default workflow permissions from org and/or repo

[davidism]

Running zizmor on flask, I get warnings about not specifying permissions on each workflow or job. However, the pallets org configures workflows to run with read permission only by default. If the org didn't set it globally, a repo could individually set it.

I couldn't find a discussion about this in zizmor's docs, issues, or discussions. Can zizmor detect this org/repo configuration? Should I ignore this warning? Or is this default read permission still too much, and I should be setting permissions on each workflow and job individually?

[woodruffw]

Hey @davidism, thanks for opening a discussion!

Or is this default read permission still too much, and I should be setting permissions on each workflow and job individually?

Yeah, we currently consider it too much for two reasons:

1. read-all implies read on some "niche" permissions like security-events too, i.e. allows all workflows/jobs to read security events by default, which they don't typically need to do.
2. read-all increases in scope over time, since GitHub periodically adds new permission scopes to GHA. For example, both models and attestations were added pretty recently, so workflows that didn't need those permissions before (since the features didn't exist before) now have those permissions.

That being said, this is definitely also a documentation deficiency -- the docs should probably explain that the default token might not be write-all, in which case in impact of the default isn't nearly as bad (but is still not ideal). It'd be great if I could pull that default via the API as well to mediate the finding's severity -- I'll look into the GitHub REST API to see if that's possible 🙂

[woodruffw]

(There's also a third reason to always explicitly set permissions: forks of a repo can change their own default token policies, so having each workflow/job explicitly declare its permissions makes downstream misuse/mis-scoping slightly harder. Not impossible of course, but it's another hurdle.)

[davidism]

Good to know. GitHub's UI isn't very clear about that, it says "Read repository contents and packages permissions: Workflows have read permissions in the repository for the contents and packages scopes only." Which makes it sound like only a few permissions are granted.

[woodruffw]

Oh hmm, it's possible that's my misunderstanding then -- I thought GitHub did a read-all grant for that, but the language there definitely suggests only contents: read and packages: read. I'll have to do some tests.