Security researchers demonstrated a software supply-chain attack that could have allowed them to backdoor the codebase of Bazel, a Google-developed open-source tool for automating software building and testing. The attack exploited vulnerabilities in a custom GitHub Action used by the project in its CI/CD workflows, highlighting how security issues can be inherited from third-party CI/CD dependencies.
“We found that a GitHub Actions workflow could have been injected by a malicious code due to a command injection vulnerability in one of Bazel’s dependent actions,” researchers from application security firm Cycode said in a blog post. “This vulnerability directly impacts the software supply chain, potentially allowing malicious actors to insert harmful code into the Bazel codebase, create a backdoor, and affect the production environment of anyone using Bazel. This vulnerability could have affected millions of projects and users who use Bazel, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more.”
Custom GitHub Actions can introduce hidden security risks
GitHub Actions is a CI/CD service offered by GitHub that allows developers to automate the building and testing of software code by defining workflows which execute automatically inside containers on either GitHub’s or the user’s own infrastructure. This is a popular service that many GitHub-hosted projects rely on to run various automated tests or actions on code contributed to their repositories.
However, the functionality offered by GitHub Actions can be used insecurely and researchers have highlighted multiple such mistakes in the past that could have resulted in software supply-chain compromises. In December 2022, researchers from security firm Legit Security showed how attackers could poison binary artifacts that would then be used as input for a project’s GitHub Action workflows. Earlier this month another team of researchers from Praetorian showed how self-hosted GitHub Actions runners can be exploited to infiltrate an organization’s development infrastructure. Likewise, the new research from Cycode doesn’t exploit any inherent vulnerability in GitHub Actions itself, but rather in the way some projects choose to use some of its features without considering the risks.
Users define GitHub Actions workflows by creating YAML files within the .github/workflows directory of a repository. These workflow files contain a series of jobs and steps that should be executed to achieve a task and they often involve calling predefined “actions.” These actions are like small scripts or code functions and some of them are provided by GitHub itself while others are created and provided by third parties. The latter are known as Custom Actions and they allow a level of code reuse and nested dependencies that is similar to that seen with various package managers like npm for JavaScript or pip for Python.
Just as vulnerabilities can be inherited from package dependencies in npm or pip, transitive vulnerabilities can make their way into a workflow from custom GitHub Actions written by other people. In fact, it’s even worse, because custom GitHub Actions can execute not just additional actions but also JavaScript and Python packages as well as shell commands. These are known as composite actions.