fix: Remove pull_request_target code checkout vulnerability #266
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Eval SKILL.md (Fork PRs) | ||
| on: | ||
| pull_request_target: | ||
| types: [labeled, synchronize] | ||
| permissions: | ||
| contents: read | ||
| statuses: write | ||
| pull-requests: write | ||
| jobs: | ||
| remove-labels-on-sync: | ||
| name: Reset eval labels | ||
| if: github.event.action == 'synchronize' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Remove eval labels | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| PR=${{ github.event.number }} | ||
| REPO=${{ github.repository }} | ||
| gh api "repos/$REPO/issues/$PR/labels/eval-skill" -X DELETE 2>/dev/null || true | ||
| gh api "repos/$REPO/issues/$PR/labels/eval-skill-passed" -X DELETE 2>/dev/null || true | ||
| notify-manual-review: | ||
| name: Require manual review for fork PRs | ||
| if: >- | ||
| github.event.action == 'labeled' | ||
| && github.event.label.name == 'eval-skill' | ||
| && github.event.pull_request.head.repo.fork == true | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| # SECURITY: Do not checkout PR code in pull_request_target context. | ||
| # pull_request_target runs with write permissions and access to secrets, | ||
| # but checking out PR code would allow malicious PRs to exfiltrate secrets | ||
| # via modified dependencies or build scripts. | ||
| # See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | ||
| - name: Post commit status | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| SHA="${{ github.event.pull_request.head.sha }}" | ||
| gh api "repos/${{ github.repository }}/statuses/$SHA" \ | ||
| -f state="pending" \ | ||
| -f context="eval-skill/fork" \ | ||
| -f description="Manual review required for fork PRs (security restriction)" | ||
| - name: Remove eval-skill label | ||
| if: always() | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| gh api "repos/${{ github.repository }}/issues/${{ github.event.number }}/labels/eval-skill" \ | ||
| -X DELETE 2>/dev/null || true | ||
| - name: Add comment with instructions | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| run: | | ||
| gh api "repos/${{ github.repository }}/issues/${{ github.event.number }}/comments" \ | ||
| -f body="⚠️ **Security Notice**: Automated skill evaluation is disabled for fork PRs to prevent potential secret exfiltration. | ||
| For security reasons, this workflow was updated to not execute untrusted code from fork PRs with access to repository secrets. A maintainer with write access can manually trigger the evaluation by: | ||
| 1. Checking out the PR branch locally | ||
| 2. Running \`bun run eval:skill\` with appropriate API credentials | ||
| 3. Reviewing the results and adding the \`eval-skill-passed\` label if successful | ||
| See [GitHub Security Lab: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) for more information about this security issue." | ||
