search

SwaragThaikkandi / SMdRQA

For doing multidimensional recurrent quantification analysis(MdRQA) and sliding window version of it
https://swaragthaikkandi.github.io/SMdRQA/
GNU General Public License v3.0
1 stars 0 forks source link

FYI: Using the action like in the example would make you vulnerable to pwn requests #153

Closed ST-DDT closed 4 months ago

ST-DDT commented 4 months ago

The current run-nothing example is safe, but running anything in there that uses the source code is dangerous as it uses elevated permissions. I'll recommend rewriting/removing the example or raising awareness by adding a comment.

https://github.com/SwaragThaikkandi/SMdRQA/blob/6ed1aa92ab32516c4a5f23ab254f6bc161c47b68/.github/workflows/label.yml#L27-L28 https://github.com/SwaragThaikkandi/SMdRQA/blob/6ed1aa92ab32516c4a5f23ab254f6bc161c47b68/.github/workflows/label.yml#L33-L34

welcome[bot] commented 4 months ago

Thanks for opening your first issue here! Be sure to follow the issue template!

SwaragThaikkandi commented 4 months ago

@ST-DDT: This issue is currently awaiting triage.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details I am a bot created to help [SwaragThaikkandi](https://github.com/SwaragThaikkandi) manage community feedback and contributions. You can check out my [manifest file](https://github.com/SwaragThaikkandi/SMdRQA/blob/main/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
SwaragThaikkandi commented 4 months ago

@ST-DDT: There are no 'kind' label on this PR. You need a 'kind' label to generate the release note automatically.

Details I am a bot created to help [SwaragThaikkandi](https://github.com/SwaragThaikkandi) manage community feedback and contributions. You can check out my [manifest file](https://github.com/SwaragThaikkandi/SMdRQA/blob/main/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
SwaragThaikkandi commented 4 months ago

@ST-DDT: There are no area labels on this issue. Adding an appropriate label will greatly expedite the process for us. You can add as many area as you see fit. If you are unsure what to do you can ignore this!

Details I am a bot created to help [SwaragThaikkandi](https://github.com/SwaragThaikkandi) manage community feedback and contributions. You can check out my [manifest file](https://github.com/SwaragThaikkandi/SMdRQA/blob/main/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
ST-DDT commented 4 months ago

/kind bug /area security

This isn't an actual security bug, but a potential for that.

SwaragThaikkandi commented 4 months ago

Hi, Thanks for pointing out the problem. This particular workflow have been temporarily removed for further inspection.