PoC: Secret exfiltration in pull_request_target (DO NOT MERGE)#3829
PoC: Secret exfiltration in pull_request_target (DO NOT MERGE)#3829mabrukhany-beep wants to merge 2 commits into
Conversation
PoC: Demonstrate cache poisoning vulnerability This commit modifies .bazelrc to add environment variables that will be cached by bazel. If the cache is shared with scheduled workflows (ng-renovate.yml), these variables will be present in those workflows, proving cache poisoning from PR workflows. Signed-off-by: mabrukhany-beep <mabrukhany@gmail.com>
Signed-off-by: mabrukhany-beep <mabrukhany@gmail.com>
There was a problem hiding this comment.
Code Review
This pull request introduces changes to .bazelrc and the GitHub Actions workflow github-actions/labeling/pull-request/action.yml to demonstrate proof-of-concept (PoC) cache poisoning and secret exfiltration. The review feedback highlights several critical issues: the use of an invalid @SHA placeholder in the setup-node action, a missing ./label-pull-request.js file that will cause runtime errors, and the inefficiency of running npm install dynamically in a composite action. Additionally, committing PoC-specific environment variables to the shared .bazelrc configuration is discouraged as it affects all local and CI builds.
| using: 'composite' | ||
| steps: | ||
| - name: Setup Node | ||
| uses: actions/setup-node@SHA |
| - name: Label Pull Request | ||
| run: | | ||
| # Original labeling logic | ||
| node ./label-pull-request.js |
| - name: Install dependencies | ||
| run: npm install | ||
| shell: bash |
There was a problem hiding this comment.
Running npm install on every execution of a composite action is highly inefficient, significantly increasing workflow runtime and risking rate-limiting or network failures. It is highly recommended to use a pre-compiled/bundled JavaScript action (e.g., using @vercel/ncc to compile to a single dist/index.js file) instead of a composite action that installs dependencies dynamically.
| build --action_env=POC_CACHE_POISONED=true | ||
| test --test_env=POC_CACHE_POISONED=true | ||
| build --workspace_status_command="echo 'PoC: Cache poisoned by PR workflow'" |
There was a problem hiding this comment.
These PoC-specific build and test environment variables should not be committed to the shared .bazelrc configuration file, as they will affect all local and CI builds. For testing purposes, these flags should be passed directly via the command line or defined in a local, uncommitted configuration file.
Security Proof-of-Concept - DO NOT MERGE
This PR demonstrates secret exfiltration via
pull_request_targetworkflows in angular/dev-infra.Vulnerability Details
The
dev-infra.ymlworkflow usespull_request_targettrigger and passes secrets to composite actions:secrets.ANGULAR_ROBOT_PRIVATE_KEYsecrets.GOOGLE_GENERATIVE_AI_KEYPoC Payload
This PR modifies the
github-actions/labeling/pull-requestcomposite action to log secret existence in the workflow step summary.Expected Behavior
When the
DevInfra / pull_requestworkflow runs on this PR, the step summary will show:ANGULAR_ROBOT_PRIVATE_KEY exists: YESANGULAR_ROBOT_PRIVATE_KEY length: <number>Impact
An attacker can:
pull_request_targetworkflowsANGULAR_ROBOT_PRIVATE_KEYto push code to ALL Angular reposFix Recommendation
pull_request_targetfrom all workflowspull_requestwithpermissions: {}Note: This PoC only logs secret existence (not values) for demonstration purposes.