Apply suggestions from code review

Co-authored-by: Erik Krogh Kristensen <[email protected]>

Author: JarLob

javascript/ql/src/experimental/Security/CWE-829/expression_injection.ql

@@ -1,5 +1,5 @@
 /**
- * @name Injection from user-controlled Actions context
+ * @name Expression injection in Actions
  * @description Using user-controlled GitHub Actions contexts like `run:` or `script:` may allow a malicious
  *              user to inject code into the GitHub action.
  * @kind problem

javascript/ql/src/experimental/Security/CWE-829/pull_request_target.ql

@@ -1,6 +1,6 @@
 /**
- * @name pull_request_target with explicit pull request checkout
- * @description Workflows triggered on `pull_request_target` have read/write tokens for the base repository and the access to secrets.
+ * @name Checkout of untrusted code in trusted context
+ * @description Workflows triggered on `pull_request_target` have read/write access to the base repository and access to secrets.
  *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
  *              that is able to push to the base repository and to access secrets.
  * @kind problem
@@ -119,4 +119,4 @@ where
   ) and
   step instanceof ProbableStep and
   job instanceof ProbableJob
-select step, "Potential unsafe checkout of untrusted pull request on `pull_request_target`"
+select step, "Potential unsafe checkout of untrusted pull request on `pull_request_target`"

javascript/ql/src/experimental/semmle/javascript/Actions.qll

@@ -12,7 +12,7 @@ import javascript
 module Actions {
   /** A YAML node in a GitHub Actions workflow file. */
   private class Node extends YAMLNode {
-    Node() { this.getLocation().getFile().getRelativePath().matches(".github/workflows/%") }
+    Node() { this.getLocation().getFile().getRelativePath().matches(["experimental/Security/CWE-829/.github/workflows/%", ".github/workflows/%"]) }
   }
 
   /**