github.event.action == 'labeled' && + github.event.label.name == 'run-e2e-test' && + github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latestAs per coding guidelines, "Avoid pull_request_target with checkout of PR head (token exfiltration)".
🤖 Prompt for AI Agents
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
run-e2e-test label gate is used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aneeshkp, the label gate is acknowledged — and theremove-label-on-pushjob that strips the label on every new push (forcing re-review before re-labeling) makes this a well-layered mitigation. That pattern is widely used and accepted forpull_request_targetworkflows that need to run on fork PRs.The residual risk I flagged is that a maintainer could be socially engineered into adding the label to a PR containing malicious code, which would then run with
RAHII_ON_XKS_PULL_SECRET. Adding the same-repo guard would eliminate that vector entirely but would also prevent external contributors from ever getting the e2e test run — so there's a real trade-off to weigh.If you're comfortable with the current label-gate approach (maintainer reviews code before labeling), that's a reasonable decision for this repo. I'll leave the choice to you.