Zhen Chen created CALCITE-7469:
----------------------------------

             Summary: ead-all and Write-all permissions should not be used
                 Key: CALCITE-7469
                 URL: https://issues.apache.org/jira/browse/CALCITE-7469
             Project: Calcite
          Issue Type: Wish
            Reporter: Zhen Chen


```
[.github/workflows/{*}stale.yml{*}:34|https://github.com/apache/calcite/blob/5bf40d5dc64cbb2d875737d1e1ebcc699ad73abc/.github/workflows/stale.yml#L34-L34]
 
 
|default: 30|
|type: number|
||
|permissions: read-all|
| Warning
Read-all and Write-all permissions should not be used
Replace "read-all" with specific permissions (e.g., "contents: read"). See more 
on [SonarQube 
Cloud|https://sonarcloud.io/project/issues?id=apache_calcite&issues=AZtI5cnztI5KoMOh1yoM&open=AZtI5cnztI5KoMOh1yoM]
SonarCloud|
|jobs:|
|stale:|
|runs-on: ubuntu-latest|
h2. Rule
h3. Tool
SonarCloud
h3. Rule ID
githubactions:S8234
h3. Description
Using {{permissions: read-all}} or {{permissions: write-all}} grants all read 
or write permissions to a job, violating the principle of least privilege. Jobs 
should only have the specific permissions they need.
 
h2. Activity
 
First detected in commit last week
 
[!https://avatars.githubusercontent.com/u/77189278?s=40&v=4|width=20,height=20!|https://github.com/caicancai]
{{[[|https://github.com/apache/calcite/commit/ac81f758da2de2023713bbae594b1deea83a9e1d]CALCITE-6300
 [] Function MAP_VALUES/MAP_KEYS gives exception when 
mapV…|https://github.com/apache/calcite/commit/ac81f758da2de2023713bbae594b1deea83a9e1d]
 }}…
 
 
{{[ac81f75|https://github.com/apache/calcite/commit/ac81f758da2de2023713bbae594b1deea83a9e1d]}}
.github/workflows/ stale.yml:34 on branch main
 
Appeared in branch main last week
Commit 
[ac81f758|https://github.com/apache/calcite/commit/ac81f758da2de2023713bbae594b1deea83a9e1d]
```
 

 

Link is here: https://github.com/apache/calcite/security/code-scanning/173

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to