You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ql/src/Security/CWE-077/EnvPathInjectionCritical.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,17 +2,19 @@
2
2
3
3
## Description
4
4
5
-
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file will prepend a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job. E.g.
5
+
GitHub Actions allow to define the system PATH variable by writing to a file pointed by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
6
+
7
+
E.g.:
6
8
7
9
```bash
8
10
echo"$HOME/.local/bin">>$GITHUB_PATH
9
11
```
10
12
11
-
If an attacker can control the contents of the path being assigned to the system PATH, they will be able to influence what commands are run in subsequen steps of the same job.
13
+
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
12
14
13
15
## Recommendations
14
16
15
-
-Do Not Allow Untrusted Data to Influence The System PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
17
+
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
Copy file name to clipboardExpand all lines: ql/src/Security/CWE-077/EnvPathInjectionMedium.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,17 +2,19 @@
2
2
3
3
## Description
4
4
5
-
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file will prepend a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job. E.g.
5
+
GitHub Actions allow to define the system PATH variable by writing to a file pointed by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
6
+
7
+
E.g.:
6
8
7
9
```bash
8
10
echo"$HOME/.local/bin">>$GITHUB_PATH
9
11
```
10
12
11
-
If an attacker can control the contents of the path being assigned to the system PATH, they will be able to influence what commands are run in subsequen steps of the same job.
13
+
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
12
14
13
15
## Recommendations
14
16
15
-
-Do Not Allow Untrusted Data to Influence The System PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
17
+
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
0 commit comments