Jenkins BCDK default job incorrectly configuired discovering forked prs

[patricksimonian]

in .jenkins/docker/contrib/configuration/jobs/_jobname/config.xml this line of code seems to allow any forked pr to kick of a build in the name space

  <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
              <strategyId>2</strategyId>
              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
   </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>

Why is this a problem?

• it opens the flood gates to uncontrolled prs which will consume resources
• it allows access to the name space from the pr's code

Potential Fix

remove this config from the generator.

[cvarjao]

@patricksimonian , ForkPullRequestDiscoveryTrait$TrustPermission means only from "From users with Admin or Write permission". Did you observe anything different from that?