Notice: tj-actions/changed-files 3rd party GitHub Action compromised

Hi folks,

Not the most enjoyable news to receive on a Friday night but security notices are best acted on quickly. A popular re-usable GitHub Action tj-actions/changed-files has been compromised. There is a well written article with the details here: Semgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromised

The Infrastructure project and Open Robotics Security team are taking action in core Open Robotics repositories but I wanted to make sure that all in the community are aware and can take appropriate steps.

If I can soap box at all here, my recommendation when using platforms like GitHub Actions is to rely on what you know rather than what you can find for small tasks like this. Inlining your own change detection logic as recommended in the article is doable with a few lines of git and shell. Here’s one example from the reprepro-updater repository. The script there may not have the features of the reusable action but it’s plain what it does when you look at it and it will always do exactly that until you need to change it.

When it does make sense to rely on shared GitHub Actions, such as for more complicated tasks the other advice in the above article is worth heeding:

Generally, pin all GitHub Actions to specific commit SHAs (rather than version tags) you know are safe.

Scary, thanks for sharing. It seems like even if you were using a tagged version you would have been affected since the attacker somehow pushed to existing tags.
It sounds like your team is on top of it but in this case over-communicating seems like a good strategy: rosidl still seems to be using changed-files.

GitHub Actions’s standard relies on misusing (in my opinion) Git tags by deleting and re-creating them. This has always been doable but it’s not explicitly handled by git’s default transport mode and client behavior which assumes that tags won’t change without ever enforcing it. So the owner/repo@tag convention for shared Actions which is the standard pattern has always relied on tags being immutable only by convention. This is why the advice in the article is to use owner/repo@commitid instead.

Thanks this is known. This landed late enough on Friday that we’d already entered weekend mode so I started with an identify-and-contain approach. GitHub Actions has been disabled on that repository until the core team has time to redo the GitHub Action. We’re fortunate that there are no secrets on that repository to be leaked and that limits how much effort was needed during the initial response.