Skip to content

2022.08.03 Attack on Forked PRs

patrick brisbin edited this page Aug 4, 2022 · 9 revisions

Summary

Use of Restyled on a fork PR in a public repository is a possible vector for exposing repository secrets to a malicious actor.

Therefore, as of 2022-08-03 11:22 ET, an update has been made to Restyled to not create PRs in this scenario, fully closing the vector. Note that Restyled will still run (which is safe to do) and report an appropriate PR status.

A description of the attack, the vector, and how to know if you were impacted is present below.

The Attack

UPDATE: According to GitHub, this particular attack was discovered and mitigated very quickly without any known instances of repositories being impacted. It's very unlikely your Restyled-using project was impacted through the vector described below. That said, the vector is still present for historical and future attacks of the same nature and therefore our decision to disable Restyled on fork PRs stands.

There appears to be an ongoing attack on OSS repositories on GitHub.

The attack involves opening a PR that includes a script to exfiltrate secrets (via env) to a remote server when the project is built, run, tested, etc. For example, through a package.json hook.

The attack requires:

  1. You're exposing secrets to fork PRs and
  2. You manually approve the workflows to run for the new contributor

Or you checkout and run the code in some other environment such as locally or in some non-GitHub automation. For more details, I recommend following the linked Twitter thread above. As more official sources or reporting becomes available, I will add links here.

The Vector

When Restyled runs on a fork PR, it can't open its usual "PR-from-PR" of just the style fixes because it doesn't have access in the forked repository. Instead, it opens a PR in the original repository that includes the contributions and style fixes together. This PR is not a fork PR and so it will... have access to secrets and run workflows right away. That means if the original contribution contains the exfiltration code, it will run.

  • Attacker opens PR with malicious payload
  • This PR gets no secrets and requires Approval, as desired
  • Restyled runs on this PR
  • If there's also a style issue, Restyled opens a new PR with the malicious payload and the style-fix together
  • This PR is no different than a normal in-repository PR from a known contributor; its workflows run immediately with full secrets access

FAQ

How can I tell if I was impacted?

The following search will identify potential problematic PRs:

is:public org:{your org or user} Restyle 

If any of these PRs were:

  • Operating on a fork PR (as described in the PR description)
  • Appear to have malicious code in the original contribution commits

You may have had secrets exfiltrated during the workflows run on this PR.

What should I do if I was impacted?

  1. Rotate any possibly-exposed credentials
  2. Audit systems those credentials grant access to

When will Restyled run successfully on fork PRs again?

Restyled is very popular with OSS projects, and most of the PRs in an OSS project are forks. Therefore, closing off this vector has severely limited the usefulness of Restyled for most of its users. This is extremely unfortunate, but at this time I don't know of a way to safely do what Restyled does. I'm exploring ideas in this Issue.

UPDATE: Opening a sibling PR in the original repository that includes external contributors' commits is something Restyled is unlikely to ever do again. Opening a sibling PR in the fork repository is highly complex, but perhaps some day. In the meantime, we've added a feature to (hopefully) make Restyled useful even without the sibling PR. Restyled now captures the output of git format-patch after it's run and makes it accessible by appending /patch to the Job's URL. This means contributors can run curl <job url>/patch | git am && git push to apply Restyled's fixes to their PRs. This obviates the need for the sibling PR at all; it also works for all Restyled users, not just OSS forks.

Something stated here is wrong or missing...

Please reach out to [email protected].

Removed

Clone this wiki locally