Branch `as-if-jh-code-sync` in JH validation project can be overwritten by mirrors
Branch as-if-jh-code-sync in JH validation project can be overwritten by mirrors. I figured this at !121531 (comment 1405701143)
This is the scenario:
- A developer+ at JiHu makes a branch called
as-if-jh-code-syncon https://jihulab.com/gitlab-cn/gitlab - It'll be mirrored to https://gitlab.com/gitlab-org/gitlab-jh-mirrors/gitlab because it's a full mirror of that
- It'll then be mirrored to https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation because it'll mirror all protected branches from https://gitlab.com/gitlab-org/gitlab-jh-mirrors/gitlab
- This means the protected branch
as-if-jh-code-synccan be overwritten by JiHu developers. Namely this branch: https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation/-/tree/as-if-jh-code-sync
Risk:
- This branch is used to synchronize between the merge request branch and the JH corresponding branch (or
main-jh), which has access toAS_IF_JH_TOKENvariable - This variable is a project access token which has
write_repositoryfor https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation and can be exposed to JiHu developers by the above scenario
Edited by Lin Jen-Shin