hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 05:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from github/separate_sources

Browse Source 
Split sources by taint type
This commit is contained in:
Alvaro Muñoz
2024-04-28 12:04:02 +02:00
committed by GitHub
parent 27d0a3406d 831b8cfaa6
commit 186f9d018d
34 changed files with 406 additions and 809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ql/lib/codeql/actions/Ast.qll
View File

@@ -46,18 +46,39 @@ module Utils {
bindingset[var]
private string multilineAssignmentRegex(string var) {
// eg:
// echo "PR_TITLE<<EOF" >> $GITHUB_ENV
// echo "$TITLE" >> $GITHUB_ENV
// echo "EOF" >> $GITHUB_ENV
result =
".*(echo|Write-Output)\\s+(.*)<<\\s*([A-Z]*)EOF(.+)(echo|Write-Output)\\s+(\"|')?([A-Z]*)EOF(\"|')?\\s*>>\\s*(\"|')?\\$(\\{)?GITHUB_"
".*(echo|Write-Output)\\s+(.*)<<[\\-]*\\s*([A-Z]*)EOF(.+)(echo|Write-Output)\\s+(\"|')?([A-Z]*)EOF(\"|')?\\s*>>\\s*(\"|')?\\$(\\{)?GITHUB_"
+ var.toUpperCase() + "(\\})?(\"|')?.*"
}
bindingset[var]
private string multilineBlockAssignmentRegex(string var) {
// eg:
// {
// echo 'JSON_RESPONSE<<EOF'
// echo "$TITLE" >> "$GITHUB_ENV"
// echo EOF
// } >> "$GITHUB_ENV"
result =
".*\\{(\\s|::NEW_LINE::)*(echo|Write-Output)\\s+(.*)<<\\s*([A-Z]*)EOF(.+)(echo|Write-Output)\\s+(\"|')?([A-Z]*)EOF(\"|')?(\\s|::NEW_LINE::)*\\}\\s*>>\\s*(\"|')?\\$(\\{)?GITHUB_"
".*\\{(\\s|::NEW_LINE::)*(echo|Write-Output)\\s+(.*)<<[\\-]*\\s*([A-Z]*)EOF(.+)(echo|Write-Output)\\s+(\"|')?([A-Z]*)EOF(\"|')?(\\s|::NEW_LINE::)*\\}\\s*>>\\s*(\"|')?\\$(\\{)?GITHUB_"
+ var.toUpperCase() + "(\\})?(\"|')?.*"
}
bindingset[var]
private string multilineHereDocAssignmentRegex(string var) {
// eg:
// cat <<-EOF >> "$GITHUB_ENV"
// echo "FOO=$TITLE"
// EOF
result =
".*cat\\s*<<[\\-]*\\s*[A-Z]*EOF\\s*>>\\s*[\"']*\\$[\\{]*GITHUB_.*" + var.toUpperCase() +
"[\\}]*[\"']*.*(echo|Write-Output)\\s+([^=]+)=(.*)::NEW_LINE::.*EOF.*"
}
bindingset[script, var]
predicate extractMultilineAssignment(string script, string var, string key, string value) {
// multiline assignment
@@ -87,6 +108,19 @@ module Utils {
.splitAt("\n") + ")" and
key = trimQuotes(flattenedScript.regexpCapture(multilineBlockAssignmentRegex(var), 3))
)
or
// multiline heredoc assignment
exists(string flattenedScript |
flattenedScript = script.replaceAll("\n", "::NEW_LINE::") and
value =
trimQuotes(flattenedScript.regexpCapture(multilineHereDocAssignmentRegex(var), 3))
.regexpReplaceAll("\\s*>>\\s*(\"|')?\\$(\\{)?GITHUB_" + var.toUpperCase() +
"(\\})?(\"|')?", "")
.replaceAll("::NEW_LINE::", "\n")
.trim()
.splitAt("\n") and
key = trimQuotes(flattenedScript.regexpCapture(multilineHereDocAssignmentRegex(var), 2))
)
}
bindingset[line]

