Rule: RGS-012 — Secret Exfiltration via Outbound HTTP Request
Severity: High
File: .github/workflows/docs-noob-tester.lock.yml
Line: 445
Description
Runner-Guard detected an outbound HTTP request (via curl) to a non-GitHub domain (localhost:4321) in a job step that has access to secrets and write permissions. The flagged step is "Wait for server readiness", which polls a local documentation server:
for i in {1..45}; do
STATUS=$(curl -s -o /dev/null -w "%{http_code}" (localhost/redacted)
[ "$STATUS" = "200" ] && echo "Server ready at (localhost/redacted) && break
echo "Waiting for server... ($i/45) (status: $STATUS)" && sleep 3
doneThis is localhost so it is unlikely to be an active exfiltration path, but the pattern is flagged because:
- The
curl target URL structure is present in a job with secrets access
- If the URL or server configuration were ever influenced by attacker-controlled data (e.g., via expression injection in an earlier step), the outbound request could be redirected to an external endpoint
- The combination of network I/O + secrets in the same job context is a high-risk pattern
Impact
In isolation this specific instance is low risk (localhost URL is hardcoded). However, the pattern creates a structural risk: any future change that allows user-controlled input to influence the URL, hostname, or headers of this curl request could enable secret exfiltration to an attacker-controlled endpoint.
Remediation
- Verify isolation: Confirm no workflow inputs, issue body content, or PR metadata can influence the URL `(localhost/redacted) or curl flags
- Minimize job permissions: Split the doc-server startup/readiness check into a separate job with no secrets access; pass only non-sensitive data to the agent job
- Use environment-scoped curl: If curl must run in the same job, wrap in a step with no
secrets.* in env: for that specific step
- Consider firewall allowlist: If the workflow firewall is active, explicitly allowlist
localhost/127.0.0.1 and deny all other outbound HTTP in this job
Detected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/24939030960
Note: A related finding for daily-fact was tracked in #28328. This is a separate occurrence in docs-noob-tester.
Generated by Static Analysis Report · ● 510.1K · ◷
Rule: RGS-012 — Secret Exfiltration via Outbound HTTP Request
Severity: High
File:
.github/workflows/docs-noob-tester.lock.ymlLine: 445
Description
Runner-Guard detected an outbound HTTP request (via
curl) to a non-GitHub domain (localhost:4321) in a job step that has access to secrets and write permissions. The flagged step is "Wait for server readiness", which polls a local documentation server:This is
localhostso it is unlikely to be an active exfiltration path, but the pattern is flagged because:curltarget URL structure is present in a job with secrets accessImpact
In isolation this specific instance is low risk (localhost URL is hardcoded). However, the pattern creates a structural risk: any future change that allows user-controlled input to influence the URL, hostname, or headers of this curl request could enable secret exfiltration to an attacker-controlled endpoint.
Remediation
secrets.*inenv:for that specific steplocalhost/127.0.0.1and deny all other outbound HTTP in this jobDetected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/24939030960