Skip to content

Potential Exposure of Sensitive Data in new "Set up runner" Step #3980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mariusfilipowski opened this issue Jul 9, 2024 · 0 comments · Fixed by #3986 or #3987
Closed

Potential Exposure of Sensitive Data in new "Set up runner" Step #3980

mariusfilipowski opened this issue Jul 9, 2024 · 0 comments · Fixed by #3986 or #3987

Comments

@mariusfilipowski
Copy link
Contributor

Description:
After migrating to the latest version, we've observed that there's a new step titled "Set up runner" in each job. This step logs all inputs of the workflow_dispatch event before any custom actions have a chance to mask values that should remain hidden.

This raises a couple of questions and potential concerns:

  1. Is this step absolutely necessary for the workflow to function correctly?
  2. If not, is there a way to disable or tweak it to prevent the exposure of sensitive data?

Code Reference:
The related code can be found here: start-runner.sh#L102

Request:

  • Please clarify the necessity of the "Set up runner" step.
  • Provide guidance on how we can disable or adjust this step to ensure sensitive information is properly masked.

Thank you for your assistance in resolving this issue.
@npalm npalm mentioned this issue Jul 12, 2024
Merged
npalm added a commit that referenced this issue Jul 12, 2024
@npalm
fix: remove job start hook with senstive information (#3986)
bbcb470 
Remove not used job web ook that was logging potential sensitive
information.

close #3980
@forest-releaser forest-releaser bot mentioned this issue Jul 12, 2024
Merged
npalm pushed a commit that referenced this issue Jul 12, 2024
@forest-releaser
chore(main): release 5.12.2 (#3987)
c43d1bb 
🤖 I have created a release *beep* *boop*
---


##
[5.12.2](philips-labs/terraform-aws-github-runner@v5.12.1...v5.12.2)
(2024-07-12)


### Bug Fixes

* remove job start hook with senstive information
([#3986](https://github.com/philips-labs/terraform-aws-github-runner/issues/3986))
([bbcb470](philips-labs/terraform-aws-github-runner@bbcb470)),
closes
[#3980](https://github.com/philips-labs/terraform-aws-github-runner/issues/3980)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: forest-releaser[bot] <80285352+forest-releaser[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@mariusfilipowski