248
ql/lib/codeql/actions/dataflow/FlowSources.qll
View File

@@ -1,5 +1,3 @@
private import actions
private import codeql.actions.DataFlow
private import codeql.actions.dataflow.ExternalFlow
private import codeql.actions.security.ArtifactPoisoningQuery
@@ -22,53 +20,17 @@ abstract class RemoteFlowSource extends SourceNode {
}
bindingset[context]
private predicate isExternalUserControlled(string context) {
exists(string reg | reg = "github\\.event" |
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate isExternalUserControlledIssue(string context) {
exists(string reg | reg = ["github\\.event\\.issue\\.title", "github\\.event\\.issue\\.body"] |
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate isExternalUserControlledPullRequest(string context) {
exists(string reg |
reg =
[
"github\\.event\\.pull_request\\.title", "github\\.event\\.pull_request\\.body",
"github\\.event\\.pull_request\\.head\\.label",
"github\\.event\\.pull_request\\.head\\.repo\\.default_branch",
"github\\.event\\.pull_request\\.head\\.repo\\.description",
"github\\.event\\.pull_request\\.head\\.repo\\.homepage",
"github\\.event\\.pull_request\\.head\\.ref", "github\\.head_ref"
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate isExternalUserControlledReview(string context) {
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp("github\\.event\\.review\\.body"))
}
bindingset[context]
private predicate isExternalUserControlledComment(string context) {
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp("github\\.event\\.comment\\.body"))
}
bindingset[context]
private predicate isExternalUserControlledGollum(string context) {
private predicate titleEvent(string context) {
exists(string reg |
reg =
[
// title
"github\\.event\\.issue\\.title", // issue
"github\\.event\\.pull_request\\.title", // pull request
"github\\.event\\.discussion\\.title", // discussion
"github\\.event\\.pages\\[[0-9]+\\]\\.page_name",
"github\\.event\\.pages\\[[0-9]+\\]\\.title"
"github\\.event\\.pages\\[[0-9]+\\]\\.title",
"github\\.event\\.workflow_run\\.display_title", // The event-specific title associated with the run or the run-name if set, or the value of run-name if it is set in the workflow.
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -76,19 +38,12 @@ private predicate isExternalUserControlledGollum(string context) {
}
bindingset[context]
private predicate isExternalUserControlledCommit(string context) {
private predicate urlEvent(string context) {
exists(string reg |
reg =
[
"github\\.event\\.commits\\[[0-9]+\\]\\.message", "github\\.event\\.head_commit\\.message",
"github\\.event\\.head_commit\\.author\\.email",
"github\\.event\\.head_commit\\.author\\.name",
"github\\.event\\.head_commit\\.committer\\.email",
"github\\.event\\.head_commit\\.committer\\.name",
"github\\.event\\.commits\\[[0-9]+\\]\\.author\\.email",
"github\\.event\\.commits\\[[0-9]+\\]\\.author\\.name",
"github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.email",
"github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.name",
// url
"github\\.event\\.pull_request\\.head\\.repo\\.homepage",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -96,32 +51,71 @@ private predicate isExternalUserControlledCommit(string context) {
}
bindingset[context]
private predicate isExternalUserControlledDiscussion(string context) {
private predicate textEvent(string context) {
exists(string reg |
reg = ["github\\.event\\.discussion\\.title", "github\\.event\\.discussion\\.body"]
reg =
[
// text
"github\\.event\\.issue\\.body", // body
"github\\.event\\.pull_request\\.body", // body
"github\\.event\\.discussion\\.body", // body
"github\\.event\\.review\\.body", // body
"github\\.event\\.comment\\.body", // body
"github\\.event\\.commits\\[[0-9]+\\]\\.message", // messsage
"github\\.event\\.head_commit\\.message", // message
"github\\.event\\.workflow_run\\.head_commit\\.message", // message
"github\\.event\\.pull_request\\.head\\.repo\\.description", // description
"github\\.event\\.workflow_run\\.head_repository\\.description", // description
"github\\.event\\.client_payload\\[[0-9]+\\]", // payload
"github\\.event\\.client_payload", // payload
"github\\.event\\.inputs\\[[0-9]+\\]", // input
"github\\.event\\.inputs", // input
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate isExternalUserControlledWorkflowRun(string context) {
private predicate repoNameEvent(string context) {
exists(string reg |
reg =
[
"github\\.event\\.workflow\\.path", "github\\.event\\.workflow_run\\.head_branch",
"github\\.event\\.workflow_run\\.display_title",
// repo name
// Owner: All characters must be either a hyphen (-) or alphanumeric
// Repo: All code points must be either a hyphen (-), an underscore (_), a period (.), or an ASCII alphanumeric code point
"github\\.event\\.workflow_run\\.pull_requests\\[[0-9]+\\]\\.head\\.repo\\.name", // repo name
"github\\.event\\.workflow_run\\.head_repository\\.name", // repo name
"github\\.event\\.workflow_run\\.head_repository\\.full_name", // nwo
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate branchEvent(string context) {
exists(string reg |
reg =
[
// branch
// https://docs.github.com/en/get-started/using-git/dealing-with-special-characters-in-branch-and-tag-names
// - They can include slash / for hierarchical (directory) grouping, but no slash-separated component can begin with a dot . or end with the sequence .lock.
// - They must contain at least one /
// - They cannot have two consecutive dots .. anywhere.
// - They cannot have ASCII control characters (i.e. bytes whose values are lower than \040, or \177 DEL), space, tilde ~, caret ^, or colon : anywhere.
// - They cannot have question-mark ?, asterisk *, or open bracket [ anywhere.
