Merge pull request #62 from github/actions_download_artifact

feat(queries): Add actions/download-artifact as a source of Artifact Poisoning

Author: Alvaro Muñoz

ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll

@@ -18,11 +18,21 @@ abstract class UntrustedArtifactDownloadStep extends Step {
 
 class GitHubDownloadArtifactActionStep extends UntrustedArtifactDownloadStep, UsesStep {
   GitHubDownloadArtifactActionStep() {
-    // By default, the permissions are scoped so they can only download Artifacts within the current workflow run.
-    // To elevate permissions for this scenario, you can specify a github-token along with other repository and run identifiers
     this.getCallee() = "actions/download-artifact" and
-    this.getArgument("run-id").matches("%github.event.workflow_run.id%") and
-    exists(this.getArgument("github-token"))
+    (
+      // By default, the permissions are scoped so they can only download Artifacts within the current workflow run.
+      // To elevate permissions for this scenario, you can specify a github-token along with other repository and run identifiers
+      this.getArgument("run-id").matches("%github.event.workflow_run.id%") and
+      exists(this.getArgument("github-token"))
+      or
+      // There is an artifact upload step in the same workflow which can be influenced by an attacker on a checkout step
+      exists(UsesStep checkout, UsesStep upload |
+        this.getEnclosingWorkflow().getAJob().(LocalJob).getAStep() = checkout and
+        checkout.getCallee() = "actions/checkout" and
+        checkout.getAFollowingStep() = upload and
+        upload.getCallee() = "actions/upload-artifact"
+      )
+    )
   }
 
   override string getPath() {

ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning81.yml

@@ -0,0 +1,31 @@
+name: elevate
+on:
+  - pull_request_target 
+
+jobs:
+  job1:
+    runs-on: ubuntu-latest
+    permissions: 
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}          
+      - run: |
+          bash script.sh
+      - uses: actions/upload-artifact@v4
+        with:
+          name: results
+          path: results
+          retention-days: 1
+
+  job2:
+    runs-on: ubuntu-latest
+    needs: job1
+    permissions:                       
+      contents: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: results
+      - run: python test.py

ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning82.yml

@@ -0,0 +1,31 @@
+name: elevate
+on:
+  - pull_request
+
+jobs:
+  job1:
+    runs-on: ubuntu-latest
+    permissions: 
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}          
+      - run: |
+          bash script.sh
+      - uses: actions/upload-artifact@v4
+        with:
+          name: results
+          path: results
+          retention-days: 1
+
+  job2:
+    runs-on: ubuntu-latest
+    needs: job1
+    permissions:                       
+      contents: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: results
+      - run: python test.py

ql/test/query-tests/Security/CWE-829/ArtifactPoisoningCritical.expected

@@ -13,6 +13,8 @@ edges
 | .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | provenance |  |
 | .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | provenance |  |
 | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance |  |
+| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | provenance |  |
+| .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | provenance |  |
 nodes
 | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
@@ -42,6 +44,10 @@ nodes
 | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n |
 | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
+| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
+| .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
 subpaths
 #select
 | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
@@ -58,3 +64,4 @@ subpaths
 | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
 | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n |
 | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | sed -f config foo.md > bar.md\n |
+| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | python test.py |

ql/test/query-tests/Security/CWE-829/ArtifactPoisoningMedium.expected

@@ -13,6 +13,8 @@ edges
 | .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | provenance |  |
 | .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | provenance |  |
 | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance |  |
+| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | provenance |  |
+| .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | provenance |  |
 nodes
 | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
@@ -42,5 +44,10 @@ nodes
 | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n  echo 'JSON_RESPONSE<<EOF'\n  ls \| grep -E "*.(tar.gz\|zip)$"\n  echo EOF\n} >> "$GITHUB_ENV"\n |
 | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
 | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
+| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
+| .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | semmle.label | Uses Step |
+| .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | semmle.label | python test.py |
 subpaths
 #select
+| .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning82.yml:31:14:31:27 | python test.py | python test.py |

ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected

@@ -26,6 +26,12 @@ edges
 | .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step |
 | .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:9:23:29 | Run Step |
 | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:16:9:18:40 | Run Step |
+| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:14:9:16:6 | Run Step |
+| .github/workflows/artifactpoisoning81.yml:14:9:16:6 | Run Step | .github/workflows/artifactpoisoning81.yml:16:9:22:2 | Uses Step |
+| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:9:31:28 | Run Step |
+| .github/workflows/artifactpoisoning82.yml:11:9:14:6 | Uses Step | .github/workflows/artifactpoisoning82.yml:14:9:16:6 | Run Step |
+| .github/workflows/artifactpoisoning82.yml:14:9:16:6 | Run Step | .github/workflows/artifactpoisoning82.yml:16:9:22:2 | Uses Step |
+| .github/workflows/artifactpoisoning82.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning82.yml:31:9:31:28 | Run Step |
 | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step |
 | .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step |
 | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:37:9:40:6 | Run Step |

ql/test/query-tests/Security/CWE-829/UntrustedCheckoutMedium.expected

@@ -1,3 +1,5 @@
+| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
+| .github/workflows/artifactpoisoning82.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
 | .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
 | .github/workflows/dependabot1.yml:39:9:43:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
 | .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |