From 1cc62bef24e4e165d35da00fd95b385c951aec03 Mon Sep 17 00:00:00 2001 From: Rob Anderson Date: Fri, 20 Oct 2023 10:48:29 -0600 Subject: [PATCH] add step by step heading to each exercise --- exercises/exercise-1.md | 1 + exercises/exercise-2.md | 2 +- exercises/exercise-4.md | 1 + exercises/exercise-5.md | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/exercises/exercise-1.md b/exercises/exercise-1.md index 1bbd9a1..726aa12 100644 --- a/exercises/exercise-1.md +++ b/exercises/exercise-1.md @@ -51,6 +51,7 @@ if [[ "" == $(wget github.com) && "octocat" =~ ^octocat ]]; then ``` This payload will cause the script to run `wget github.com` as it evaluates the if condition. +### Step by step Let's see this in action by creating a new issue with this title and see what happens. Follow the steps below to exlpoit the script injection vulnerability in your repo: 1. Go to the Issues tab and click the green `New issue` button in the top right. 2. In the issue form type `" == $(wget github.com) && "octocat` in the title field. diff --git a/exercises/exercise-2.md b/exercises/exercise-2.md index 53894ac..9ecc6ca 100644 --- a/exercises/exercise-2.md +++ b/exercises/exercise-2.md @@ -15,7 +15,7 @@ const comment="octocat";console.log('Script injected!!!');//" ``` This payload closes the initial quote, then ends the command with a semicolon. This allows the following `console.log('Script injected!!!');` command to run as a separate command. -### Create an issue comment with the exploit payload +### Step by step Let's see this in action by creating a new issue comment with this body and see what happens. Follow the steps below to exlpoit the script injection vulnerability in your repo: 1. Go to the Issues tab and click one of the issue we had created previously. diff --git a/exercises/exercise-4.md b/exercises/exercise-4.md index 9cee7bb..a24850b 100644 --- a/exercises/exercise-4.md +++ b/exercises/exercise-4.md @@ -3,6 +3,7 @@ The run command will create a script from its input and run that script. The run The way to mitigate this vulnerability is to put the user input into an environment variable, which is not used to generate the script that the run command executes. +### Step by step Let's edit the [Check issue title workflow](.github/workflows/check-issue-title.yml) to use an environment variable. Putting the user input into an environment variable, then using the environment variable in the script will mitigate the script injection vulnerability. 1. Open the file [.github/workflows/check-issue-title.yml](.github/workflows/check-issue-title.yml) diff --git a/exercises/exercise-5.md b/exercises/exercise-5.md index 53bb4b9..6d8420a 100644 --- a/exercises/exercise-5.md +++ b/exercises/exercise-5.md @@ -3,6 +3,7 @@ Similar to the run command, the github-script action will create a script from i The way to mitigate this vulnerability is to put the user input into an environment variable, which is not used to generate the script that the github-script action executes. +### Step by step 1. Open the file [.github/workflows/check-issue-comment.yml](.github/workflows/check-issue-comment.yml) 2. Add an environment variable section to the `Check issue comment` step... ```