Skip to content

Improve Codex autoreview workflow #1936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
DanShaders wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Improve Codex autoreview workflow #1936

DanShaders wants to merge 3 commits into from

Conversation

@DanShaders
Copy link
Collaborator

@DanShaders DanShaders commented Dec 3, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented Dec 3, 2025

Findings

  • .github/workflows/codex-review.yml:51 – The workflow now references openai/codex-action@v1 instead of the previously pinned SHA. Because this job runs in a pull_request_target context with repo write permissions and secrets, using a floating tag reintroduces a supply-chain risk: the action owner could retag v1, or the repo could be compromised, and the attacker would immediately execute arbitrary code with your token. Please re-pin the exact commit SHA to keep the workflow safe.
  • .github/workflows/codex-review.yml:60 – The conditional prompt line uses ${{ condition && 'text' }} without a fallback. In GitHub expressions false && '...' yields the literal boolean false, so for every PR not authored by DanShaders the prompt will contain a stray false line, which degrades the instruction quality sent to Codex. Use a construct that evaluates to an empty string when the condition is false (condition && 'text' || '') or wrap it in an if block.

@DanShaders DanShaders marked this pull request as draft December 3, 2025 20:43
@DanShaders
Align codex-review.yml with OpenAI example and drop misleading comments
460fc4c 
Note that safety is actually guaranteed by the use of
`on.pull_request_target` instead of `on.pull_request` and the fact we
don't override safety-strategy from a (safe) default `drop-sudo`.
@DanShaders
Improve Codex autoreview prompt
cfb8fb4
@DanShaders
Do not run autoreview on draft PRs
8f9f394
@github-actions
Copy link

github-actions bot commented Dec 8, 2025

Findings

  • High – .github/workflows/codex-review.yml:38-52 now checks out refs/pull/.../merge under pull_request_target, so the runner pulls untrusted PR code while secrets (OpenAI key, PR write token) are available and persist-credentials defaults to true. The prior flow deliberately stayed on the trusted base commit to avoid executing PR content. This change reintroduces a secret-exfiltration/RCE vector if a malicious or compromised allowed account opens a PR. Please revert to checking out the trusted base ref (or disable credentials) when handling untrusted PR code.

@DanShaders DanShaders marked this pull request as ready for review December 8, 2025 01:55
@DanShaders DanShaders changed the base branch from testnet to master December 11, 2025 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DanShaders