Skip to content

Remove compromised actions-cool actions; pin check-user-permission (closes #891)#1035

Open
potiuk wants to merge 1 commit into
mainfrom
security/remove-actions-cool-891
Open

Remove compromised actions-cool actions; pin check-user-permission (closes #891)#1035
potiuk wants to merge 1 commit into
mainfrom
security/remove-actions-cool-891

Conversation

@potiuk

@potiuk potiuk commented Jul 12, 2026

Copy link
Copy Markdown
Member

Fixes #891.

actions-cool/issues-helper and actions-cool/maintain-one-comment were compromised -- an attacker moved every version tag to an imposter commit that exfiltrates CI/CD credentials (StepSecurity advisory linked in #891). GitHub TOS-blocked both repos on 2026-05-19, so they are no longer fetchable. Removed from the allowlist.

actions-cool/check-user-permission is the same org but was not compromised and is still live. It was allowlisted as a wildcard ('*': keep) -- more trust than warranted now that the org account was compromised. Rather than removing it (which would break apache/camel, the one ASF consumer, which pins it safely by SHA), this pins it to c21884f3dda18dafc2f8b402fe807ccc9ec1aa5e (v2.4.0) -- the exact SHA camel uses -- with keep: true so it stays approved but is not dependabot-tracked (no auto-pulling new versions from this org).

Verified across apache/*: only camel used check-user-permission (SHA-pinned, safe). The three repos that referenced the compromised actions by @v3 (linkis, linkis-website, incubator-kie-kogito-docs) are already protected by GitHub's takedown -- their steps now simply fail to fetch the action rather than running malicious code.

approved_patterns.yml is updated to match (surgical diff; unrelated expiry churn left to the update / remove_expired jobs).

Downstream cleanup (tracking)

Heads-up issues filed for the ASF repos that still reference the removed actions by the (now-blocked) @v3 tag, so they can drop/replace the dead steps:

None of these were exposed (no runs during the compromise window -- see the analysis comment above).

🤖 Generated with Claude Code

@potiuk

potiuk commented Jul 12, 2026

Copy link
Copy Markdown
Member Author

This repo has been removed anyway.

…loses #891)

actions-cool/issues-helper and actions-cool/maintain-one-comment were
compromised (all version tags moved to an imposter commit that exfiltrates
CI/CD credentials); GitHub TOS-blocked both repos on 2026-05-19. Remove them
from the allowlist -- they are no longer fetchable, and org-wide enforcement
should no longer approve them.

actions-cool/check-user-permission belongs to the same org but was not
compromised and is still live. It was allowlisted as a wildcard ('*': keep),
which -- given the org account was compromised -- is more trust than
warranted. Pin it instead to c21884f3dda18dafc2f8b402fe807ccc9ec1aa5e
(v2.4.0), the exact SHA apache/camel already uses, with keep: true so it stays
approved but is not dependabot-tracked (we do not want to auto-pull new
versions from this org). This preserves camel's safe, SHA-pinned usage while
dropping the wildcard.

approved_patterns.yml is updated to match (surgical diff; unrelated expiry
churn left to the update / remove_expired jobs).

Generated-by: Claude Opus 4.8 (1M context) via Claude Code
@potiuk potiuk force-pushed the security/remove-actions-cool-891 branch from 163b113 to 5a26cab Compare July 12, 2026 21:09
@potiuk potiuk changed the title Remove compromised actions-cool actions from allowlist (closes #891) Remove compromised actions-cool actions; pin check-user-permission (closes #891) Jul 12, 2026
@potiuk

potiuk commented Jul 12, 2026

Copy link
Copy Markdown
Member Author

Downstream impact check (apache/* consumers)

I searched apache/* for consumers of the three actions this PR touches, checked how each pins them, and whether any workflow ran while the compromised tags were live.

Who uses them, and how

Repo / workflow Action Ref Assessment
apache/linkis - auto-comment.yml issues-helper @v3 (tag) was exposed pattern, but see timeline
apache/linkis-website - auto-comment.yml issues-helper @v3 (tag) dormant (last run 2025-06-10)
apache/incubator-kie-kogito-docs - pr-preview-publish.yml / pr-preview-teardown.yml maintain-one-comment @v3 (tag) see timeline
apache/camel - pr-manual-component-test.yml check-user-permission @c21884f... (SHA) safe (SHA-pinned; not compromised)

Compromise window

Per the StepSecurity advisory:

  • 2026-05-18 19:10-19:31 UTC -- attacker repointed every tag to the imposter commit (issues-helper 19:10-19:13, maintain-one-comment 19:30-19:31).
  • 2026-05-19 ~00:33 UTC -- GitHub TOS-blocked both repos.
  • Live malicious window: ~5 hours.

Did any ASF workflow run in that window?

Runs created 2026-05-18..2026-05-19 for each workflow:

Workflow Runs during window
apache/linkis auto-comment.yml 0
apache/linkis-website auto-comment.yml 0
apache/incubator-kie-kogito-docs pr-preview-publish.yml 0
apache/incubator-kie-kogito-docs pr-preview-teardown.yml 0

No ASF workflow executed the compromised actions while the malicious commit was live, so on this evidence there was no credential exposure. Supporting detail:

  • linkis: no runs in May; its most recent run (2026-07-06) failed, consistent with the action being unfetchable now rather than exploited.
  • kogito-docs: the only nearby run was 2026-05-15 22:04 UTC -- three days before the compromise -- so it ran the legitimate action.

Net

  • Removing issues-helper + maintain-one-comment from the allowlist is correct cleanup; the org-wide block also stops the (now-dead) tag usages in linkis / linkis-website / kogito-docs from silently lingering.
  • check-user-permission is pinned to the exact SHA apache/camel already uses, preserving that safe usage.
  • The three downstream repos should drop their now-dead @v3 references, but no secret rotation appears necessary on this evidence.

Caveat: this covers usages GitHub code-search surfaced on default branches, via the Actions run history. A usage the index missed (other branches / un-indexed repos) would not be captured here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

maintain-one-comment should be removed from allowed list due to being compromised and no longer available

1 participant