The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow.
Details
The filter-test-configs workflow is using the raw github.event.workflow_run.head_branch value inside the filter step:
- name: Select all requested test configurations
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
JOB_NAME: ${{ steps.get-job-name.outputs.job-name }}
id: filter
run: |
...
python3 "${GITHUB_ACTION_PATH}/../../scripts/filter_test_configs.py" \
...
--branch "${{ github.event.workflow_run.head_branch }}"
In the event of a repository using filter-test-configs in a pull_request_target-triggered workflow, an attacker could use a malicious branch name to gain command execution in the step and potentially leak secrets.
name: Example
on: pull_request_target
jobs:
example:
runs-on: ubuntu-latest
steps:
- name: Filter
uses: pytorch/pytorch/.github/actions/filter-test-configs@v2
Impact
This issue may lead to stealing workflow secrets.
Remediation
- Use an intermediate environment variable for potentially attacker-controlled values such as
github.event.workflow_run.head_branch:
- name: Select all requested test configurations
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github-token }}
JOB_NAME: ${{ steps.get-job-name.outputs.job-name }}
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
id: filter
run: |
...
python3 "${GITHUB_ACTION_PATH}/../../scripts/filter_test_configs.py" \
...
--branch "$HEAD_BRANCH"