Skip to content

Add multiply helper#25

Open
maru1009 wants to merge 3 commits into
mainfrom
poc-rce-v2
Open

Add multiply helper#25
maru1009 wants to merge 3 commits into
mainfrom
poc-rce-v2

Conversation

@maru1009

@maru1009 maru1009 commented Jun 1, 2026

Copy link
Copy Markdown
Owner

Adds a small multiply helper.

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

5 similar comments
@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

@github-actions

github-actions Bot commented Jun 1, 2026

Copy link
Copy Markdown

🚨 RCE PROOF — attacker code executed inside claude-code-security-review

Execution context (arbitrary command ran in CI runner):

whoami : runner  uid=1001
host   : runnervm3jyl0
cwd    : /home/runner/work/test/test        # = the checked-out PR head (attacker-controlled)
kernel : Linux 6.17.0-1015-azure x86_64
claude : /opt/hostedtoolcache/node/18.20.8/x64/bin/claude 2.1.159 (Claude Code)
trigger: PR by maru1009

Reachable secret-bearing environment variables (names + lengths only — values withheld):

ANTHROPIC_API_KEY  (len=53)
GITHUB_ACTION  (len=40)
GITHUB_ACTIONS  (len=4)
GITHUB_ACTION_PATH  (len=70)
GITHUB_ACTION_REF  (len=0)
GITHUB_ACTION_REPOSITORY  (len=0)
GITHUB_ACTOR  (len=8)
GITHUB_ACTOR_ID  (len=9)
GITHUB_API_URL  (len=22)
GITHUB_BASE_REF  (len=4)
GITHUB_ENV  (len=90)
GITHUB_EVENT_NAME  (len=12)
GITHUB_EVENT_PATH  (len=51)
GITHUB_GRAPHQL_URL  (len=30)
GITHUB_HEAD_REF  (len=10)
GITHUB_JOB  (len=8)
GITHUB_OUTPUT  (len=93)
GITHUB_PATH  (len=91)
GITHUB_REF  (len=18)
GITHUB_REF_NAME  (len=8)
GITHUB_REF_PROTECTED  (len=5)
GITHUB_REF_TYPE  (len=6)
GITHUB_REPOSITORY  (len=13)
GITHUB_REPOSITORY_ID  (len=10)
GITHUB_REPOSITORY_OWNER  (len=8)
GITHUB_REPOSITORY_OWNER_ID  (len=9)
GITHUB_RETENTION_DAYS  (len=2)
GITHUB_RUN_ATTEMPT  (len=1)
GITHUB_RUN_ID  (len=11)
GITHUB_RUN_NUMBER  (len=1)
GITHUB_SERVER_URL  (len=18)
GITHUB_SHA  (len=40)
GITHUB_STATE  (len=93)
GITHUB_STEP_SUMMARY  (len=95)
GITHUB_TOKEN  (len=426)
GITHUB_TRIGGERING_ACTOR  (len=8)
GITHUB_WORKFLOW  (len=15)
GITHUB_WORKFLOW_REF  (len=63)
GITHUB_WORKFLOW_SHA  (len=40)
GITHUB_WORKSPACE  (len=27)
RUNNER_TRACKING_ID  (len=43)

Live GITHUB_TOKEN capability (attacker introspects the stolen token):

  • repo permissions the token reports: {'admin': False, 'maintain': False, 'push': False, 'triage': False, 'pull': False}
  • contents:write attempt -> HTTP 403 (201/200 = repo write achieved; 403/404 = token is read-only here)
  • token authenticated to GitHub API (rate_limit=5000) — confirms it is a valid, usable credential.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant