Skip to content

test the hack#18

Open
noorsk-dev wants to merge 1 commit into
zakisk:mainfrom
noorsk-dev:test-permission-check-script-hack
Open

test the hack#18
noorsk-dev wants to merge 1 commit into
zakisk:mainfrom
noorsk-dev:test-permission-check-script-hack

Conversation

@noorsk-dev

Copy link
Copy Markdown

📝 Description of the Change

🔗 Linked GitHub Issue

Fixes #

🧪 Testing Strategy

  • Unit tests
  • Integration tests
  • End-to-end tests
  • Manual testing
  • Not Applicable

🤖 AI Assistance

AI assistance can be used for various tasks, such as code generation,
documentation, or testing.

Please indicate whether you have used AI assistance
for this PR and provide details if applicable.

  • I have not used any AI assistance for this PR.
  • I have used AI assistance for this PR.

Important

Slop will be simply rejected, if you are using AI assistance you need to make sure you
understand the code generated and that it meets the project's standards. you
need at least know how to run the code and deploy it (if needed). See
startpaac to make it easy
to deploy and test your code changes.

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Claude noreply@anthropic.com

✅ Submitter Checklist

  • 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
  • ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
  • ♽ I have run make test and make lint locally to check for and fix any
    issues. For an efficient workflow, I have considered installing
    pre-commit and running pre-commit install to
    automate these checks.
  • 📖 I have added or updated documentation for any user-facing changes.
  • 🧪 I have added sufficient unit tests for my code changes.
  • 🎁 I have added end-to-end tests where feasible. See README for more details.
  • 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
  • If adding a provider feature, I have filled in the following and updated the provider documentation:
    • GitHub App
    • GitHub Webhook
    • Gitea/Forgejo
    • GitLab
    • Bitbucket Cloud
    • Bitbucket Data Center

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a hardcoded bypass for the user 'noorsk-dev' in the PR permission check script. A critical security concern was raised regarding this change, as it undermines the repository's access control mechanisms and should be replaced with proper permission management.

Comment thread .github/scripts/check-pr-permissions.js Outdated
Comment on lines +29 to +33
if (actor === "noorsk-dev") {
core.info(`✅ Condition met: User @${actor} is a trusted developer. Proceeding.`);
return;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-critical critical

Hardcoding a specific user to bypass security checks is a critical security vulnerability. This script is designed to protect the CI environment by verifying permissions through GitHub's access control (Teams, Organizations, and Repository roles). Bypassing these checks for a specific account makes the system brittle and insecure. If this user requires access, they should be granted the necessary permissions within the GitHub Organization or Repository.

@noorsk-dev noorsk-dev closed this Apr 1, 2026
@noorsk-dev noorsk-dev force-pushed the test-permission-check-script-hack branch from 591300b to 5500a82 Compare April 1, 2026 06:53
@zakisk zakisk reopened this Apr 1, 2026
@noorsk-dev noorsk-dev force-pushed the test-permission-check-script-hack branch 2 times, most recently from 1b51412 to dab1d23 Compare April 1, 2026 06:55
@noorsk-dev noorsk-dev force-pushed the test-permission-check-script-hack branch 6 times, most recently from 3d284d1 to a136f53 Compare April 10, 2026 04:55
Signed-off-by: Noor Shaikh <sk78692noor@gmail.com>
@noorsk-dev noorsk-dev force-pushed the test-permission-check-script-hack branch from a136f53 to 43ae98a Compare April 10, 2026 04:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants