Skip to content
This repository has been archived by the owner on Jul 22, 2024. It is now read-only.

SCI Hack Azure ARM template references questionable repo #136

Open
larryclaman opened this issue Mar 2, 2023 · 3 comments
Open

SCI Hack Azure ARM template references questionable repo #136

larryclaman opened this issue Mar 2, 2023 · 3 comments

Comments

@larryclaman
Copy link

In reviewing the ARM template to deploy the azure environment for the SCI OpenHack, there is a call to a "random" github repo seen at line 630:

OpenHack/byos/sci/scripts/azure-deploy-scioh-env.json

Line 630 in 1967ccb

"https://raw.githubusercontent.com/LODSContent/Tom-Demo/master/ohinstall.ps1"

Why is this script being pulled from the repo https://github.com/LODSContent/Tom-Demo ?
Seems like it should corrected to reference the script in this repo, eg https://raw.githubusercontent.com/microsoft/OpenHack/main/byos/sci/scripts/scripts/ohinstall.ps1
@larryclaman
Copy link
Author

@dwnatwick , any thoughts? I think you were the last to edit this file.

@larryclaman larryclaman mentioned this issue Mar 10, 2023
Open
@larryclaman
Copy link
Author

I created PR #138 if someone from the OpenHack teams wants to review/approve.

@larryclaman
Copy link
Author

Ping @jileary23 as the last person to modify the repo.

I think this could be considered a security issue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@larryclaman