workflow-run-target-code-checkout
workflow_run
and checks out code from the incoming pull request. When using workflow_run
, the Action runs in the context of the target repository, which includes access to all repository secrets. Normally, this is safe because the Action only runs code from the target repository, not the incoming PR. However, by checking out the incoming PR code, you’re now using the incoming code for the rest of the action. You may be inadvertently executing arbitrary code from the incoming PR with access to repository secrets, which would let an attacker steal repository secrets. This normally happens by running build scripts (e.g., npm build
and make
) or dependency installation scripts (e.g., python setup.py install
). Audit your workflow file to make sure no code from the incoming PR is executed. Please see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ for additional mitigations.pull-request-target-code-checkout
pull_request_target
and checks out code from the incoming pull request. When using pull_request_target
, the Action runs in the context of the target repository, which includes access to all repository secrets. Normally, this is safe because the Action only runs code from the target repository, not the incoming PR. However, by checking out the incoming PR code, you’re now using the incoming code for the rest of the action. You may be inadvertently executing arbitrary code from the incoming PR with access to repository secrets, which would let an attacker steal repository secrets. This normally happens by running build scripts (e.g., npm build
and make
) or dependency installation scripts (e.g., python setup.py install
). Audit your workflow file to make sure no code from the incoming PR is executed. Please see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ for additional mitigations.github-script-injection
${{...}}
with github
context data in a actions/github-script
’s script:
step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github
context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env:
to store the data and use the environment variable in the run:
script. Be sure to use double-quotes the environment variable, like this: “$ENVVAR”.third-party-action-not-pinned-to-commit-sha
allowed-unsecure-commands
ACTIONS_ALLOW_UNSECURE_COMMANDS
grants this workflow permissions to use the set-env
and add-path
commands. There is a vulnerability in these commands that could result in environment variables being modified by an attacker. Depending on the use of the environment variable, this could enable an attacker to, at worst, modify the system path to run a different command than intended, resulting in arbitrary code execution. This could result in stolen code or secrets. Don’t use ACTIONS_ALLOW_UNSECURE_COMMANDS
. Instead, use Environment Files. See https://github.com/actions/toolkit/blob/main/docs/commands.md#environment-files for more information.curl-eval
curl
command. An attacker with control of the server in the curl
command could inject malicious code into the eval
, resulting in a system comrpomise. Avoid eval’ing untrusted data if you can. If you must do this, consider checking the SHA sum of the content returned by the server to verify its integrity.run-shell-injection
${{...}}
with github
context data in a run:
step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github
context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env:
to store the data and use the environment variable in the run:
script. Be sure to use double-quotes the environment variable, like this: “$ENVVAR”.