|
|
|
|
|
|
by baobun
243 days ago
|
|
|
> while the other is almost entirely unsafe (it's almost impossible to use safely). I don't believe this is fair. "Don't run untrusted code" is what it comes down to. Don't trust test suites or scripts in the incoming branch, etc. That pull_request_target workflows are (still) privileged by default is nuts and indeed a footgun but no need for "almost impossible" hysteria. |
|
|
TFA is a great example of how this breaks down. The two examples in the post obtain code execution/credential exfiltration without running an attacker controlled test suite or script.