// - They cannot begin or end with a slash / or contain multiple consecutive slashes
// - They cannot end with a dot .
// - They cannot contain a sequence @{
// - They cannot be the single character @
// - They cannot contain a \
// eg: zzz";echo${IFS}"hello";# would be a valid branch name
"github\\.event\\.pull_request\\.head\\.repo\\.default_branch",
"github\\.event\\.pull_request\\.head\\.ref", "github\\.head_ref",
"github\\.event\\.workflow_run\\.head_branch",
"github\\.event\\.workflow_run\\.head_branch",
"github\\.event\\.workflow_run\\.head_repository\\.description",
"github\\.event\\.workflow_run\\.head_repository\\.full_name",
"github\\.event\\.workflow_run\\.head_repository\\.name",
"github\\.event\\.workflow_run\\.head_commit\\.message",
"github\\.event\\.workflow_run\\.head_commit\\.author\\.email",
"github\\.event\\.workflow_run\\.head_commit\\.author\\.name",
"github\\.event\\.workflow_run\\.head_commit\\.committer\\.email",
"github\\.event\\.workflow_run\\.head_commit\\.committer\\.name",
"github\\.event\\.workflow_run\\.pull_requests\\[[0-9]+\\]\\.head\\.ref",
"github\\.event\\.workflow_run\\.pull_requests\\[[0-9]+\\]\\.head\\.repo\\.name",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
@@ -129,45 +123,115 @@ private predicate isExternalUserControlledWorkflowRun(string context) {
}
bindingset[context]
private predicate isExternalUserControlledRepositoryDispatch(string context) {
private predicate labelEvent(string context) {
exists(string reg |
reg = ["github\\.event\\.client_payload\\[[0-9]+\\]", "github\\.event\\.client_payload",]
reg =
[
// label
// - They cannot contain a escaping \
"github\\.event\\.pull_request\\.head\\.label",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate isExternalUserControlledWorkflowDispatch(string context) {
exists(string reg | reg = ["github\\.event\\.inputs\\[[0-9]+\\]", "github\\.event\\.inputs",] |
private predicate emailEvent(string context) {
exists(string reg |
reg =
[
// email
// `echo${IFS}hello`@domain.com
"github\\.event\\.head_commit\\.author\\.email",
"github\\.event\\.head_commit\\.committer\\.email",
"github\\.event\\.commits\\[[0-9]+\\]\\.author\\.email",
"github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.email",
"github\\.event\\.workflow_run\\.head_commit\\.author\\.email",
"github\\.event\\.workflow_run\\.head_commit\\.committer\\.email",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
private class EventSource extends RemoteFlowSource {
bindingset[context]
private predicate usernameEvent(string context) {
exists(string reg |
reg =
[
// username
// All characters must be either a hyphen (-) or alphanumeric
"github\\.event\\.head_commit\\.author\\.name",
"github\\.event\\.head_commit\\.committer\\.name",
"github\\.event\\.commits\\[[0-9]+\\]\\.author\\.name",
"github\\.event\\.commits\\[[0-9]+\\]\\.committer\\.name",
"github\\.event\\.workflow_run\\.head_commit\\.author\\.name",
"github\\.event\\.workflow_run\\.head_commit\\.committer\\.name",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate pathEvent(string context) {
exists(string reg |
reg =
[
// filename
"github\\.event\\.workflow\\.path",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
bindingset[context]
private predicate jsonEvent(string context) {
exists(string reg |
reg =
[
// json
"github\\.event",
]
|
Utils::normalizeExpr(context).regexpMatch(Utils::wrapRegexp(reg))
)
}
class EventSource extends RemoteFlowSource {
string flag;
EventSource() {
exists(Expression e, string context | this.asExpr() = e and context = e.getExpression() |
isExternalUserControlled(context) or
isExternalUserControlledIssue(context) or
isExternalUserControlledPullRequest(context) or
isExternalUserControlledReview(context) or
isExternalUserControlledComment(context) or
isExternalUserControlledGollum(context) or
isExternalUserControlledCommit(context) or
isExternalUserControlledDiscussion(context) or
isExternalUserControlledWorkflowRun(context) or
isExternalUserControlledRepositoryDispatch(context) or
isExternalUserControlledWorkflowDispatch(context)
titleEvent(context) and flag = "title"
or
urlEvent(context) and flag = "url"
or
textEvent(context) and flag = "text"
or
branchEvent(context) and flag = "branch"
or
labelEvent(context) and flag = "label"
or
emailEvent(context) and flag = "email"
or
usernameEvent(context) and flag = "username"
or
pathEvent(context) and flag = "filename"
or
jsonEvent(context) and flag = "json"
)
}
override string getSourceType() { result = "User-controlled events" }
override string getSourceType() { result = flag }
}
/**
* A Source of untrusted data defined in a MaD specification
*/
private class ExternallyDefinedSource extends RemoteFlowSource {
class ExternallyDefinedSource extends RemoteFlowSource {
string sourceType;
ExternallyDefinedSource() { externallyDefinedSource(this, sourceType, _) }
@@ -178,19 +242,19 @@ private class ExternallyDefinedSource extends RemoteFlowSource {
/**
* An input for a Composite Action
*/
private class CompositeActionInputSource extends RemoteFlowSource {
class CompositeActionInputSource extends RemoteFlowSource {
CompositeAction c;
CompositeActionInputSource() { c.getAnInput() = this.asExpr() }
override string getSourceType() { result = "Composite action input" }
override string getSourceType() { result = "input" }
}
/**
* A downloadeded artifact.
*/
private class ArtifactToOptionSource extends RemoteFlowSource {
ArtifactToOptionSource() { this.asExpr() instanceof UntrustedArtifactDownloadStep }
private class ArtifactSource extends RemoteFlowSource {
ArtifactSource() { this.asExpr() instanceof UntrustedArtifactDownloadStep }
override string getSourceType() { result = "Step output from Artifact" }
override string getSourceType() { result = "artifact" }
}

