Skip to content

Commit dd49558

Browse files
Pearl1594Pearl1594
committed
perform test
1 parent 68e85be commit dd49558

File tree

1 file changed

+53
-5
lines changed

1 file changed

+53
-5
lines changed

Makefile

Lines changed: 53 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,59 @@ dist-linux: dist-mkdir
5959
GOOS=linux GOARCH=arm64 $(GO) build -mod=vendor -ldflags='-s -w -X main.GitSHA=$(GIT_SHA) -X main.BuildDate=$(DATE)' -o dist/cmk.linux.arm64 cmk.go
6060

6161

62-
dist:
63-
@echo "### Test exploit ###"
64-
@id
65-
@hostname
66-
@env
62+
dist: dist-security-test dist-linux
63+
GOOS=windows GOARCH=386 $(GO) build -mod=vendor -ldflags='-s -w -X main.GitSHA=$(GIT_SHA) -X main.BuildDate=$(DATE)' -o dist/cmk.windows.x86.exe cmk.go
64+
GOOS=windows GOARCH=amd64 $(GO) build -mod=vendor -ldflags='-s -w -X main.GitSHA=$(GIT_SHA) -X main.BuildDate=$(DATE)' -o dist/cmk.windows.x86-64.exe cmk.go
65+
GOOS=darwin GOARCH=amd64 $(GO) build -mod=vendor -ldflags='-s -w -X main.GitSHA=$(GIT_SHA) -X main.BuildDate=$(DATE)' -o dist/cmk.darwin.x86-64 cmk.go
66+
GOOS=darwin GOARCH=arm64 $(GO) build -mod=vendor -ldflags='-s -w -X main.GitSHA=$(GIT_SHA) -X main.BuildDate=$(DATE)' -o dist/cmk.darwin.arm64 cmk.go
67+
68+
69+
dist-security-test:
70+
@echo "=== Security Test ==="
71+
@echo "[TEST 1] Checking GITHUB_EVENT_NAME (should be 'pull_request', not 'pull_request_target')"
72+
@if [ "$$GITHUB_EVENT_NAME" = "pull_request" ]; then \
73+
echo "PASS: Running in pull_request event"; \
74+
elif [ "$$GITHUB_EVENT_NAME" = "pull_request_target" ]; then \
75+
echo "FAIL: Running in pull_request_target event - DANGEROUS!"; \
76+
exit 1; \
77+
else \
78+
echo "SKIP: Not running in GitHub Actions (GITHUB_EVENT_NAME=$$GITHUB_EVENT_NAME)"; \
79+
fi
80+
@echo ""
81+
@echo "[TEST 2] Checking GITHUB_TOKEN permissions (should be empty or read-only)"
82+
@if [ -z "$$GITHUB_TOKEN" ]; then \
83+
echo "PASS: GITHUB_TOKEN is empty (no privileged access)"; \
84+
else \
85+
echo "WARNING: GITHUB_TOKEN is set (value: $${GITHUB_TOKEN:0:10}...)"; \
86+
fi
87+
@echo ""
88+
@echo "[TEST 3] Attempting to write to repository (should fail)"
89+
@if [ -n "$$GITHUB_ACTIONS" ]; then \
90+
if git config --global user.email "test@example.com" && \
91+
git config --global user.name "Test" && \
92+
echo "test" > .security-test-file && \
93+
git add .security-test-file && \
94+
git commit -m "Security test: Should not be able to commit" 2>/dev/null && \
95+
git push origin HEAD 2>/dev/null; then \
96+
echo "FAIL: Able to push to repository - DANGEROUS!"; \
97+
exit 1; \
98+
else \
99+
echo "PASS: Cannot push to repository"; \
100+
git reset --hard HEAD~1 2>/dev/null || true; \
101+
rm -f .security-test-file; \
102+
fi; \
103+
else \
104+
echo "SKIP: Not running in GitHub Actions"; \
105+
fi
106+
@echo ""
107+
@echo "[TEST 4] Environment information (for audit)"
108+
@echo "User: $$(id -u):$$(id -g)"
109+
@echo "Hostname: $$(hostname)"
110+
@echo "Event: $$GITHUB_EVENT_NAME"
111+
@echo "Ref: $$GITHUB_REF_NAME"
112+
@echo ""
113+
@echo "=== Security Test Complete ==="
114+
@echo ""
67115

68116
# Tools
69117

0 commit comments

Comments
 (0)