Add cargo as poisonable step

Alvaro Muñoz · Alvaro Muñoz · commit b5dfda27fdc7 · 2024-06-24T12:45:24.000+02:00
diff --git a/ql/lib/codeql/actions/security/PoisonableSteps.qll b/ql/lib/codeql/actions/security/PoisonableSteps.qll
@@ -23,7 +23,7 @@ private string dangerousCommands() {
       "terraform apply", "gomplate ", "pre-commit run", "pre-commit install", "go generate",
       "msbuild ", "mvn ", "gradle ", "bundle install", "bundle exec ", "^ant ", "mkdocs build",
       "pytest", "pip install -r ", "pip install --requirement", "java -jar ", "poetry install",
-      "poetry run"
+      "poetry run", "cargo "
     ]
 }
 

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ private string dangerousCommands() {`
`23`	`23`	`"terraform apply", "gomplate ", "pre-commit run", "pre-commit install", "go generate",`
`24`	`24`	`"msbuild ", "mvn ", "gradle ", "bundle install", "bundle exec ", "^ant ", "mkdocs build",`
`25`	`25`	`"pytest", "pip install -r ", "pip install --requirement", "java -jar ", "poetry install",`
`26`		`- "poetry run"`
	`26`	`+ "poetry run", "cargo "`
`27`	`27`	`]`
`28`	`28`	`}`
`29`	`29`