Merge branch 'toctou_refinements' of https://github.com/github/codeql-actions into toctou_refinements

Alvaro Muñoz · Alvaro Muñoz · commit 84d4c573f998 · 2024-05-16T16:14:48.000+02:00
diff --git a/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql b/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
@@ -15,7 +15,7 @@ import actions
 import codeql.actions.security.UntrustedCheckoutQuery
 import codeql.actions.security.PoisonableSteps
 
-from ControlCheck check, MutableRefCheckoutStep checkout
+from LabelControlCheck check, MutableRefCheckoutStep checkout
 where
   // the mutable checkout step is protected by an access check
   check = [checkout.getIf(), checkout.getEnclosingJob().getIf()] and
diff --git a/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql b/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
@@ -15,7 +15,7 @@ import actions
 import codeql.actions.security.UntrustedCheckoutQuery
 import codeql.actions.security.PoisonableSteps
 
-from ControlCheck check, MutableRefCheckoutStep checkout
+from LabelControlCheck check, MutableRefCheckoutStep checkout
 where
   // the mutable checkout step is protected by an access check
   check = [checkout.getIf(), checkout.getEnclosingJob().getIf()] and
