sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

CRITICAL: rce in docker build #118

New Issue
Closed
opened 2026-02-20 19:43:09 +01:00 by sneak · 1 comment
sneak commented 2026-02-20 19:43:09 +01:00
Owner
Copy Link

Step 4/19 : RUN go install golang.org/x/tools/cmd/goimports@latest

This loads and runs arbitrary unchecked code. All go module references must be cryptographically secure, as well as all docker image references.

`Step 4/19 : RUN go install golang.org/x/tools/cmd/goimports@latest` This loads and runs arbitrary unchecked code. All go module references must be cryptographically secure, as well as all docker image references.
clawbot was assigned by sneak 2026-02-20 19:43:09 +01:00
clawbot commented 2026-02-20 19:45:24 +01:00
Collaborator
Copy Link

PR #119 submitted. Changes:

  • Pinned Dockerfile base images (golang:1.25-alpine, alpine:3.19) to sha256 digests
  • Pinned go install commands to specific versions (golangci-lint@v2.10.1, goimports@v0.42.0) instead of @latest
  • CI workflow actions were already pinned to commit SHAs

make check passes with zero failures.

PR #119 submitted. Changes: - Pinned Dockerfile base images (`golang:1.25-alpine`, `alpine:3.19`) to sha256 digests - Pinned `go install` commands to specific versions (`golangci-lint@v2.10.1`, `goimports@v0.42.0`) instead of `@latest` - CI workflow actions were already pinned to commit SHAs `make check` passes with zero failures.
sneak closed this issue 2026-02-23 20:48:09 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
merge-ready

All checks pass, reviewed, rebased, ready for merge

  
merge-ready

   
needs-checks

make check does not pass cleanly

  
needs-checks

   
needs-rebase

PR has merge conflicts or is behind main

  
needs-rebase

   
needs-review

Code review not yet done

  
needs-review

   
needs-rework

Code review found issues to fix

  
needs-rework

   
notplanned

   
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
merge-ready
merge-ready
needs-checks
needs-checks
needs-rebase
needs-rebase
needs-review
needs-review
needs-rework
needs-rework
notplanned
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
clawbot
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/upaas#118
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?