The way in which construct artifacts are saved by the GitHub Actions platform might allow attackers to inject malicious code into software program tasks with CI/CD (steady integration and steady supply) workflows that don’t carry out adequate filtering when downloading artifacts. Cybersecurity researchers have recognized a number of standard artifacts obtain scripts utilized by hundreds of repositories which can be weak to this difficulty.
“We’ve found that when transferring artifacts between totally different workflows, there’s a main danger for artifact poisoning — a way wherein attackers substitute the content material of a reputable artifact with a modified malicious one and thereby provoke a provide chain assault,” researchers from provide chain safety agency Legit Safety stated in an evaluation of the difficulty.
To assault a weak undertaking’s CI/CD pipeline that downloads and makes use of artifacts generated by different workflows, attackers solely must fork the repositories containing these workflows, modify them of their native copies so that they produce rogue artifacts after which make pull requests again to the unique repositories with out these requests having to be accepted.
A logic flaw in artifact storage APIs
GitHub Actions is a CI/CD platform for automating the constructing and testing of software program code. The service is free for public repositories and contains free minutes of employee run time and cupboard space for personal repositories. It’s extensively adopted by tasks that use GitHub to host and handle their supply code repositories.
GitHub Actions workflows are automated processes outlined in .yml information utilizing YAML syntax that get executed when sure triggers or occasions happen, similar to when new code will get dedicated to the repository. Construct artifacts are compiled binaries, logs and different information that consequence from the execution of a workflow and its particular person jobs. These artifacts are saved inside storage buckets with every workflow run being assigned a specific bucket the place it could add information and later obtain them from.
The reference “motion” (script) for downloading artifacts that’s supplied by GitHub doesn’t help cross-workflow artifact downloads, however reusing artifacts generated by totally different workflows as enter for follow-up construct steps are widespread use instances for software program tasks. That’s why builders have created their very own customized scripts that depend on the GitHub Actions API to obtain artifacts utilizing extra complicated filtering, similar to artifacts created by a particular workflow file, a particular person, a particular department and so forth.
The issue that Legit Safety discovered is that the API doesn’t differentiate between artifacts uploaded by forked repositories and base repositories, so if a obtain script filters artifacts generated by a specific workflow file from a specific repository, the API will serve the most recent model of the artifact generated by that file, however this might be a malicious model generated robotically by way of a pull request motion from a forked model of the repository.
“To place it merely: in a weak workflow, any GitHub person can create a fork that builds an artifact,” the researchers stated. “Then inject this artifact into the unique repository construct course of and modify its output. That is one other type of a software program provide chain assault, the place the construct output is modified by an attacker.
The researchers discovered 4 customized actions developed by the group for downloading artifacts that had been all weak. Certainly one of them was listed as a dependency for over 12,000 repositories.
The Rust instance
One of many repositories that used such a customized script in one in all its workflows was the official repository for the Rust programming language. The weak workflow, referred to as ci.yml was chargeable for constructing and testing the repository’s code and used the customized motion to obtain an artifact referred to as libgccjit.so — a Linux library file — that was generated by a workflow in a third-party repository.
All attackers needed to do was fork the third-party repository, modify the workflow from that repository to generate a malicious model of the library and difficulty a pull request to the unique repository to generate the artifact. If Rust’s workflow would have then pulled within the poisoned model of the library it might have supplied the attackers with the flexibility to execute malicious code throughout the Rust repository with the workflow’s privileges.
“Upon exploitation, the attacker might modify the repository branches, pull requests, points, releases, and the entire entities which can be out there for the workflow token permissions,” the researchers stated.
Customers must implement stricter filtering for artifact downloads
GitHub responded to Legit’s report by including extra filtering capabilities to the API which builders can use to higher establish artifacts created by a particular run occasion of the workflow (workflow run id). Nonetheless, this variation can’t be pressured onto present implementations with out breaking workflows, so it’s as much as customers to replace their workflows with stricter filtering as a way to be protected.
One other mitigation is to filter the downloaded artifacts by the hash worth of the commits that generated them or by excluding artifacts created by pull-request fully utilizing the exclude_pull_requests possibility. Legit Safety additionally contacted the authors of the weak customized artifact obtain scripts they discovered.
“In provide chain safety, the main focus has been on stopping folks from contributing malicious code, so each time you do a change in a repository, create a pull request or do a change request, GitHub has quite a lot of built-in verification controls,” Liav Caspi, CTO of Legit Safety tells CSO. “Any individual has to approve your code, any individual has to merge it, so there’s an individual concerned. What we’ve been looking for are methods that exploit a logic downside that any individual might affect with out evaluate and I believe that is one in all them. If somebody would have identified about it, they may have injected the artifact with none approval.”
Usually, CI pipelines have workflows that run robotically on pull requests to check the code earlier than it’s manually reviewed and if the pull request comprises any artifact that must be constructed, the workflow will construct it, Caspi stated. A classy attacker might create the pull request to get the artifact constructed after which delete the request by closing the submission and likelihood is with all of the exercise noise that exists in supply code repositories immediately, it might go unnoticed, he stated.
Copyright © 2022 IDG Communications, Inc.
