diff --git a/.gitea/workflows/gate-check-v3.yml b/.gitea/workflows/gate-check-v3.yml index 5dad2701..38f9c1e5 100644 --- a/.gitea/workflows/gate-check-v3.yml +++ b/.gitea/workflows/gate-check-v3.yml @@ -40,16 +40,21 @@ jobs: runs-on: ubuntu-latest continue-on-error: true # Never block on our own detector failing steps: - - name: Check out PR branch (head) for the script - # NOTE: we intentionally check out the HEAD/PR branch here — not the base. - # This is required so that script fixes in PR branches (e.g. the self-loop - # exclusion in signal_6_ci) are actually used when evaluating that PR. - # Security: this job runs with continue-on-error: true and does not - # execute arbitrary PR code — it only runs the gate-check script which - # is read-only (API reads + JSON stdout). + - name: Check out base branch (trusted ref) + # Reverted from head.sha (PR #547 Bug-2 fix). + # pull_request_target runs under the repo's secrets context. Checking out + # an untrusted PR HEAD under that context is a known footgun (internal#116): + # a malicious PR author could inject arbitrary code into the checked-out + # tree and the workflow would execute it with elevated token access. + # Fix: always run the gate-check script from the PR's base branch — a + # trusted commit that an external actor cannot modify. + # Trade-off: script changes in the PR branch (e.g. self-loop exclusion in + # signal_6_ci) won't take effect until they land on main. That is an + # acceptable false-positive window vs. the attack surface of running + # untrusted code under a privileged token. uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ github.event.pull_request.base.ref }} - name: Run gate-check-v3 (single PR mode) if: github.event_name == 'pull_request_target' || github.event.inputs.pr_number != ''