hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add full stop at the end of each reference

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-06-26 14:51:14 +01:00
parent 297cdb53aa
commit 10bb88825e
28 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.md
View File

@@ -34,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References ## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions) - [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

2
actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.md
View File

@@ -34,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References ## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions) - [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

4
actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.md
View File

@@ -111,5 +111,5 @@ An attacker is be able to run arbitrary code by injecting environment variables
## References ## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions) - [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation) - [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

4
actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md
View File

@@ -111,5 +111,5 @@ An attacker would be able to run arbitrary code by injecting environment variabl
## References ## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions) - [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation) - [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

2
actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.md
View File

@@ -8,4 +8,4 @@ Either remove the component from the workflow or upgrade it to a version that is
## References ## References
- [GitHub Docs: Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot) - [GitHub Docs: Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot).

2
actions/ql/src/Security/CWE-275/MissingActionsPermissions.md
View File

@@ -36,4 +36,4 @@ jobs:
## References ## References
- [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs) - [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs).

2
actions/ql/src/Security/CWE-285/ImproperAccessControl.md
View File

@@ -55,4 +55,4 @@ jobs:
## References ## References
- [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target) - [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target).

4
actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.md
View File

@@ -46,5 +46,5 @@ env:
## References ## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow) - [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).
- [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md) - [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md).

2
actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md
View File

@@ -32,4 +32,4 @@ Avoid defining non-plain secrets. For example, do not define a new secret contai
## References ## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow) - [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).

6
actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.md
View File

@@ -76,6 +76,6 @@ jobs:
## References ## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/) - [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) - [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/) - [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

6
actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.md
View File

@@ -121,6 +121,6 @@ jobs:
## References ## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/) - [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) - [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/) - [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

6
actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.md
View File

@@ -78,6 +78,6 @@ jobs:
## References ## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/) - [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows) - [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/) - [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

2
actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.md
View File

@@ -97,4 +97,4 @@ jobs:
## References ## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU) - [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

2
actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.md
View File

@@ -97,4 +97,4 @@ jobs:
## References ## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU) - [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

2
actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.md
View File

@@ -58,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References ## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173) - [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173).

2
actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.md
View File

@@ -58,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References ## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173) - [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173).

2
actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md
View File

@@ -67,4 +67,4 @@ jobs:
## References ## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) - [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

2
actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md
View File

@@ -67,4 +67,4 @@ jobs:
## References ## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) - [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

2
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.md
View File

@@ -22,4 +22,4 @@ Pinning an action to a full length commit SHA is currently the only way to use a
## References ## References
- [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md
View File

@@ -132,4 +132,4 @@ jobs:
## References ## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) - [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md
View File

@@ -132,4 +132,4 @@ jobs:
## References ## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) - [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md
View File

@@ -132,4 +132,4 @@ jobs:
## References ## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) - [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

2
actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.md
View File

@@ -8,4 +8,4 @@ If there is no reason to have a custom configuration switch to the CodeQL defaul
## References ## References
- [GitHub Docs: Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository) - [GitHub Docs: Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository).

8
actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.md
View File

@@ -33,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR/g;1e whoami;#` and the
## References ## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html). - Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/) - [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/) - [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- [GTFOBins](https://gtfobins.github.io/) - [GTFOBins](https://gtfobins.github.io/).

8
actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.md
View File

@@ -33,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR|g;1e whoami;#` and the
## References ## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html). - Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/) - [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/) - [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- [GTFOBins](https://gtfobins.github.io/) - [GTFOBins](https://gtfobins.github.io/).

2
actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md
View File

@@ -23,4 +23,4 @@ For internal users: when using [immutable actions](https://github.com/github/pac
## References ## References
- [Consuming immutable actions]() - [Consuming immutable actions]().

4
docs/query-help-style-guide.md
View File

@@ -242,8 +242,8 @@ tab width settings cannot be taken into account.
## References ## References
* Java SE Documentation: [Compound Statements](https://www.oracle.com/java/technologies/javase/codeconventions-statements.html#15395) * Java SE Documentation: [Compound Statements](https://www.oracle.com/java/technologies/javase/codeconventions-statements.html#15395).
* Wikipedia: [Indentation style](https://en.wikipedia.org/wiki/Indentation_style) * Wikipedia: [Indentation style](https://en.wikipedia.org/wiki/Indentation_style).
```` ````
### XML example ### XML example

4
ruby/ql/src/queries/variables/UninitializedLocal.md
View File

@@ -38,5 +38,5 @@ end
## References ## References
- https://www.rubyguides.com/: [Nil](https://www.rubyguides.com/2018/01/ruby-nil/) - https://www.rubyguides.com/: [Nil](https://www.rubyguides.com/2018/01/ruby-nil/).
- https://ruby-doc.org/: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html) - https://ruby-doc.org/: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html).