Skip to content

Guard against artifact poisoning in commenter#10149

Merged
timotheeguerin merged 3 commits into
mainfrom
alert-autofix-107
Mar 25, 2026
Merged

Guard against artifact poisoning in commenter#10149
timotheeguerin merged 3 commits into
mainfrom
alert-autofix-107

Conversation

@timotheeguerin
Copy link
Copy Markdown
Member

@timotheeguerin timotheeguerin commented Mar 25, 2026

Potential fix for https://github.com/microsoft/typespec/security/code-scanning/107

In general, to prevent artifact poisoning you should never let downloaded artifacts overwrite files in the repository workspace, and you should treat their contents as untrusted: extract them into a dedicated temporary directory and only read specific expected files from there, validating them if necessary. You should also avoid running build tools or package managers (npm install, pnpm install, etc.) in a workspace that may have been modified by untrusted artifact contents.

For this specific workflow, the best minimal fix is:

  1. Create a temporary directory under ${{ runner.temp }} to hold the downloaded artifact.
  2. Change the actions/download-artifact@v4 step to use path: ${{ runner.temp }}/comment-artifact (or similar) so that artifact contents cannot overwrite the repository’s code or config.
  3. Adjust the later use of comment.json to point at that safe location (e.g., --comment-file ${{ runner.temp }}/comment-artifact/comment.json).
  4. Leave pnpm install as-is, since once the artifact is isolated from the workspace, it can no longer affect what pnpm install reads or executes.

All changes occur in .github/workflows/commenter.yml:

  • Add a shell step before actions/download-artifact@v4 to mkdir -p ${{ runner.temp }}/comment-artifact.
  • Modify the download-artifact step to include path: ${{ runner.temp }}/comment-artifact.
  • Modify the pnpm chronus-github-pr-commenter step to read the comment file from that temp directory.

No extra actions or external libraries are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@timotheeguerin @github-advanced-security
Potential fix for code scanning alert no. 107: Artifact poisoning
3a47315 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 25, 2026

No changes needing a change description found.

@azure-sdk
Copy link
Copy Markdown
Collaborator

azure-sdk commented Mar 25, 2026
edited
Loading

You can try these changes here

🛝 Playground 🌐 Website 🛝 VSCode Extension

@timotheeguerin timotheeguerin changed the title Potential fix for code scanning alert no. 107: Artifact poisoning Guard against artifact poisoning in commenter Mar 25, 2026
@timotheeguerin timotheeguerin marked this pull request as ready for review March 25, 2026 20:57
@timotheeguerin timotheeguerin added this pull request to the merge queue Mar 25, 2026
Merged via the queue into main with commit fd0d196 Mar 25, 2026
30 checks passed
@timotheeguerin timotheeguerin deleted the alert-autofix-107 branch March 25, 2026 23:56
msyyc pushed a commit that referenced this pull request Apr 1, 2026
@timotheeguerin @github-advanced-security @msyyc
Guard against artifact poisoning in commenter (#10149)
4f7a397 
Potential fix for
[https://github.com/microsoft/typespec/security/code-scanning/107](https://github.com/microsoft/typespec/security/code-scanning/107)

In general, to prevent artifact poisoning you should never let
downloaded artifacts overwrite files in the repository workspace, and
you should treat their contents as untrusted: extract them into a
dedicated temporary directory and only read specific expected files from
there, validating them if necessary. You should also avoid running build
tools or package managers (`npm install`, `pnpm install`, etc.) in a
workspace that may have been modified by untrusted artifact contents.

For this specific workflow, the best minimal fix is:

1. Create a temporary directory under `${{ runner.temp }}` to hold the
downloaded artifact.
2. Change the `actions/download-artifact@v4` step to use `path: ${{
runner.temp }}/comment-artifact` (or similar) so that artifact contents
cannot overwrite the repository’s code or config.
3. Adjust the later use of `comment.json` to point at that safe location
(e.g., `--comment-file ${{ runner.temp
}}/comment-artifact/comment.json`).
4. Leave `pnpm install` as-is, since once the artifact is isolated from
the workspace, it can no longer affect what `pnpm install` reads or
executes.

All changes occur in `.github/workflows/commenter.yml`:
- Add a shell step before `actions/download-artifact@v4` to `mkdir -p
${{ runner.temp }}/comment-artifact`.
- Modify the `download-artifact` step to include `path: ${{ runner.temp
}}/comment-artifact`.
- Modify the `pnpm chronus-github-pr-commenter` step to read the comment
file from that temp directory.

No extra actions or external libraries are required.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markcowl markcowl markcowl approved these changes

@bterlson bterlson Awaiting requested review from bterlson bterlson is a code owner

@witemple-msft witemple-msft Awaiting requested review from witemple-msft witemple-msft is a code owner

@chrisradek chrisradek Awaiting requested review from chrisradek

@AlitzelMendez AlitzelMendez Awaiting requested review from AlitzelMendez

Assignees

No one assigned

Labels

eng

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@timotheeguerin @azure-sdk @markcowl