yml

Author: Raj-StepSecurity

.github/workflows/wf3.yml

@@ -0,0 +1,26 @@
+name: Test GitHubToken Excessive Permissions
+on:
+  push:
+    branches:
+      - main
+jobs:
+  test-permissions:
+    runs-on: ubuntu-latest
+    # Overly broad permissions for GITHUB_TOKEN
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+      actions: write
+      checks: write
+      deployments: write
+      statuses: write
+      packages: write
+      repository-projects: write
+      discussions: write
+      security-events: write  # This one, in particular, should raise a flag as it's typically not needed for most workflows
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Dummy Step
+        run: echo "This is to test excessive token permissions"