[CI][Security] SEC-00774: Prevent GITHUB_ENV injection from PR title on PSDB/buildbot trigger workflows#3050
Open
vkallesh wants to merge 2 commits into
Conversation
…on PSDB/buildbot triggers
Critical finding SEC-00774: the "Escape pull request title" step wrote the raw PR
title to $GITHUB_ENV as `PR_TITLE=<title>`. A crafted multi-line PR title could
inject arbitrary environment variables into all subsequent steps, which run on
persistent self-hosted compiler-generic-runners that have org credentials in
scope (CI_GITHUB_TOKEN, CI_JENKINS_TOKEN, BUILDBOT_PWD) -> potential RCE and
secret exfiltration by any external contributor able to open a PR.
Changes (PSDB-amd-staging.yml and buildbot-psdb-trigger.yml):
- Write PR_TITLE to $GITHUB_ENV using a random here-doc delimiter
(PR_TITLE<<ghadelimiter_<uuid>) so a multi-line title is stored as a single
value and cannot define additional variables. Title is read from the event
payload file (never interpolated into the shell). Also guards against a title
that contains the generated delimiter.
- Remove credential secrets from job-level `env:` and scope them to only the
step that needs them:
- PSDB: CI_GITHUB_TOKEN / CI_JENKINS_JOB_NAME / CI_JENKINS_URL -> "Trigger
Jenkins Pipeline" step only.
- buildbot: CI_GITHUB_TOKEN -> "Set Initial Status to Pending" and "Poll
Buildbot build status" steps only.
- Add top-level `permissions: contents: read` to both workflows.
Follow-up (infra, not in workflow YAML): migrate compiler-generic-runners to
ephemeral (single-job) runners as recommended in the finding.
Co-authored-by: Cursor <cursoragent@cursor.com>
skganesan008
requested changes
Jun 24, 2026
skganesan008
left a comment
skganesan008
left a comment
Collaborator
There was a problem hiding this comment.
Please remove both the files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix for ROCM-26707