Skip to content

Commit 72e0851

Browse files
author
Alvaro Muñoz
committed
Update metadata for Secrets in Artifact query
1 parent 5e92026 commit 72e0851

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

ql/src/Security/CWE-312/SecretsInArtifacts.ql

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
/**
2-
* @name Secret In Artifacts
3-
* @description Secrets are exposed in GitHub Artifacts
2+
* @name Storage of sensitive information in GitHub Actions artifact
3+
* @description Including sensitive information in a GitHub Actions artifact can
4+
* expose it to an attacker.
45
* @kind problem
56
* @problem.severity error
6-
* @security-severity 9.0
7+
* @security-severity 7.5
78
* @precision high
89
* @id actions/secrets-in-artifacts
910
* @tags actions

ql/test/query-tests/Security/CWE-312/SecretsInArtifacts.expected

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
| .github/workflows/secrets-in-artifacts.yml:9:9:14:2 | Uses Step | A secret is exposed in a public artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:9:9:14:2 | Uses Step | actions/upload-artifact |
2-
| .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | A secret is exposed in a public artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | actions/upload-artifact |
3-
| .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | A secret is exposed in a public artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | actions/upload-artifact |
4-
| .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | A secret is exposed in a public artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | actions/upload-artifact |
1+
| .github/workflows/secrets-in-artifacts.yml:9:9:14:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:9:9:14:2 | Uses Step | actions/upload-artifact |
2+
| .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | actions/upload-artifact |
3+
| .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | actions/upload-artifact |
4+
| .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | actions/upload-artifact |

0 commit comments

Comments
 (0)