File tree Expand file tree Collapse file tree 3 files changed +5
-5
lines changed
javascript/ql/src/experimental Expand file tree Collapse file tree 3 files changed +5
-5
lines changed Original file line number Diff line number Diff line change 1
1
/**
2
- * @name Injection from user-controlled Actions context
2
+ * @name Expression injection in Actions
3
3
* @description Using user-controlled GitHub Actions contexts like `run:` or `script:` may allow a malicious
4
4
* user to inject code into the GitHub action.
5
5
* @kind problem
Original file line number Diff line number Diff line change 1
1
/**
2
- * @name pull_request_target with explicit pull request checkout
3
- * @description Workflows triggered on `pull_request_target` have read/write tokens for the base repository and the access to secrets.
2
+ * @name Checkout of untrusted code in trusted context
3
+ * @description Workflows triggered on `pull_request_target` have read/write access to the base repository and access to secrets.
4
4
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
5
5
* that is able to push to the base repository and to access secrets.
6
6
* @kind problem
@@ -119,4 +119,4 @@ where
119
119
) and
120
120
step instanceof ProbableStep and
121
121
job instanceof ProbableJob
122
- select step , "Potential unsafe checkout of untrusted pull request on `pull_request_target`"
122
+ select step , "Potential unsafe checkout of untrusted pull request on `pull_request_target`"
Original file line number Diff line number Diff line change @@ -12,7 +12,7 @@ import javascript
12
12
module Actions {
13
13
/** A YAML node in a GitHub Actions workflow file. */
14
14
private class Node extends YAMLNode {
15
- Node ( ) { this .getLocation ( ) .getFile ( ) .getRelativePath ( ) .matches ( " .github/workflows/%") }
15
+ Node ( ) { this .getLocation ( ) .getFile ( ) .getRelativePath ( ) .matches ( [ "experimental/Security/CWE-829/ .github/workflows/%", ".github/workflows/%" ] ) }
16
16
}
17
17
18
18
/**
You can’t perform that action at this time.
0 commit comments