open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/tests/scanners/workflow-scanner.test.mjs
Kjell Tore Guttormsen c31d4b1718 feat(workflow-scanner): E11 part 1 — core file-walk + 23-field blacklist + sink-restriction 
Adds a deterministic GitHub Actions / Forgejo Actions injection
scanner. Detects \${{ <dangerous-field> }} interpolations inside
\`run:\` step blocks under privileged or semi-privileged triggers.
Sink-restricted: \`if:\` / \`with:\` / \`env:\` (block-level) are
evaluated by the runner expression engine, not the shell, so they
are NOT injection sinks and are suppressed at parser level.

Why: workflow expression injection is the most prevalent SAST class
on GitHub (CodeQL preview: 800K+ findings across 158K repos). The
graduated severity matrix (HIGH for pull_request_target / discussion
/ workflow_run; MEDIUM for pull_request / workflow_dispatch) is the
community-converged calibration target — uniform HIGH causes alert
fatigue.

Components:
- scanners/lib/workflow-yaml-state.mjs — line-based YAML state
  machine. Tracks indentation, parent-context stack, and
  \`run: |\` / \`run: >\` block-scalar entry/exit. Zero deps.
- scanners/workflow-scanner.mjs — discoverWorkflows() probes
  .github/workflows/ and .forgejo/workflows/ directly (file-discovery
  has no glob include). 23-field blacklist (GHSL 17 + 6 GlueStack-
  class additions). Platform encoded via file path; no schema
  extension to finding(). Forgejo-specific: workflow_run advisory
  emitted to stderr; recommendation text mentions Forgejo's
  server-level token scoping (job-level permissions: is ignored).
- knowledge/workflow-injection-patterns.md — 23-field blacklist,
  trigger taxonomy, severity matrix, Forgejo divergences, NVD CVE
  corpus.

Tests (47 new):
- tests/lib/workflow-yaml-state.test.mjs (15): trigger forms
  (string / inline-list / block-list / block-mapping), single-line
  run, block-scalar | and > tracking, env/with sink-mismatch,
  multi-line, comment stripping, line-number accuracy.
- tests/scanners/workflow-scanner.test.mjs (14): TP head_ref
  pull_request_target, TP discussion.title gluestack pattern,
  TP comment.body pull_request, TP issue.body block-scalar,
  FP if-context, FP env-block, INFO numeric, Forgejo TP, Forgejo
  workflow_run advisory, envelope shape, WFL prefix.
- 9 fixtures in tests/fixtures/workflows/{.github,.forgejo}/workflows/.

Out of scope (B4 / Batch D):
- Re-interpolation detection (env.VAR after env: from blacklisted source)
- github.actor authorization-bypass category
- WFL prefix in severity.mjs OWASP maps + scan-orchestrator
  registration (B4)
- Composite-action input tracing, GITHUB_ENV poisoning (Batch D)

Test count: 1685 → 1732 (+47). Pre-compact-scan flake unchanged
(passes in isolation).
2026-04-30 15:48:48 +02:00

