Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FYI: Using the action like in the example would make you vulnerable to pwn requests #153

Closed
ST-DDT opened this issue Jun 20, 2024 · 6 comments
Closed

FYI: Using the action like in the example would make you vulnerable to pwn requests #153

ST-DDT opened this issue Jun 20, 2024 · 6 comments
Labels
area/security kind/bug needs/triage

Comments

@ST-DDT
Copy link

ST-DDT commented Jun 20, 2024

The current run-nothing example is safe, but running anything in there that uses the source code is dangerous as it uses elevated permissions.
I'll recommend rewriting/removing the example or raising awareness by adding a comment.

SMdRQA/.github/workflows/label.yml

Lines 27 to 28 in 6ed1aa9

echo "Running frontend tests..."
# Put your commands for running frontend tests here

SMdRQA/.github/workflows/label.yml

Lines 33 to 34 in 6ed1aa9

echo "Running backend tests..."
# Put your commands for running backend tests here

@welcome Welcome
Copy link

welcome bot commented Jun 20, 2024

Thanks for opening your first issue here! Be sure to follow the issue template!

@SwaragThaikkandi
Copy link
Owner

@ST-DDT: This issue is currently awaiting triage.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

I am a bot created to help SwaragThaikkandi manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@SwaragThaikkandi
Copy link
Owner

@ST-DDT: There are no 'kind' label on this PR. You need a 'kind' label to generate the release note automatically.

  • /kind feature
  • /kind bug
  • /kind question
Details

I am a bot created to help SwaragThaikkandi manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@SwaragThaikkandi
Copy link
Owner

@ST-DDT: There are no area labels on this issue. Adding an appropriate label will greatly expedite the process for us. You can add as many area as you see fit. If you are unsure what to do you can ignore this!

  • /area ui-ux
  • /area semantics
  • /area translation
  • /area security
Details

I am a bot created to help SwaragThaikkandi manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@ST-DDT
Copy link
Author

ST-DDT commented Jun 20, 2024
edited
Loading

/kind bug
/area security

This isn't an actual security bug, but a potential for that.

@SwaragThaikkandi
Copy link
Owner

Hi,
Thanks for pointing out the problem. This particular workflow have been temporarily removed for further inspection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kind/bug needs/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ST-DDT @SwaragThaikkandi