Skip to content

GitHub Actions A Cloudy Day for Security - Part 1 #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 29, 2025
Merged

GitHub Actions A Cloudy Day for Security - Part 1 #207

merged 1 commit into from
Sep 29, 2025

Conversation

@carlospolop
Copy link
Collaborator

@carlospolop carlospolop commented Sep 9, 2025

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

🎯 Content Summary

Scope: Part 1 of a two‑part series on hardening GitHub Actions against adversaries with read or write (contributor) access. It explains how workflow expressions are rendered, how script injection leads to code execution on runners, why YAML‑only defenses are bypassable by collaborators, and how to correctly use branch protections, environments, and tag protections to enforce a four‑eyes principle. No CVEs; this is about design/usage pitfalls.

How GitHub Actions work: Workf...

🔧 Technical Details

Script injection via workflow expressions: Any user‑controlled context (e.g., github.event.issue.title) interpolated directly into a run: step becomes part of the shell program after rendering, enabling command substitution and arbitrary code execution (e.g., issue title $(id)). Mitigation: first map context to env:, then reference with shell variables ($TITLE), never ${{ env.TITLE }} in the command.


Reader‑triggered execution paths: Treat contexts from issues, issue_comment, discussion(_comment), fork, watch, pull_request(_review)(_comment), and pull_request_target as untrusted because readers can trigger them (sometimes indirectly via workflow_run/workflow_call). Validate event fields case‑by‑case using GitHub’s risky‑context guidance.


Secrets exfiltr...

🤖 Agent Actions

I analyzed the blog and the existing HackTricks GitHub Actions content, explored the repository, and implemented updates to the most relevant pages. The core new technical material is about expression/script injection in GitHub Actions, the correct mitigation pattern, and the governance controls needed to prevent collaborators from bypassing YAML-internal restrictions. I also added a collaborator-level secrets exfiltration PoC and strengthened guidance for branch, environment, and tag protections.

Summary of changes made:

  1. Added full content for Context Script Injections
  • File: src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md
  • What I added:
    • Clear explanation of how ${{ ... }} expressions are rendered into the run script before execution, and why this allows RCE if user-controlled contexts are interpolated directly.
    • Vulnerable issue trigger example and the $(id) PoC with resultant output.
    • Why quoting doesn’t save you.
    • Correct fix pattern: map untrusted context to env:, use $VAR inside run:, and avoid ${{ env.VAR }} in run.
    • Reader-triggerable surfaces list and link to GitHub Security Lab’s untrusted input guide.
    • Practical tips for safe usage.
    • References including the blog URL, GitHub docs, and the untrusted input reference.
  1. Improved Post-exploitation/Exfil guidance and added references on the main Abusing GitHub Actions page
  • File: src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
  • What I added:
    • Secrets exfiltration by collaborators via the secrets context with double base64 to evade masking (echo '${{ toJson(secrets) }}' | base64 -w0 | base64 -w0), with decode instructions and a stealth note.
    • Warning under “Execution from a New Branch” that any restriction implemented inside YAML (on/push branches lists, conditionals) is bypassable by collaborators unless gated by external protections (branch protections, protected environments, protected tags).
    • A “References” section at the end including the blog URL.
  1. Strengthened hardening guidance in Basic GitHub Information
  • File: src/pentesting-ci-cd/github-security/basic-github-information.md
  • What I added/updated:
    • Git Environments: Detailed protections including Required reviewers with Prevent self-review, Deployment branches and tags with a note about “Protected branches only” vs rulesets behavior.
    • Branch Protections:
      • Added “Require approval of the most recent reviewable push” to close post-approval push bypass.
      • Expanded “Require status checks to pass before merging” with guidance to bind to a specific GitHub App to avoid spoofing; warned about bot skip directives.
    • New section “Tag Protections” describing chaining protections: Require deployments to succeed on tag → protected environment → protected main branch with PR review and anti-bypass options.
    • Expanded References including the blog, workflow syntax, untrusted input guide, Checks API, and kept original references.

Why these locations:

  • gh-actions-context-script-injections.md already existed as a placeholder referenced from the GitHub Actions abuse overview; it’s the perfect place for the injection technique and mitigation patterns from the blog.
  • The Abusing GitHub Actions README contains post-exploitation techniques. The secrets-exfil PoC and YAML-bypass warning fit this page’s offensive focus.
  • The Basic GitHub Information page documents protections. It’s the right place to add precise defense-in-depth details on environments, branch protections, and tag protections that the blog stresses as required to prevent collaborator bypass.

References added (where applicable):

No new files were created; instead, I filled in and enhanced the existing, intended sections to preserve structure and navigability.

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

📚 Repository Maintenance

  • MD files processed: 523
  • MD files fixed: 1

All .md files have been checked for proper formatting (headers, includes, etc.).

🗑️ File Cleanup

  • searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

Add content from: GitHub Actions: A Cloudy Day for Security - Part 1
16f9cf1 
- Remove searchindex.js (auto-generated file)
@carlospolop
Copy link
Collaborator Author

carlospolop commented Sep 9, 2025

🔗 Additional Context

Original Blog Post: https://binarysecurity.no/posts/2025/08/securing-gh-actions-part1

Content Categories: Based on the analysis, this content was categorized under "pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md".

Repository Maintenance:

  • MD Files Formatting: 523 files processed (1 files fixed)

Review Notes:

  • This content was automatically processed and may require human review for accuracy
  • Check that the placement within the repository structure is appropriate
  • Verify that all technical details are correct and up-to-date
  • All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

@carlospolop carlospolop merged commit 28cdb62 into master Sep 29, 2025
@carlospolop carlospolop deleted the update_GitHub_Actions__A_Cloudy_Day_for_Security_-_Part_1_20250909_013245 branch September 29, 2025 21:05
github-actions bot pushed a commit that referenced this pull request Sep 29, 2025
@carlospolop
Merge pull request #207 from HackTricks-wiki/update_GitHub_Actions__A…
78767e1 
…_Cloudy_Day_for_Security_-_Part_1_20250909_013245

GitHub Actions A Cloudy Day for Security - Part 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@carlospolop