Skip to content

fix: scope confused deputy check to bot actors on pull_request:synchronize#44494

Merged
pelikhan merged 5 commits into
mainfrom
copilot/github-issue-39871-fix-access-denied-error
Jul 9, 2026
Merged

fix: scope confused deputy check to bot actors on pull_request:synchronize#44494
pelikhan merged 5 commits into
mainfrom
copilot/github-issue-39871-fix-access-denied-error

Conversation

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

isConfusedDeputyAttack was flagging any pull_request:synchronize event where github.actorpull_request.user.login — blocking legitimate multi-author collaboration where a human team member pushes commits to a PR they didn't open.

The actual attack vector (@dependabot recreate) always produces a bot actor: actor=dependabot[bot], prAuthor=<human>. Human-vs-human mismatches are never confused deputy — the pusher's own repository permissions are checked normally immediately after.

Changes

  • check_permissions_utils.cjs — Add actor.endsWith("[bot]") guard to the pull_request:synchronize branch:

    // Before — false positive when human Bob pushes to Alice's PR:
    if (eventName === "pull_request" && payload.action === "synchronize") {
    
    // After — restricted to bot actors only:
    if (eventName === "pull_request" && payload.action === "synchronize" && actor.endsWith("[bot]")) {
  • check_permissions_utils.test.cjs — Add regression test: actor="bob", prAuthor="alice" on synchronizefalse.

  • ADR-29450 — Update normative spec (Part 2 §2) and narrative (Decision + Negative Consequences) to require bot-scoping on the synchronize guard.


Generated by 👨‍🍳 PR Sous Chef · 8.9 AIC · ⌖ 5.99 AIC · ⊞ 4.7K ·
Comment /souschef to run again


Generated by 👨‍🍳 PR Sous Chef · 6.57 AIC · ⌖ 6.74 AIC · ⊞ 7.1K ·
Comment /souschef to run again

…onize

The isConfusedDeputyAttack function was comparing github.actor against
pull_request.user.login (PR author) for all synchronize events, causing
false positives when a human team member pushes commits to a PR they
did not author (legitimate collaboration).

The confused deputy attack (@dependabot recreate) always involves a
bot actor: actor=dependabot[bot], prAuthor=original human. Restricting
the synchronize check to actors ending in [bot] eliminates the false
positive while maintaining full protection against the actual attack.

Also:
- Add regression test for human-collaborates-on-others-PR scenario
- Update ADR-29450 normative spec and narrative to reflect bot-scoping

Closes #39871"

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix access denied error for bot-triggered PR events fix: scope confused deputy check to bot actors on pull_request:synchronize Jul 9, 2026
Copilot AI requested a review from pelikhan July 9, 2026 05:47
@pelikhan pelikhan marked this pull request as ready for review July 9, 2026 11:56
Copilot AI review requested due to automatic review settings July 9, 2026 11:56

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR narrows the Dependabot “confused deputy” detection logic for pull_request:synchronize events so it only triggers when the GitHub Actions actor is a bot (login ending with [bot]). This prevents legitimate multi-author collaboration (a human pushing commits to someone else’s PR) from being incorrectly blocked, while preserving the intended protection against the documented bot-driven attack vector.

Changes:

  • Restrict isConfusedDeputyAttack’s pull_request:synchronize check to bot actors (actor.endsWith("[bot]")).
  • Add a regression test ensuring human-vs-human actor/PR-author mismatches on synchronize are not flagged.
  • Update ADR-29450 to make the bot-scoping requirement explicit in both narrative and normative spec.
Show a summary per file
File Description
docs/adr/29450-guard-bot-filter-against-dependabot-confused-deputy-injection.md Updates the ADR decision and normative requirements to specify bot-only scoping for the pull_request:synchronize guard.
actions/setup/js/check_permissions_utils.test.cjs Adds regression coverage for legitimate human collaboration on pull_request:synchronize.
actions/setup/js/check_permissions_utils.cjs Implements bot-only scoping for pull_request:synchronize confused-deputy detection.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 3/3 changed files
  • Comments generated: 0
  • Review effort level: Low

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

⚠️ PR Code Quality Reviewer failed during code quality review.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🤖 PR Triage — Run §29020837798

Field Value
Category bug
Risk 🟡 Medium
Score 81 / 100
Action fast_track

Score breakdown: Impact 38 + Urgency 25 + Quality 18

Rationale: Tiny, targeted security fix (16 +/ 5 −) eliminating a false positive that blocked legitimate multi-author collaboration. Patch is trivially correct — adds && actor.endsWith('[bot]') guard — and a regression test is included. Highest quality-to-size ratio in this batch.