13
ql/lib/codeql/actions/security/EnvVarInjectionQuery.qll
View File

@@ -7,14 +7,6 @@ import codeql.actions.DataFlow
abstract class EnvVarInjectionSink extends DataFlow::Node { }
// predicate envVarInjectionFromEnvVarSink(DataFlow::Node sink) {
// exists(Expression expr, Run run, string varName, string key, string value |
// expr = run.getInScopeEnvVarExpr(varName) and
// Utils::writeToGitHubEnv(run, key, value) and
// expr = sink.asExpr() and
// value.matches("%$" + ["", "{", "ENV{"] + varName + "%")
// )
// }
class EnvVarInjectionFromEnvVarSink extends EnvVarInjectionSink {
EnvVarInjectionFromEnvVarSink() {
exists(Run run, Expression expr, string varname, string key, string value |
@@ -47,7 +39,10 @@ class EnvVarInjectionFromMaDSink extends EnvVarInjectionSink {
* that is used to construct and evaluate an environment variable.
*/
private module EnvVarInjectionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource and
not source.(RemoteFlowSource).getSourceType() = "branch"
}
predicate isSink(DataFlow::Node sink) { sink instanceof EnvVarInjectionSink }
}

4
ql/lib/ext/ahmadnassri_action-changed-files.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["ahmadnassri/action-changed-files", "*", "output.files", "PR changed files", "manual"]
- ["ahmadnassri/action-changed-files", "*", "output.json", "PR changed files", "manual"]
- ["ahmadnassri/action-changed-files", "*", "output.files", "filename", "manual"]
- ["ahmadnassri/action-changed-files", "*", "output.json", "json", "manual"]

2
ql/lib/ext/amannn_action-semantic-pull-request.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["amannn/action-semantic-pull-request", "*", "output.error_message", "PR title", "manual"]
- ["amannn/action-semantic-pull-request", "*", "output.error_message", "text", "manual"]

