From a95270a24b709539cb50c0a18894b291a2091cd1 Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Thu, 16 Oct 2025 16:02:49 +0000 Subject: [PATCH 1/2] Don't permit pull_request_target for GitHub publishers --- tests/unit/oidc/models/test_github.py | 12 ++++++++++++ warehouse/oidc/models/github.py | 19 ++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/tests/unit/oidc/models/test_github.py b/tests/unit/oidc/models/test_github.py index 7e187b6c9746..3087c686c754 100644 --- a/tests/unit/oidc/models/test_github.py +++ b/tests/unit/oidc/models/test_github.py @@ -433,6 +433,18 @@ def test_check_repository(self, truth, claim, valid): check = github.GitHubPublisher.__required_verifiable_claims__["repository"] assert check(truth, claim, pretend.stub()) == valid + def test_check_event_name_invalid(self): + check = github.GitHubPublisher.__required_verifiable_claims__["event_name"] + + with pytest.raises( + errors.InvalidPublisherError, + match=( + "Publishing from a workflow invoked via 'pull_request_target' " + "is not supported." + ), + ): + check("throwaway", "pull_request_target", pretend.stub()) + @pytest.mark.parametrize( ("claim", "ref", "sha", "valid", "expected"), [ diff --git a/warehouse/oidc/models/github.py b/warehouse/oidc/models/github.py index 121e024604a6..a773c5fd3d76 100644 --- a/warehouse/oidc/models/github.py +++ b/warehouse/oidc/models/github.py @@ -152,6 +152,18 @@ def _check_sub( return f"{org}:{repo}".lower() == ground_truth.lower() +def _check_event_name( + ground_truth: str, signed_claim: str, _all_signed_claims: SignedClaims, **_kwawrgs +) -> bool: + if signed_claim == "pull_request_target": + raise InvalidPublisherError( + "Publishing from a workflow invoked via 'pull_request_target' is " + "not supported." + ) + else: + return True + + class GitHubPublisherMixin: """ Common functionality for both pending and concrete GitHub OIDC publishers. @@ -170,6 +182,7 @@ class GitHubPublisherMixin: "repository_owner_id": check_claim_binary(str.__eq__), "job_workflow_ref": _check_job_workflow_ref, "jti": check_existing_jti, + "event_name": _check_event_name, } __required_unverifiable_claims__: set[str] = {"ref", "sha"} @@ -186,7 +199,6 @@ class GitHubPublisherMixin: "run_attempt", "head_ref", "base_ref", - "event_name", "ref_type", "repository_id", "workflow", @@ -275,6 +287,11 @@ def jti(self) -> str: """Placeholder value for JTI.""" return "placeholder" + @property + def event_name(self) -> str: + """Placeholder value for event_name (not used)""" + return "placeholder" + def publisher_url(self, claims: SignedClaims | None = None) -> str: base = self.publisher_base_url sha = claims.get("sha") if claims else None From 22f3cc58f3b760fc1a49ce486a81a6c4525176ba Mon Sep 17 00:00:00 2001 From: Dustin Ingram Date: Fri, 24 Oct 2025 09:25:19 -0400 Subject: [PATCH 2/2] Apply suggestion from @webknjaz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) --- warehouse/oidc/models/github.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/warehouse/oidc/models/github.py b/warehouse/oidc/models/github.py index a773c5fd3d76..2b796c0c7a7f 100644 --- a/warehouse/oidc/models/github.py +++ b/warehouse/oidc/models/github.py @@ -153,7 +153,7 @@ def _check_sub( def _check_event_name( - ground_truth: str, signed_claim: str, _all_signed_claims: SignedClaims, **_kwawrgs + ground_truth: str, signed_claim: str, _all_signed_claims: SignedClaims, **_kwargs, ) -> bool: if signed_claim == "pull_request_target": raise InvalidPublisherError(