Generated by 🔧 PR Triage Agent · 77.6 AIC · ⌖ 14.7 AIC · ⊞ 5.4K ·

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, make sure the branch is up to date, and rerun checks.

Generated by 👨‍🍳 PR Sous Chef · 12.1 AIC · ⌖ 6.75 AIC · ⊞ 4.7K ·
Comment /souschef to run again

…39871-fix-access-denied-error

Co-authored-by: gh-aw-bot <259018956+gh-aw-bot@users.noreply.github.com>

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, make sure the branch is up to date, and rerun checks.

...

Addressed in eb12e93: merged origin/main into the branch and reran local checks (make lint, make test-unit, make test, make agent-report-progress). Prior failed PR-side runs were workflow/agent failures and are stale on the new HEAD; CI still needs a maintainer-triggered rerun for this branch.

Copilot AI requested a review from gh-aw-bot July 9, 2026 14:22
@gh-aw-bot

Copy link
Copy Markdown
Collaborator

pr-sous-chef
@copilot then run the pr-finisher skill, make any needed fixes, and rerun checks once the branch is up to date.

Generated by 👨‍🍳 PR Sous Chef · 16.6 AIC · ⌖ 7.21 AIC · ⊞ 4.7K ·
Comment /souschef to run again

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

pr-sous-chef
@copilot then run the pr-finisher skill, make any needed fixes, and rerun checks once the branch is up to date.
...

Ran the PR finisher pass on eb12e93. The branch is already up to date with main, there were no unresolved in-scope review threads, and local validation passed (make fmt, make lint, make test-unit, make test, make recompile). No code changes were needed. The last PR-side CJS, Doc Build - Deploy, and Smoke CI runs on this HEAD are action_required with no jobs started, so CI still needs a maintainer re-trigger/approval on the current head before merge.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, address unresolved review comments, and rerun checks once the branch is up to date.

Generated by 👨‍🍳 PR Sous Chef · 8.9 AIC · ⌖ 5.99 AIC · ⊞ 4.7K ·
Comment /souschef to run again

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, address unresolved review comments, and rerun checks once the branch is up to date.

...

Ran the PR finisher pass on 156cc16. The branch is up to date with main (0 commits behind), and there are no unresolved in-scope review threads/comments to address. Targeted validation for the changed JS passed (actions/setup/js: npm ci, vitest run check_permissions_utils.test.cjs, node --check check_permissions_utils.cjs).

Local full validation is still blocked by a pre-existing clean-checkout issue on the current base: make lint and make agent-report-progress fail in eslint-factory because the Makefile invokes npx prettier there without a local Prettier dependency, and npm tries to install nonexistent prettier@3.9.5. The PR-side CJS, Doc Build - Deploy, and Smoke CI runs on 156cc16 are action_required with zero jobs started, so CI still needs a maintainer approval/re-trigger on this head before merge.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

@copilot please run the pr-finisher skill, ensure the branch is up to date, and rerun checks.

Generated by 👨‍🍳 PR Sous Chef · 6.57 AIC · ⌖ 6.74 AIC · ⊞ 7.1K ·
Comment /souschef to run again

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

@copilot please run the pr-finisher skill, ensure the branch is up to date, and rerun checks.

...

Ran the PR-finisher pass on e0e6d01. The branch is up to date with main (current main SHA 5226c7a is already included), there are no unresolved in-scope review threads, and local validation passed: make fmt, make lint, make test-unit, make test, make recompile, and make agent-report-progress.

No code changes were needed. The PR-side CJS, Smoke CI, and Doc Build - Deploy runs on this head are still action_required with zero jobs started, so CI on the current head still needs a maintainer approval/re-trigger before merge.

@gh-aw-bot

Copy link
Copy Markdown
Collaborator

pr-sous-chef
@copilot please run the pr-finisher skill, ensure the branch is up to date, address any remaining review feedback, and rerun checks.

Run: https://github.com/github/gh-aw/actions/runs/29038065496

Generated by 👨‍🍳 PR Sous Chef · 10.2 AIC · ⌖ 5.35 AIC · ⊞ 7.1K ·
Comment /souschef to run again

@pelikhan pelikhan merged commit 7833adf into main Jul 9, 2026
17 of 18 checks passed
@pelikhan pelikhan deleted the copilot/github-issue-39871-fix-access-denied-error branch July 9, 2026 18:02
Copilot stopped work on behalf of gh-aw-bot due to an error July 9, 2026 18:02
@github-actions

Copy link
Copy Markdown
Contributor

🎉 This pull request is included in a new release.

Release: v0.82.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

4 participants