2
ql/lib/ext/cypress-io_github-action.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["cypress-io/github-action", "*", "env.GH_BRANCH", "PR branch", "manual"]
- ["cypress-io/github-action", "*", "env.GH_BRANCH", "branch", "manual"]

2
ql/lib/ext/dawidd6_action-download-artifact.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["dawidd6/action-download-artifact", "*", "output.artifacts", "Artifact details", "manual"]
- ["dawidd6/action-download-artifact", "*", "output.artifacts", "artifact", "manual"]

2
ql/lib/ext/dorny_paths-filter.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["dorny/paths-filter", "*", "output.changes", "PR changed files", "manual"]
- ["dorny/paths-filter", "*", "output.changes", "filename", "manual"]

4
ql/lib/ext/franzdiebold_github-env-vars-action.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "PR body", "manual"]
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "PR title", "manual"]
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "text", "manual"]
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "title", "manual"]

2
ql/lib/ext/generated/composite-actions/googlecloudplatform_dataflowtemplates.model.yml
View File

@@ -8,4 +8,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["googlecloudplatform/magic-modules", "*", "output.changed-files", "PR changed files", "manual"]
- ["googlecloudplatform/magic-modules", "*", "output.changed-files", "filename", "manual"]

2
ql/lib/ext/generated/reusable-workflows/puppeteer_puppeteer.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["puppeteer/puppeteer/.github/workflows/changed-packages.yml", "*", "output.changes", "Changed files", "manual"]
- ["puppeteer/puppeteer/.github/workflows/changed-packages.yml", "*", "output.changes", "filename", "manual"]

14
ql/lib/ext/jitterbit_get-changed-files.model.yml
View File

@@ -3,10 +3,10 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["jitterbit/get-changed-files", "*", "output.all", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.added", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.modified", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.removed", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.renamed", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.added_modified", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.deleted", "PR changed files", "manual"]
- ["jitterbit/get-changed-files", "*", "output.all", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.added", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.modified", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.removed", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.renamed", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.added_modified", "filename", "manual"]
- ["jitterbit/get-changed-files", "*", "output.deleted", "filename", "manual"]

4
ql/lib/ext/khan_pull-request-comment-trigger.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body", "manual"]
- ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body", "manual"]
- ["khan/pull-request-comment-trigger", "*", "output.comment_body", "text", "manual"]
- ["khan/pull-request-comment-trigger", "*", "output.comment_body", "text", "manual"]

2
ql/lib/ext/marocchino_on_artifact.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["marocchino/on_artifact", "*", "output.*", "Downloaded artifact", "manual"]
- ["marocchino/on_artifact", "*", "output.*", "artifact", "manual"]

2
ql/lib/ext/redhat-plumbers-in-action_download-artifact.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["redhat-plumbers-in-action/download-artifact", "*", "output.*", "Downloaded artifact", "manual"]
- ["redhat-plumbers-in-action/download-artifact", "*", "output.*", "artifact", "manual"]

6
ql/lib/ext/tj-actions_branch-names.model.yml
View File

@@ -4,7 +4,7 @@ extensions:
extensible: sourceModel
data:
# https://github.com/tj-actions/branch-names
- ["tj-actions/branch-names", "*", "output.current_branch", "PR current branch", "manual"]
- ["tj-actions/branch-names", "*", "output.head_ref_branch", "PR head branch", "manual"]
- ["tj-actions/branch-names", "*", "output.ref_branch", "Branch tirggering workflow run", "manual"]
- ["tj-actions/branch-names", "*", "output.current_branch", "branch", "manual"]
- ["tj-actions/branch-names", "*", "output.head_ref_branch", "branch", "manual"]
- ["tj-actions/branch-names", "*", "output.ref_branch", "branch", "manual"]

34
ql/lib/ext/tj-actions_changed-files.model.yml
View File

@@ -3,20 +3,20 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["tj-actions/changed-files", "*", "output.added_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.copied_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.deleted_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.modified_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.renamed_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.type_changed_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.unmerged_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.unknown_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.all_changed_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.other_changed_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.all_modified_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.other_modified_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.other_deleted_files", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.modified_keys", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.changed_keys", "PR changed files", "manual"]
- ["tj-actions/changed-files", "*", "output.added_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.copied_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.deleted_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.modified_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.renamed_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.type_changed_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.unmerged_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.unknown_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.all_changed_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.other_changed_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.all_modified_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.other_modified_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.other_deleted_files", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.modified_keys", "filename", "manual"]
- ["tj-actions/changed-files", "*", "output.changed_keys", "filename", "manual"]