148 lines
5.1 KiB
JavaScript
Raw Blame History

// workflow-scanner.test.mjs — E11 integration tests against fixtures
// in tests/fixtures/workflows/.{github,forgejo}/workflows/.
import { describe, it, before } from 'node:test';
import assert from 'node:assert/strict';
import { resolve } from 'node:path';
import { resetCounter } from '../../scanners/lib/output.mjs';
const { scan, discoverWorkflows } = await import('../../scanners/workflow-scanner.mjs');
const FIXTURE_DIR = resolve(import.meta.dirname, '../fixtures/workflows');
function findingsByFile(findings, fileSubstr) {
return findings.filter(f => (f.file || '').includes(fileSubstr));
}
describe('workflow-scanner — discoverWorkflows', () => {
it('finds .yml files in .github/workflows/ and .forgejo/workflows/', async () => {
const files = await discoverWorkflows(FIXTURE_DIR);
const githubCount = files.filter(f => f.includes('/.github/workflows/')).length;
const forgejoCount = files.filter(f => f.includes('/.forgejo/workflows/')).length;
assert.ok(githubCount >= 5, `expected ≥5 GitHub fixtures, got ${githubCount}`);
assert.ok(forgejoCount >= 2, `expected ≥2 Forgejo fixtures, got ${forgejoCount}`);
});
it('returns empty array for path with no workflow dirs', async () => {
const files = await discoverWorkflows('/tmp');
assert.deepEqual(files, []);
});
});
describe('workflow-scanner — true-positive cases', () => {
let result;
before(async () => {
resetCounter();
result = await scan(FIXTURE_DIR);
});
it('flags github.head_ref under pull_request_target as HIGH', () => {
const fs = findingsByFile(result.findings, 'tp-prtarget-head-ref.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'high');
assert.match(fs[0].evidence, /github\.head_ref/);
});
it('flags discussion.title under discussion as HIGH (gluestack CVE pattern)', () => {
const fs = findingsByFile(result.findings, 'tp-discussion-title.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'high');
assert.match(fs[0].evidence, /discussion\.title/);
});
it('flags comment.body under pull_request as MEDIUM', () => {
const fs = findingsByFile(result.findings, 'tp-pull-request-comment.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'medium');
assert.match(fs[0].evidence, /comment\.body/);
});
it('flags issue.body inside `run: |` block-scalar as HIGH', () => {
const fs = findingsByFile(result.findings, 'tp-block-scalar-run.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'high');
assert.match(fs[0].evidence, /issue\.body/);
});
});
describe('workflow-scanner — false-positive suppression', () => {
let result;
before(async () => {
resetCounter();
result = await scan(FIXTURE_DIR);
});
it('does NOT flag head_ref inside `if:` (sink mismatch)', () => {
const fs = findingsByFile(result.findings, 'fp-if-context.yml');
assert.equal(fs.length, 0, `expected no findings, got: ${JSON.stringify(fs)}`);
});
it('does NOT flag pull_request.title inside top-level `env:` mapping', () => {
const fs = findingsByFile(result.findings, 'fp-env-block.yml');
assert.equal(fs.length, 0);
});
});
describe('workflow-scanner — INFO classification', () => {
let result;
before(async () => {
resetCounter();
result = await scan(FIXTURE_DIR);
});
it('reports github.event.pull_request.number as INFO (numeric/safe)', () => {
const fs = findingsByFile(result.findings, 'fp-numeric-field.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'info');
});
});
describe('workflow-scanner — Forgejo platform', () => {
let result;
before(async () => {
resetCounter();
result = await scan(FIXTURE_DIR);
});
it('flags forgejo.head_ref under pull_request as MEDIUM', () => {
const fs = findingsByFile(result.findings, 'forgejo-tp.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'medium');
assert.match(fs[0].file, /\.forgejo\/workflows\//);
assert.match(fs[0].recommendation, /Forgejo/);
});
it('treats workflow_run as privileged on Forgejo (HIGH severity preserved)', () => {
const fs = findingsByFile(result.findings, 'forgejo-workflow-run.yml');
assert.equal(fs.length, 1);
assert.equal(fs[0].severity, 'high');
});
});
describe('workflow-scanner — output envelope', () => {
it('returns scannerResult with status=ok and counts', async () => {
resetCounter();
const r = await scan(FIXTURE_DIR);
assert.equal(r.status, 'ok');
assert.equal(r.scanner, 'workflow');
assert.ok(r.files_scanned >= 7);
assert.ok(typeof r.duration_ms === 'number');
assert.ok(r.counts.high + r.counts.medium + r.counts.info >= 7);
});
it('emits findings with WFL scanner prefix in id', async () => {
resetCounter();
const r = await scan(FIXTURE_DIR);
for (const f of r.findings) {
assert.match(f.id, /^DS-WFL-\d{3}$/);
assert.equal(f.scanner, 'WFL');
}
});
it('returns ok with no findings on empty target', async () => {
resetCounter();
const r = await scan('/tmp');
assert.equal(r.status, 'ok');
assert.equal(r.findings.length, 0);
});
});
Reference in a new issue View git blame Copy permalink