Skip to content

Add securitytest extension#9775

Closed
Bodlux wants to merge 7 commits intoAzure:mainfrom
Bodlux:poc-security-test
Closed

Add securitytest extension#9775
Bodlux wants to merge 7 commits intoAzure:mainfrom
Bodlux:poc-security-test

Conversation

@Bodlux
Copy link
Copy Markdown

@Bodlux Bodlux commented Apr 12, 2026

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

General Guidelines

  • Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
  • Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
  • My extension version conforms to the Extension version schema

For new extensions:

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

@azure-client-tools-bot-prd
Copy link
Copy Markdown

azure-client-tools-bot-prd bot commented Apr 12, 2026

Validation for Breaking Change Starting...

Thanks for your contribution!

@yonzhan
Copy link
Copy Markdown
Collaborator

yonzhan commented Apr 12, 2026

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 12, 2026

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@microsoft-github-policy-service microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Apr 12, 2026
@microsoft-github-policy-service
Copy link
Copy Markdown
Contributor

microsoft-github-policy-service bot commented Apr 12, 2026

Thank you for your contribution @Bodlux! We will review the pull request and get back to you soon.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 12, 2026
edited
Loading

Responsible Disclosure Notice

This automated comment was generated as part of an authorized security research engagement. It demonstrates that the VersionCalPRComment.yml workflow is vulnerable to artifact poisoning via a pull_request_target misconfiguration.

Finding: An external contributor can control the content of this automated comment and manipulate PR labels by modifying artifact files during the version-cal job, which checks out and executes code from the pull request head branch.

This issue has been reported to the Microsoft Security Response Center (MSRC) as part of responsible disclosure. No secrets were accessed and no unauthorized modifications were made.

Researcher: Bodlux | Run ID: 24317128999 | Timestamp: 2026-04-12T21:48:06.541622

@Bodlux Bodlux closed this Apr 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

customer-reported Issues that are reported by GitHub users external to the Azure organization.

Projects

None yet

Milestone

May 2026 (2026-05-05)

Development

Successfully merging this pull request may close these issues.

2 participants

@Bodlux @yonzhan