Skip to content

ci: safe PoC for fork PR GCP secret exposure (VRP)#1399

Open
adilburaksen wants to merge 2 commits into
cdapio:developfrom
adilburaksen:vrp/safe-poc-key-access
Open

ci: safe PoC for fork PR GCP secret exposure (VRP)#1399
adilburaksen wants to merge 2 commits into
cdapio:developfrom
adilburaksen:vrp/safe-poc-key-access

Conversation

@adilburaksen
Copy link
Copy Markdown

@adilburaksen adilburaksen commented May 11, 2026

Security Research PoC — Google OSS VRP

This PR is a safe proof-of-concept for a vulnerability reported to Google OSS VRP:

Fork PRs that receive the build label run attacker-controlled code on k8s-runner-e2e
after CDAP_UI_E2E_GCP_SERVICE_ACCOUNT_CONTENTS and SCM_TEST_REPO_PAT are retrieved
from GCP Secret Manager and written to disk. GitHub's normal fork secret isolation does
not protect ambient k8s Workload Identity credentials.

Fix PR: #1398

What this PoC does

poc.js (added to repo root) reads ./key_file.json structure and checks env var presence.
No credential content is transmitted or exfiltrated.

package.json is modified so cdap-full-build-more-memory runs node poc.js first.

Expected CI output if the build label is applied:

===CDAP-UI-VRP-POC-START===
POC_KEY_FILE_EXISTS=true
POC_KEY_IS_GCP_SERVICE_ACCOUNT_JSON=true
POC_SERVICE_ACCOUNT_EMAIL=<sa>@<project>.iam.gserviceaccount.com
POC_SCM_PAT_PRESENT=true
POC_GCP_PROJECT_PRESENT=true
===CDAP-UI-VRP-POC-END===

This output would confirm fork-controlled code can observe both credentials after the
Secret Manager step — which is the evidence the VRP triager requested.

Requesting the build label to produce this CI log output as concrete VRP evidence.

@adilburaksen
ci: add safe PoC for fork PR GCP secret exposure (VRP)
09ddb53 
Demonstrates that fork-controlled build script runs after GCP
secrets are written to disk in build.yml (steps 6→10).

poc.js reads key_file.json structure and env var presence only.
No credential content is exfiltrated or transmitted.

Ref: cdapio#1398
@adilburaksen
Copy link
Copy Markdown
Author

adilburaksen commented May 11, 2026

@chtyim — requesting your help to confirm a security vulnerability reported to Google OSS VRP.

We have an open fix PR at #1398. This PR (#1399) is a safe PoC that confirms fork-controlled code can observe the GCP service account key and SCM PAT after the Secret Manager step.

To generate the CI evidence the VRP triager needs: could you apply the build label to this PR?

poc.js only reads ./key_file.json structure and checks env var presence — it does not transmit or exfiltrate any credential. The expected output in the job log will be:

POC_KEY_FILE_EXISTS=true
POC_KEY_IS_GCP_SERVICE_ACCOUNT_JSON=true
POC_SERVICE_ACCOUNT_EMAIL=<sa-email>
POC_SCM_PAT_PRESENT=true

This output will serve as concrete evidence for the triager and help close the VRP report faster so we can get #1398 reviewed and merged.

Thank you.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new script, poc.js, which inspects the environment and validates a local GCP service account key file. This script is integrated into the cdap-full-build-more-memory npm command. A review comment suggested improving the error handling in poc.js by moving the file reading operation into the try-catch block to prevent potential crashes during I/O operations.

Comment thread poc.js Outdated
@adilburaksen
Copy link
Copy Markdown
Author

adilburaksen commented May 11, 2026

Addressed Gemini review: moved fs.readFileSync inside the try-catch block in commit 64b0f32 — I/O and parse errors are now caught together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adilburaksen