Skip links

Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

Editör'ün Yazısı Yorumu

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer mi massa, elementum sit amet diam quis, posuere aliquet quam. Phasellus maximus faucibus tortor quis finibus. Proin maximus ligula in lobortis congue. Phasellus ipsum turpis, consequat sed congue vitae, tempor sed tellus. Pellentesque in erat lobortis, tempus nisl eu, varius ex. In tempor sodales purus. Donec consectetur id libero vel tristique.

Morbi justo ipsum, euismod sit amet tristique pharetra, mattis eu ipsum. Vestibulum laoreet justo a dolor tempor, eget varius nunc auctor. Integer vel pellentesque eros. Aliquam dignissim sit amet nisi ut mollis. Nullam nulla justo, maximus nec enim eget, posuere eleifend turpis. Maecenas vitae placerat risus. Cras ultrices efficitur neque, vitae volutpat dui mollis non. Vestibulum commodo lectus sed diam faucibus interdum. Phasellus ut posuere augue, at sodales justo. Aenean fermentum vestibulum consequat. Nam at turpis lacinia, vestibulum lacus sed, iaculis quam. Pellentesque eleifend sodales egestas.

In vehicula lectus ut turpis dictum, lacinia viverra risus imperdiet. Integer ut diam in tellus vehicula porta. Aliquam vestibulum metus quis ante dignissim consectetur. In pellentesque, sapien ut imperdiet pretium, ante elit iaculis arcu, in facilisis turpis nisl a urna. Morbi ut justo at nibh finibus bibendum sit amet hendrerit eros. Morbi bibendum tincidunt accumsan. Nullam id vehicula leo.

Code reviews are an essential security guardrail, but GitHub’s required code reviewers’ settings might be giving you a false sense of security – they can easily be bypassed by any collaborator with reviewer permissions.

See how an attacker can use a compromised account to submit malicious code and merge it into your repository’s main branch while bypassing code review restrictions in this post.

TL;DR

  • GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.

  • Any code reviewer reviewing code can simply submit malicious code on pull requests during the review process and merge that code to the main branch without review.

  • GitHub does not currently provide users the ability to directly eliminate this risk.

Even if you followed every agile development best practice perfectly, there are still risks in agile software development. Agile has proven that it offers more benefits than drawbacks so it’s important to understand the potential security risks so that you can mitigate them ahead of time.

What Are Required Reviewers?

A typical development workflow looks like the following:

  1. The developer diverges from the repository’s main development branch

  2. Then the developer adds/deletes/modifies the code as needed.

  3. Finally, a second person must review and approve the changes before that code can be merged back to the main branch.