Skip to content

Comments

test: symlink PoC for pull_request_target audit#1354

Closed
tychtjan wants to merge 1 commit intogooddata:masterfrom
tychtjan:test/symlink-poc
Closed

test: symlink PoC for pull_request_target audit#1354
tychtjan wants to merge 1 commit intogooddata:masterfrom
tychtjan:test/symlink-poc

Conversation

@tychtjan
Copy link

@tychtjan tychtjan commented Feb 24, 2026

Adds a symlink in docs/content/en/latest/ pointing to .github/workflows/ to test whether rsync -a in the netlify-deploy-preview workflow preserves symlinks, potentially exposing workflow files on the deployed Netlify preview.

TESTING VULNERABILITY

test: symlink PoC for pull_request_target audit
5f09c50 
Adds a symlink in docs/content/en/latest/ pointing to .github/workflows/
to test whether rsync -a in the netlify-deploy-preview workflow preserves
symlinks, potentially exposing workflow files on the deployed Netlify preview.
@tychtjan
Copy link
Author

tychtjan commented Feb 24, 2026

Security audit complete - symlink PoC confirmed rsync preserves symlinks but Hugo does not follow them. Closing test PR.

@tychtjan tychtjan closed this Feb 24, 2026
@tychtjan tychtjan deleted the test/symlink-poc branch February 24, 2026 10:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lupko lupko Awaiting requested review from lupko lupko is a code owner

@pcerny pcerny Awaiting requested review from pcerny pcerny is a code owner

@jaceksan jaceksan Awaiting requested review from jaceksan jaceksan is a code owner

@hkad98 hkad98 Awaiting requested review from hkad98 hkad98 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tychtjan