Skip to content

README.md

Latest commit

 

History

History
26 lines (21 loc) · 621 Bytes

README.md

File metadata and controls

26 lines (21 loc) · 621 Bytes

Test Terraform RCE

This repository is a test to validate the Terraform External Data Source RCE vulnerability in CI/CD pipelines.

Structure

.github/
  workflows/
    terraform-orchestrator.yml   # Main workflow
    _terraform-module.yml        # Reusable workflow
  scripts/
    build_matrix.py              # Module detection script
infrastructure/
  legit-module/
    terraform/
      main.tf
      terraform.tfvars

Test Instructions

  1. Fork this repository
  2. In your fork, create a new module with malicious payload
  3. Open a PR to this repository
  4. Observe if the workflow executes the payload