Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All Pull requests have been edited #12542

Closed
grisu48 opened this issue Feb 3, 2025 · 6 comments
Closed

All Pull requests have been edited #12542

grisu48 opened this issue Feb 3, 2025 · 6 comments

Comments

@grisu48
Copy link

grisu48 commented Feb 3, 2025

It looks like all repository pull requests have been subject to vandalism.

Not entirely sure, but it could be that https://github.com/microsoft/WSL/pull/12534 opened a possibility for a unfriendly GitHub CI action to edit all PR title and descriptions.
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 3, 2025

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

@josegomezr
Copy link

It looks like all repository pull requests have been subject to vandalism.

Not entirely sure, but it could be that #12534 opened a possibility for a unfriendly GitHub CI action to edit all PR title and descriptions.

Just quoting your message for future reference. I've seen that the PR descriptions are modified by the github-actions bot user but the comments below seem not to be affected.

@grisu48
Copy link
Author

grisu48 commented Feb 3, 2025
edited
Loading

Indeed. I post a screenshot here for future reference as well. This is e.g. https://github.com/microsoft/WSL/pull/12529

One can see that the github-actions bot edited the PR title, added labels 13h ago. The authors have not been doing this.

Image

@Permik
Copy link

Permik commented Feb 3, 2025

It's most likely this PR
https://github.com/microsoft/WSL/pull/12474

References security related testing, bot replied weirdly and the gist referenced in the changes has since been deleted.

@benhillis
Copy link
Member

Thanks for the report, we're working on a fix and have already disabled the offending workflow.

Please know we're taking this seriously and will be getting in touch with GitHub support to help restore the repo.

@grisu48
Copy link
Author

grisu48 commented Feb 3, 2025

Thank you and good luck!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@grisu48 @josegomezr @Permik @benhillis