The way in which construct artifacts are saved by the GitHub Actions platform might allow attackers to inject malicious code into software program initiatives with CI/CD (steady integration and steady supply) workflows that don’t carry out adequate filtering when downloading artifacts. Cybersecurity researchers have recognized a number of well-liked artifacts obtain scripts utilized by hundreds of repositories which are susceptible to this challenge.
“We have now found that when transferring artifacts between completely different workflows, there’s a main threat for artifact poisoning — a method by which attackers exchange the content material of a legit artifact with a modified malicious one and thereby provoke a provide chain assault,” researchers from provide chain safety agency Legit Safety stated in an evaluation of the difficulty.
To assault a susceptible challenge’s CI/CD pipeline that downloads and makes use of artifacts generated by different workflows, attackers solely have to fork the repositories containing these workflows, modify them of their native copies so that they produce rogue artifacts after which make pull requests again to the unique repositories with out these requests having to be accepted.
A logic flaw in artifact storage APIs
GitHub Actions is a CI/CD platform for automating the constructing and testing of software program code. The service is free for public repositories and consists of free minutes of employee run time and cupboard space for personal repositories. It’s broadly adopted by initiatives that use GitHub to host and handle their supply code repositories.
GitHub Actions workflows are automated processes outlined in .yml recordsdata utilizing YAML syntax that get executed when sure triggers or occasions happen, corresponding to when new code will get dedicated to the repository. Construct artifacts are compiled binaries, logs and different recordsdata that end result from the execution of a workflow and its particular person jobs. These artifacts are saved inside storage buckets with every workflow run being assigned a selected bucket the place it may well add recordsdata and later obtain them from.
The reference “motion” (script) for downloading artifacts that’s offered by GitHub doesn’t assist cross-workflow artifact downloads, however reusing artifacts generated by completely different workflows as enter for follow-up construct steps are frequent use circumstances for software program initiatives. That’s why builders have created their very own customized scripts that depend on the GitHub Actions API to obtain artifacts utilizing extra complicated filtering, corresponding to artifacts created by a selected workflow file, a selected consumer, a selected department and so forth.
The issue that Legit Safety discovered is that the API doesn’t differentiate between artifacts uploaded by forked repositories and base repositories, so if a obtain script filters artifacts generated by a selected workflow file from a selected repository, the API will serve the newest model of the artifact generated by that file, however this may very well be a malicious model generated routinely by way of a pull request motion from a forked model of the repository.
“To place it merely: in a susceptible workflow, any GitHub consumer can create a fork that builds an artifact,” the researchers stated. “Then inject this artifact into the unique repository construct course of and modify its output. That is one other type of a software program provide chain assault, the place the construct output is modified by an attacker.
The researchers discovered 4 customized actions developed by the group for downloading artifacts that had been all susceptible. One among them was listed as a dependency for over 12,000 repositories.
The Rust instance
One of many repositories that used such a customized script in one in every of its workflows was the official repository for the Rust programming language. The susceptible workflow, known as ci.yml was accountable for constructing and testing the repository’s code and used the customized motion to obtain an artifact known as libgccjit.so — a Linux library file — that was generated by a workflow in a third-party repository.
All attackers needed to do was fork the third-party repository, modify the workflow from that repository to generate a malicious model of the library and challenge a pull request to the unique repository to generate the artifact. If Rust’s workflow would have then pulled within the poisoned model of the library it will have offered the attackers with the power to execute malicious code throughout the Rust repository with the workflow’s privileges.
“Upon exploitation, the attacker might modify the repository branches, pull requests, points, releases, and the entire entities which are accessible for the workflow token permissions,” the researchers stated.
Customers have to implement stricter filtering for artifact downloads
GitHub responded to Legit’s report by including extra filtering capabilities to the API which builders can use to higher determine artifacts created by a selected run occasion of the workflow (workflow run id). Nonetheless, this modification can’t be compelled onto present implementations with out breaking workflows, so it’s as much as customers to replace their workflows with stricter filtering as a way to be protected.
One other mitigation is to filter the downloaded artifacts by the hash worth of the commits that generated them or by excluding artifacts created by pull-request completely utilizing the exclude_pull_requests possibility. Legit Safety additionally contacted the authors of the susceptible customized artifact obtain scripts they discovered.
“In provide chain safety, the main focus has been on stopping individuals from contributing malicious code, so each time you do a change in a repository, create a pull request or do a change request, GitHub has a whole lot of built-in verification controls,” Liav Caspi, CTO of Legit Safety tells CSO. “Any individual has to approve your code, any individual has to merge it, so there’s an individual concerned. What we’ve been looking for are strategies that exploit a logic downside that any particular person might affect with out assessment and I feel that is one in every of them. If somebody would have recognized about it, they might have injected the artifact with none approval.”
Sometimes, CI pipelines have workflows that run routinely on pull requests to check the code earlier than it’s manually reviewed and if the pull request comprises any artifact that must be constructed, the workflow will construct it, Caspi stated. A complicated attacker might create the pull request to get the artifact constructed after which delete the request by closing the submission and likelihood is with all of the exercise noise that exists in supply code repositories in the present day, it will go unnoticed, he stated.
Copyright © 2022 IDG Communications, Inc.