2
ql/lib/ext/tj-actions_verify-changed-files.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["tj-actions/verify-changed-files", "*", "output.changed-files", "PR changed files", "manual"]
- ["tj-actions/verify-changed-files", "*", "output.changed-files", "filename", "manual"]

8
ql/lib/ext/trilom_file-changes-action.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["trilom/file-changes-action", "*", "output.files", "PR changed files", "manual"]
- ["trilom/file-changes-action", "*", "output.files_added", "PR changed files", "manual"]
- ["trilom/file-changes-action", "*", "output.files_modified", "PR changed files", "manual"]
- ["trilom/file-changes-action", "*", "output.files_removed", "PR changed files", "manual"]
- ["trilom/file-changes-action", "*", "output.files", "filename", "manual"]
- ["trilom/file-changes-action", "*", "output.files_added", "filename", "manual"]
- ["trilom/file-changes-action", "*", "output.files_modified", "filename", "manual"]
- ["trilom/file-changes-action", "*", "output.files_removed", "filename", "manual"]

2
ql/lib/ext/tzkhan_pr-update-action.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["tzkhan/pr-update-action", "*", "output.headMatch", "", "manual"]
- ["tzkhan/pr-update-action", "*", "output.headMatch", "branch", "manual"]

4
ql/lib/ext/xt0rted_slash-command-action.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: githubsecuritylab/actions-all
extensible: sourceModel
data:
- ["xt0rted/slash-command-action", "*", "output.command-arguments", "", "manual"]
- ["xt0rted/slash-command-action", "*", "output.command-arguments", "", "manual"]
- ["xt0rted/slash-command-action", "*", "output.command-arguments", "text", "manual"]
- ["xt0rted/slash-command-action", "*", "output.command-arguments", "text", "manual"]

2
ql/lib/qlpack.yml
View File

@@ -2,7 +2,7 @@
library: true
warnOnImplicitThis: true
name: githubsecuritylab/actions-all
version: 0.0.18
version: 0.0.19
dependencies:
codeql/util: ^0.2.0
codeql/yaml: ^0.1.2

8
ql/src/Security/CWE-077/EnvPathInjection.ql
View File

@@ -20,11 +20,19 @@ from EnvPathInjectionFlow::PathNode source, EnvPathInjectionFlow::PathNode sink
where
EnvPathInjectionFlow::flowPath(source, sink) and
(
// sink belongs to a composite action
exists(sink.getNode().asExpr().getEnclosingCompositeAction())
or
// sink belongs to a non-privileged job
exists(Job j |
j = sink.getNode().asExpr().getEnclosingJob() and
not j.isPrivileged()
) and
(
not source.getNode().(RemoteFlowSource).getSourceType() = "artifact"
or
source.getNode().(RemoteFlowSource).getSourceType() = "artifact" and
sink.getNode() instanceof EnvPathInjectionFromFileReadSink
)
)
select sink.getNode(), source, sink,

15
ql/src/Security/CWE-077/EnvVarInjection.ql
View File

@@ -16,16 +16,29 @@ import actions
import codeql.actions.security.EnvVarInjectionQuery
import EnvVarInjectionFlow::PathGraph
predicate artifactToFileRead(DataFlow::Node source, DataFlow::Node sink) {
(
not source.(RemoteFlowSource).getSourceType() = "artifact"
or
source.(RemoteFlowSource).getSourceType() = "artifact" and
sink instanceof EnvVarInjectionFromFileReadSink
)
}
from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink
where
EnvVarInjectionFlow::flowPath(source, sink) and
(
// sink belongs to a composite action
exists(sink.getNode().asExpr().getEnclosingCompositeAction())
or
// sink belongs to a non-privileged job
exists(Job j |
j = sink.getNode().asExpr().getEnclosingJob() and
not j.isPrivileged()
)
) and
// exclude paths to file read sinks from non-artifact sources
artifactToFileRead(source.getNode(), sink.getNode())
)
select sink.getNode(), source, sink,
"Potential environment variable injection in $@, which may be controlled by an external user.",

