Skip to content

Commit

Permalink
Add a final pass for upgrading injectable fields to MEDIUM for potent…
Browse files Browse the repository at this point in the history
…ial branch injection.
  • Loading branch information
AdnaneKhan committed Dec 13, 2024
1 parent 1f58c12 commit 0d66ffa
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
3 changes: 3 additions & 0 deletions gatox/configuration/workflow_parsing.json
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@
"github.event.pull_request.head.repo.default_branch",
"github.head_ref"
],
"RISKY_CONTEXT_REGEXES": [
"(pr|PR).*(branch|head|ref)"
],
"SAFE_ISH_CONTEXTS": [
"label",
"flag",
Expand Down
4 changes: 4 additions & 0 deletions gatox/enumerate/reports/actions.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

from gatox.enumerate.reports.report import Report
from gatox.models.repository import Repository
from gatox.workflow_parser.utility import check_risky_regexes


class ActionsReport(Report):
Expand Down Expand Up @@ -173,6 +174,9 @@ def ___report_injection(self, candidate, details):
in ConfigurationManager().WORKFLOW_PARSING["UNSAFE_CONTEXTS"]
):
confidence = "HIGH"
elif confidence == "UNKNOWN" and var and check_risky_regexes(var):
confidence = "MEDIUM"

lines.append(f'Variables: {", ".join(val["variables"])}')
if "if_checks" in val and val["if_checks"]:
lines.append(f' Step If-check: {val["if_checks"]}')
Expand Down
11 changes: 11 additions & 0 deletions gatox/workflow_parser/utility.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import re

from gatox.configuration.configuration_manager import ConfigurationManager
from gatox.workflow_parser.expression_parser import ExpressionParser
from gatox.workflow_parser.expression_evaluator import ExpressionEvaluator
Expand Down Expand Up @@ -39,6 +41,15 @@ def check_sus(item):
return False


@staticmethod
def check_risky_regexes(item):
regexes = ConfigurationManager().WORKFLOW_PARSING["RISKY_CONTEXT_REGEXES"]

for regex in regexes:
if re.search(regex, item):
return True


@staticmethod
def check_pr_ref(item):
"""
Expand Down

0 comments on commit 0d66ffa

Please sign in to comment.