GitHub Security Lab (GHSL) Vulnerability Detection #
This document summarizes sisakulint’s detection capability against GitHub Security Lab advisories for the GitHub Actions ecosystem.
Summary #
| Metric | Value |
|---|---|
| Total Advisories | 18 |
| Detected (Direct) | 18 |
| Detection Rate | 100% |
Detection Categories #
| Rule | Detections |
|---|---|
| code-injection-critical | 13 |
| untrusted-checkout | 7 |
| cache-poisoning-poisonable-step | 6 |
| dangerous-triggers-critical | 2 |
| argument-injection-critical | 1 |
| output-clobbering-critical | 1 |
Detection Results #
Code Injection Vulnerabilities #
| Advisory ID | Affected Component | Severity | Detected | Detection Rules |
|---|---|---|---|---|
| GHSL-2024-326 | Actual | Critical | Yes | CodeInjectionCriticalRule, ArgumentInjectionCriticalRule |
| GHSL-2025-087 | PX4-Autopilot | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-089 | YDB | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-090 | harvester | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-091 | pymapdl | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-099 | cross-platform-actions | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-101 | homeassistant-tapo-control | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-102 | acl-anthology | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-103 | acl-anthology | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-104 | weaviate | Critical | Yes | CodeInjectionCriticalRule, DangerousTriggersRule |
| GHSL-2025-105 | vets-api | Critical | Yes | CodeInjectionCriticalRule, OutputClobberingCriticalRule |
| GHSL-2025-106 | esphome-docs | Critical | Yes | CodeInjectionCriticalRule |
| GHSL-2025-111 | nrwl/nx | High | Yes | UntrustedCheckoutRule, CodeInjectionCriticalRule |
Untrusted Code Execution Vulnerabilities #
| Advisory ID | Affected Component | Severity | Detected | Detection Rules |
|---|---|---|---|---|
| GHSL-2024-325 | Actual | Critical | Yes | CachePoisoningPoisonableStepRule, DangerousTriggersRule |
| GHSL-2025-006 | homeassistant-powercalc | Critical | Yes | UntrustedCheckoutRule, CachePoisoningPoisonableStepRule |
| GHSL-2025-077 | beeware | Critical | Yes | UntrustedCheckoutRule, CachePoisoningPoisonableStepRule |
| GHSL-2025-082 | ag-grid | Critical | Yes | UntrustedCheckoutRule, CachePoisoningPoisonableStepRule |
| GHSL-2025-084 | datadog-actions-metrics | Critical | Yes | UntrustedCheckoutRule |
| GHSL-2025-094 | faststream | Critical | Yes | UntrustedCheckoutRule, CachePoisoningPoisonableStepRule |
TOCTOU / Approval Bypass Vulnerabilities #
| Advisory ID | Affected Component | Severity | Detected | Detection Rules |
|---|---|---|---|---|
| GHSL-2025-038 | github/branch-deploy | High | Yes | CachePoisoningPoisonableStepRule |
Key Findings #
100% Detection Rate: sisakulint successfully detects all 18 GHSL advisories for GitHub Actions workflows.
Code Injection Dominance: 13 of 18 advisories (72%) involve code injection vulnerabilities via untrusted input in shell commands.
Untrusted Checkout Patterns: 7 advisories involve checking out untrusted PR code in privileged contexts.
Cache/Supply Chain Risks: 6 advisories involve cache poisoning or supply chain attack vectors.
Privileged Trigger Exploitation: All advisories exploit privileged triggers (
pull_request_target,issue_comment,workflow_run).
Core Detection Rules #
| Rule | Description | Auto-fix |
|---|---|---|
code-injection-critical | Detects untrusted input in shell commands | Yes |
argument-injection-critical | Detects untrusted input in command arguments | Yes |
dangerous-triggers-critical | Identifies privileged triggers without mitigations | No |
cache-poisoning-poisonable-step | Detects execution of untrusted code after checkout | Yes |
untrusted-checkout | Detects checkout of PR code in privileged contexts | Yes |
output-clobbering-critical | Detects untrusted input written to GITHUB_OUTPUT | Yes |
Taint Tracking #
sisakulint implements sophisticated taint tracking to detect indirect code injection:
- Direct Context Tracking: Identifies untrusted GitHub context variables
- Action Output Tracking: Tracks taint through known actions (e.g.,
xt0rted/pull-request-comment-branch) - Step Output Propagation: Follows taint through
actions/github-scriptoutputs
Running Verification #
# Build sisakulint
go build ./cmd/sisakulint
# Test all GHSL patterns
./sisakulint script/actions/ghsl/
# Test GHSL-2024 advisories
./sisakulint script/actions/ghsl/ghsl-2024-325-326.yaml
./sisakulint script/actions/ghsl/ghsl-2024-326-direct.yaml
./sisakulint script/actions/ghsl/ghsl-2024-326-known-action.yaml
# Test GHSL-2025 advisories
./sisakulint script/actions/ghsl/ghsl-2025-006.yaml # homeassistant-powercalc
./sisakulint script/actions/ghsl/ghsl-2025-038.yaml # branch-deploy TOCTOU
./sisakulint script/actions/ghsl/ghsl-2025-077.yaml # beeware
./sisakulint script/actions/ghsl/ghsl-2025-082.yaml # ag-grid
./sisakulint script/actions/ghsl/ghsl-2025-084.yaml # datadog-actions-metrics
./sisakulint script/actions/ghsl/ghsl-2025-087.yaml # PX4-Autopilot
./sisakulint script/actions/ghsl/ghsl-2025-089.yaml # YDB
./sisakulint script/actions/ghsl/ghsl-2025-090.yaml # harvester
./sisakulint script/actions/ghsl/ghsl-2025-091.yaml # pymapdl
./sisakulint script/actions/ghsl/ghsl-2025-094.yaml # faststream
./sisakulint script/actions/ghsl/ghsl-2025-099.yaml # cross-platform-actions
./sisakulint script/actions/ghsl/ghsl-2025-101.yaml # homeassistant-tapo-control
./sisakulint script/actions/ghsl/ghsl-2025-102.yaml # acl-anthology (link-to-checklist)
./sisakulint script/actions/ghsl/ghsl-2025-103.yaml # acl-anthology (print-info)
./sisakulint script/actions/ghsl/ghsl-2025-104.yaml # weaviate
./sisakulint script/actions/ghsl/ghsl-2025-105.yaml # vets-api
./sisakulint script/actions/ghsl/ghsl-2025-106.yaml # esphome-docs
./sisakulint script/actions/ghsl/ghsl-2025-111.yaml # nrwl/nx
Common Vulnerability Patterns #
Privileged Triggers #
These triggers grant elevated permissions and are prime targets for attacks:
| Trigger | Risk | Reason |
|---|---|---|
issue_comment | Critical | Triggered by anyone who can comment |
pull_request_target | Critical | Runs with target repo permissions on PR from fork |
workflow_run | Critical | Inherits elevated permissions from triggering workflow |
Untrusted Inputs #
Common untrusted inputs that can be exploited:
github.event.pull_request.head.ref
github.event.pull_request.title
github.event.pull_request.body
github.event.issue.title
github.event.issue.body
github.event.comment.body
github.event.workflow_run.head_branch
github.event.workflow_run.head_repository.full_name
steps.*.outputs.* (from tainted actions)