Gh Actions - Context Script Injections
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Note that there are certain github contexts whose values are controlled by the user creating the PR. If the github action is using that data to execute anything, it could lead to arbitrary code execution. These contexts typically end with body
, default_branch
, email
, head_ref
, label
, message
, name
, page_name
,ref
, and title
. For example (list from this writeup):
github.event.comment.body
github.event.issue.body
github.event.issue.title
github.head_ref
github.pull_request.*
github.*.*.authors.name
github.*.*.authors.email
Note that here are less obvious sources of potentially untrusted input, such as branch names and email addresses, which can be quite flexible in terms of their permitted content. For example, zzz";echo${IFS}"hello";#
would be a valid branch name and would be a possible attack vector for a target repository.
A script injection attack can occur directly within a workflow's inline script. In the following example, an action uses an expression to test the validity of a pull request title, but also adds the risk of script injection:
Before the shell script is run, the expressions inside ${{ }}
are evaluated and then substituted with the resulting values, which can make it vulnerable to shell command injection.
To inject commands into this workflow, the attacker could create a pull request with a title of a"; ls $GITHUB_WORKSPACE"
In this example, the "
character is used to interrupt the title=
"${{ github.event.pull_request.title }}"
statement, allowing the ls
command to be executed on the runner.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)