Skip to content

Commit d13a937

Browse files
author
Alvaro Muñoz
committed
Update Cache Poisoning
1 parent ba4dd2b commit d13a937

File tree

2 files changed

+55
-0
lines changed

2 files changed

+55
-0
lines changed

ql/test/query-tests/Security/CWE-349/.github/workflows/test19.yml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
name: Close Translation Pull Requests
2+
3+
on:
4+
pull_request_target:
5+
branches: [ master, main, dev ]
6+
7+
jobs:
8+
9+
close-translation-prs:
10+
11+
name: Close Translation Pull Requests
12+
runs-on: ubuntu-latest
13+
14+
steps:
15+
- name: Get changed files
16+
id: modified_files
17+
uses: trilom/[email protected]
18+
with:
19+
output: ","
20+
21+
- name: Check the PR for translations
22+
id: check
23+
run: |
24+
shopt -s nocasematch
25+
if [[ "${{ steps.modified_files.outputs.files_modified }}" == *"en_gb/strings.po"* ]]; then
26+
echo "Found modified en_gb, likely a valid PR"
27+
unset CLOSE
28+
elif [[ "${{ steps.modified_files.outputs.files_modified }}" == *"strings.po"* ]]; then
29+
echo "Found modified strings.po, unwanted."
30+
CLOSE="true"
31+
elif [[ "${{ steps.modified_files.outputs.files_added }}" == *"strings.po"* ]]; then
32+
echo "Found added strings.po, unwanted."
33+
CLOSE="true"
34+
elif [[ "${{ steps.modified_files.outputs.files_removed }}" == *"strings.po"* ]]; then
35+
echo "Found removed strings.po, unwanted."
36+
CLOSE="true"
37+
else
38+
echo "No strings.po were modified or added, not a translation."
39+
unset CLOSE
40+
fi
41+
echo ::set-output name=close::${CLOSE}
42+

ql/test/query-tests/Security/CWE-349/CachePoisoningByCodeInjection.expected

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,20 @@
11
edges
2+
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:25:18:25:67 | steps.modified_files.outputs.files_modified | provenance | |
3+
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:28:20:28:69 | steps.modified_files.outputs.files_modified | provenance | |
4+
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:31:20:31:66 | steps.modified_files.outputs.files_added | provenance | |
5+
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:34:20:34:68 | steps.modified_files.outputs.files_removed | provenance | |
26
nodes
37
| .github/workflows/test9.yml:11:17:11:48 | github.event.comment.body | semmle.label | github.event.comment.body |
48
| .github/workflows/test10.yml:11:17:11:48 | github.event.comment.body | semmle.label | github.event.comment.body |
9+
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | semmle.label | Uses Step: modified_files |
10+
| .github/workflows/test19.yml:25:18:25:67 | steps.modified_files.outputs.files_modified | semmle.label | steps.modified_files.outputs.files_modified |
11+
| .github/workflows/test19.yml:28:20:28:69 | steps.modified_files.outputs.files_modified | semmle.label | steps.modified_files.outputs.files_modified |
12+
| .github/workflows/test19.yml:31:20:31:66 | steps.modified_files.outputs.files_added | semmle.label | steps.modified_files.outputs.files_added |
13+
| .github/workflows/test19.yml:34:20:34:68 | steps.modified_files.outputs.files_removed | semmle.label | steps.modified_files.outputs.files_removed |
514
subpaths
615
#select
716
| .github/workflows/test9.yml:11:17:11:48 | github.event.comment.body | .github/workflows/test9.yml:11:17:11:48 | github.event.comment.body | .github/workflows/test9.yml:11:17:11:48 | github.event.comment.body | Unprivileged code injection in $@, which may lead to cache poisoning. | .github/workflows/test9.yml:11:17:11:48 | github.event.comment.body | ${{ github.event.comment.body }} |
17+
| .github/workflows/test19.yml:25:18:25:67 | steps.modified_files.outputs.files_modified | .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:25:18:25:67 | steps.modified_files.outputs.files_modified | Unprivileged code injection in $@, which may lead to cache poisoning. | .github/workflows/test19.yml:25:18:25:67 | steps.modified_files.outputs.files_modified | ${{ steps.modified_files.outputs.files_modified }} |
18+
| .github/workflows/test19.yml:28:20:28:69 | steps.modified_files.outputs.files_modified | .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:28:20:28:69 | steps.modified_files.outputs.files_modified | Unprivileged code injection in $@, which may lead to cache poisoning. | .github/workflows/test19.yml:28:20:28:69 | steps.modified_files.outputs.files_modified | ${{ steps.modified_files.outputs.files_modified }} |
19+
| .github/workflows/test19.yml:31:20:31:66 | steps.modified_files.outputs.files_added | .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:31:20:31:66 | steps.modified_files.outputs.files_added | Unprivileged code injection in $@, which may lead to cache poisoning. | .github/workflows/test19.yml:31:20:31:66 | steps.modified_files.outputs.files_added | ${{ steps.modified_files.outputs.files_added }} |
20+
| .github/workflows/test19.yml:34:20:34:68 | steps.modified_files.outputs.files_removed | .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:34:20:34:68 | steps.modified_files.outputs.files_removed | Unprivileged code injection in $@, which may lead to cache poisoning. | .github/workflows/test19.yml:34:20:34:68 | steps.modified_files.outputs.files_removed | ${{ steps.modified_files.outputs.files_removed }} |

0 commit comments

Comments
 (0)