move YAMLMappingLikeNode to the standard library

Author: erik-krogh

javascript/ql/lib/semmle/javascript/Actions.qll

@@ -20,76 +20,6 @@ module Actions {
     }
   }
 
-  /**
-   * A YAML node that may contain sub-nodes.
-   *
-   * Actions are quite flexible in parsing YAML.
-   *
-   * For example:
-   * ```
-   * on: pull_request
-   * ```
-   * and
-   * ```
-   * on: [pull_request]
-   * ```
-   * and
-   * ```
-   * on:
-   *   pull_request:
-   * ```
-   *
-   * are equivalent.
-   */
-  class MappingOrSequenceOrScalar extends YAMLNode {
-    MappingOrSequenceOrScalar() {
-      this instanceof YAMLMapping
-      or
-      this instanceof YAMLSequence
-      or
-      this instanceof YAMLScalar
-    }
-
-    /** Gets sub-name identified by `name`. */
-    YAMLNode getNode(string name) {
-      exists(YAMLMapping mapping |
-        mapping = this and
-        result = mapping.lookup(name)
-      )
-      or
-      exists(YAMLSequence sequence, YAMLNode node |
-        sequence = this and
-        sequence.getAChildNode() = node and
-        node.eval().toString() = name and
-        result = node
-      )
-      or
-      exists(YAMLScalar scalar |
-        scalar = this and
-        scalar.getValue() = name and
-        result = scalar
-      )
-    }
-
-    /** Gets the number of elements in this mapping or sequence. */
-    int getElementCount() {
-      exists(YAMLMapping mapping |
-        mapping = this and
-        result = mapping.getNumChild() / 2
-      )
-      or
-      exists(YAMLSequence sequence |
-        sequence = this and
-        result = sequence.getNumChild()
-      )
-      or
-      exists(YAMLScalar scalar |
-        scalar = this and
-        result = 1
-      )
-    }
-  }
-
   /**
    * An Actions workflow. This is a mapping at the top level of an Actions YAML workflow file.
    * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
@@ -112,7 +42,7 @@ module Actions {
    * An Actions On trigger within a workflow.
    * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#on.
    */
-  class On extends YAMLNode, MappingOrSequenceOrScalar {
+  class On extends YAMLNode, YAMLMappingLikeNode {
     Workflow workflow;
 
     On() { workflow.lookup("on") = this }

javascript/ql/lib/semmle/javascript/YAML.qll

@@ -441,3 +441,74 @@ class YAMLParseError extends @yaml_error, Error {
 
   override string toString() { result = this.getMessage() }
 }
+
+/**
+ * A YAML node that may contain sub-nodes that can be identified by a name.
+ * I.e. a mapping, sequence, or scalar.
+ *
+ * Is used in e.g. GithHub Actions, which is quite flexible in parsing YAML.
+ *
+ * For example:
+ * ```
+ * on: pull_request
+ * ```
+ * and
+ * ```
+ * on: [pull_request]
+ * ```
+ * and
+ * ```
+ * on:
+ *   pull_request:
+ * ```
+ *
+ * are equivalent.
+ */
+class YAMLMappingLikeNode extends YAMLNode {
+  YAMLMappingLikeNode() {
+    this instanceof YAMLMapping
+    or
+    this instanceof YAMLSequence
+    or
+    this instanceof YAMLScalar
+  }
+
+  /** Gets sub-name identified by `name`. */
+  YAMLNode getNode(string name) {
+    exists(YAMLMapping mapping |
+      mapping = this and
+      result = mapping.lookup(name)
+    )
+    or
+    exists(YAMLSequence sequence, YAMLNode node |
+      sequence = this and
+      sequence.getAChildNode() = node and
+      node.eval().toString() = name and
+      result = node
+    )
+    or
+    exists(YAMLScalar scalar |
+      scalar = this and
+      scalar.getValue() = name and
+      result = scalar
+    )
+  }
+
+  /** Gets the number of elements in this mapping or sequence. */
+  int getElementCount() {
+    exists(YAMLMapping mapping |
+      mapping = this and
+      result = mapping.getNumChild() / 2
+    )
+    or
+    exists(YAMLSequence sequence |
+      sequence = this and
+      result = sequence.getNumChild()
+    )
+    or
+    exists(YAMLScalar scalar |
+      scalar = this and
+      result = 1
+    )
+  }
+}

javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql

@@ -78,7 +78,7 @@ class ProbableJob extends Actions::Job {
 /**
  * An action step that doesn't contain `actor` or `label` check in `if:` or
  */
-class ProbablePullRequestTarget extends Actions::On, Actions::MappingOrSequenceOrScalar {
+class ProbablePullRequestTarget extends Actions::On, YAMLMappingLikeNode {
   ProbablePullRequestTarget() {
     exists(YAMLNode prtNode |
       // The `on:` is triggered on `pull_request_target`
@@ -88,7 +88,7 @@ class ProbablePullRequestTarget extends Actions::On, Actions::MappingOrSequenceO
         not exists(prtNode.getAChild())
         or
         // or has the filter, that is something else than just [labeled]
-        exists(Actions::MappingOrSequenceOrScalar prt, Actions::MappingOrSequenceOrScalar types |
+        exists(YAMLMappingLikeNode prt, YAMLMappingLikeNode types |
           types = prt.getNode("types") and
           prtNode = prt and
           (