Summary
The GitHub ACL path in pkg/provider/github/acl.go allows any PR event with HeadURL == BaseURL and different branches.
For issue_comment events, Sender is the comment author, not the PR author. This can allow an untrusted commenter to pass ACL checks on same-repo PRs and trigger GitOps commands (/test, /retest, etc.) without collaborator/org/OWNERS checks.
Impact
- Unauthorized CI trigger on same-repo PR comment flows
- Resource abuse / control-plane abuse risk on public repositories
Current behavior
aclCheckAll() early-returns allow for same-repo PR topology before validating sender trust.
Expected behavior
Only allow this shortcut when sender identity is the PR submitter context (e.g. PR event), or otherwise require explicit sender trust (collaborator/org/OWNERS).
Proposed fix
- Restrict same-repo shortcut to pull_request event flows (not issue_comment replay/command flows), OR
- Validate sender collaborator membership before applying same-repo shortcut.
Test plan
- Add regression test: non-collaborator
issue_comment on same-repo PR should be denied.
- Ensure same-repo pull_request event behavior remains allowed.
Summary
The GitHub ACL path in
pkg/provider/github/acl.goallows any PR event withHeadURL == BaseURLand different branches.For
issue_commentevents,Senderis the comment author, not the PR author. This can allow an untrusted commenter to pass ACL checks on same-repo PRs and trigger GitOps commands (/test,/retest, etc.) without collaborator/org/OWNERS checks.Impact
Current behavior
aclCheckAll()early-returns allow for same-repo PR topology before validating sender trust.Expected behavior
Only allow this shortcut when sender identity is the PR submitter context (e.g. PR event), or otherwise require explicit sender trust (collaborator/org/OWNERS).
Proposed fix
Test plan
issue_commenton same-repo PR should be denied.