Handle multiple whitespaces in runner temp regex.

AdnaneKhan · Napalys · web-flow · commit 7be938c6c390 · 2025-07-10T12:22:14.000-04:00
Co-authored-by: Napalys Klicius &lt;napalys@github.com&gt;
diff --git a/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll b/actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll
@@ -264,7 +264,7 @@ class ArtifactPoisoningSink extends DataFlow::Node {
     download.getAFollowingStep() = poisonable and
     // excluding artifacts downloaded to the temporary directory
     not download.getPath().regexpMatch("^/tmp.*") and
-    not download.getPath().regexpMatch("^\\$\\{\\{\\s?runner\\.temp\\s?}}.*") and
+    not download.getPath().regexpMatch("^\\$\\{\\{\\s*runner\\.temp\\s*}}.*") and
     not download.getPath().regexpMatch("^\\$RUNNER_TEMP.*") and
     (
       poisonable.(Run).getScript() = this.asExpr() and

Original file line number	Diff line number	Diff line change
`@@ -264,7 +264,7 @@ class ArtifactPoisoningSink extends DataFlow::Node {`
`264`	`264`	`download.getAFollowingStep() = poisonable and`
`265`	`265`	`// excluding artifacts downloaded to the temporary directory`
`266`	`266`	`not download.getPath().regexpMatch("^/tmp.*") and`
`267`		`- not download.getPath().regexpMatch("^\\$\\{\\{\\s?runner\\.temp\\s?}}.*") and`
	`267`	`+ not download.getPath().regexpMatch("^\\$\\{\\{\\srunner\\.temp\\s}}.*") and`
`268`	`268`	`not download.getPath().regexpMatch("^\\$RUNNER_TEMP.*") and`
`269`	`269`	`(`
`270`	`270`	`poisonable.(Run).getScript() = this.asExpr() and`