Description: An attacker publishes a malicious NuGet package with a name similar to a legitimate dependency used by the Nuke build script (typosquatting) or exploits dependency confusion by publishing a package with the same name as an internal package to a public repository. Nuke, during package resolution, might download and use the malicious package instead of the intended one. The attacker gains code execution within the build process.
Impact: Supply chain compromise, arbitrary code execution on the build server, potential data exfiltration from the build environment, introduction of vulnerabilities into the final application, build process disruption.
Nuke Component Affected: NuGet Package Resolution, NuGetToolTasks, NuGetRestore task.
Risk Severity: High
Mitigation Strategies:
* Use a private NuGet feed or package repository manager for internal and vetted external dependencies.
* Configure NuGet package sources to prioritize private feeds and explicitly trust only necessary public sources.
* Implement dependency scanning and vulnerability checks for all NuGet packages used in the build process.
* Pin specific versions of NuGet packages in packages.config, PackageReference or central package management to avoid unexpected updates.
* Utilize NuGet package signing and verification features.
* Regularly audit and review project's NuGet package dependencies.
Description: An attacker exploits vulnerabilities in Nuke build scripts where commands are dynamically constructed using unsanitized external input (e.g., environment variables, user-provided data, content from external files). By manipulating these inputs, the attacker can inject malicious commands that are executed by the build server during the build process.
Impact: Arbitrary code execution on the build server, unauthorized access to the build environment, data exfiltration, build process manipulation, denial of service of the build system.
Nuke Component Affected: Build Scripts (C# or F# code), any Nuke task or helper function that executes shell commands or external processes (e.g., ProcessTasks, FileSystemTasks).
Risk Severity: Critical
Mitigation Strategies:
* Avoid dynamic command construction based on untrusted or external input.
* If dynamic command construction is unavoidable, rigorously sanitize and validate all external inputs before incorporating them into commands.
* Use parameterized commands or APIs provided by Nuke or underlying tools to prevent injection vulnerabilities.
* Apply the principle of least privilege to the build process, limiting the permissions of the build user and the actions the build script can perform.
* Implement code reviews for build scripts to identify potential injection points.
Description: Developers accidentally hardcode sensitive information like API keys, passwords, certificates, or connection strings directly into Nuke build scripts or configuration files. If these scripts are committed to version control, exposed in build logs, or accessible to unauthorized personnel, attackers can discover and exploit these secrets. Impact: Unauthorized access to external systems and resources, data breaches, account compromise, infrastructure takeover, compromise of application security. Nuke Component Affected: Build Scripts (C# or F# code), Configuration files (if used to store secrets). Risk Severity: Critical Mitigation Strategies: * Never hardcode secrets directly in build scripts or configuration files. * Utilize secure secret management solutions (e.g., Azure Key Vault, HashiCorp Vault, CI/CD system secret variables) to store and retrieve secrets. * Ensure build scripts access secrets securely and only when absolutely necessary. * Implement secret scanning tools to automatically detect accidental exposure of secrets in code repositories and build logs. * Rotate secrets regularly to minimize the impact of potential exposure. * Use environment variables provided by the CI/CD system to pass secrets to the build process.