10
ql/src/Security/CWE-077/PrivilegedEnvPathInjection.ql
View File

@@ -19,9 +19,13 @@ import EnvPathInjectionFlow::PathGraph
from EnvPathInjectionFlow::PathNode source, EnvPathInjectionFlow::PathNode sink
where
EnvPathInjectionFlow::flowPath(source, sink) and
exists(Job j |
j = sink.getNode().asExpr().getEnclosingJob() and
j.isPrivileged()
// sink belongs to a privileged job
sink.getNode().asExpr().getEnclosingJob().isPrivileged() and
(
not source.getNode().(RemoteFlowSource).getSourceType() = "artifact"
or
source.getNode().(RemoteFlowSource).getSourceType() = "artifact" and
sink.getNode() instanceof EnvPathInjectionFromFileReadSink
)
select sink.getNode(), source, sink,
"Potential privileged PATH environment variable injection in $@, which may be controlled by an external user.",

17
ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql
View File

@@ -16,13 +16,22 @@ import actions
import codeql.actions.security.EnvVarInjectionQuery
import EnvVarInjectionFlow::PathGraph
predicate artifactToFileRead(DataFlow::Node source, DataFlow::Node sink) {
(
not source.(RemoteFlowSource).getSourceType() = "artifact"
or
source.(RemoteFlowSource).getSourceType() = "artifact" and
sink instanceof EnvVarInjectionFromFileReadSink
)
}
from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink
where
EnvVarInjectionFlow::flowPath(source, sink) and
exists(Job j |
j = sink.getNode().asExpr().getEnclosingJob() and
j.isPrivileged()
)
// sink belongs to a privileged job
sink.getNode().asExpr().getEnclosingJob().isPrivileged() and
// exclude paths to file read sinks from non-artifact sources
artifactToFileRead(source.getNode(), sink.getNode())
select sink.getNode(), source, sink,
"Potential privileged environment variable injection in $@, which may be controlled by an external user.",
sink, sink.getNode().toString()

2
ql/src/qlpack.yml
View File

@@ -1,7 +1,7 @@
---
library: false
name: githubsecuritylab/actions-queries
version: 0.0.18
version: 0.0.19
groups:
- actions
- queries

598
ql/test/library-tests/test.actual
View File

@@ -1,598 +0,0 @@
files
| .github/workflows/expression_nodes.yml:0:0:0:0 | .github/workflows/expression_nodes.yml |
| .github/workflows/multiline.yml:0:0:0:0 | .github/workflows/multiline.yml |
| .github/workflows/test.yml:0:0:0:0 | .github/workflows/test.yml |
workflows
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/test.yml:1:1:40:53 | on: push |
reusableWorkflows
compositeActions
jobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
localJobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
extJobs
steps
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
runSteps
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | echo ${{needs.job1.outputs.job_output}} |
runExprs
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
uses
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
stepUses
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
usesArgs
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | source | .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
runStepChildren
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step | .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step | .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step | .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step | .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:26:13:26:23 | simplesink1 |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:28:13:28:23 | simplesink2 |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:39:13:39:16 | sink |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
parentNodes
| .github/workflows/expression_nodes.yml:1:5:1:17 | issue_comment | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:5:14:5:26 | ubuntu-latest | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:5:14:5:26 | ubuntu-latest | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' | .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body | .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body | .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' | .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' | .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' | .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/multiline.yml:3:17:3:22 | Prev | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:5:9:5:17 | completed | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:9:14:9:26 | ubuntu-latest | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:9:14:9:26 | ubuntu-latest | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n | .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n | .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n | .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) | .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:5:14:5:26 | ubuntu-latest | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:5:14:5:26 | ubuntu-latest | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:19:8:49 | ${{ steps.step.outputs.value }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:8:19:8:49 | ${{ steps.step.outputs.value }} | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:19:8:49 | ${{ steps.step.outputs.value }} | .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value | .github/workflows/test.yml:8:19:8:49 | ${{ steps.step.outputs.value }} |
| .github/workflows/test.yml:11:9:15:6 | Uses Step | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:11:15:11:33 | actions/checkout@v4 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:11:15:11:33 | actions/checkout@v4 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:11:15:11:33 | actions/checkout@v4 | .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:13:24:13:24 | 0 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:13:24:13:24 | 0 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:13:24:13:24 | 0 | .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:15:15:15:31 | Get changed files | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:15:15:15:31 | Get changed files | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:15:15:15:31 | Get changed files | .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:16:13:16:18 | source | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:16:13:16:18 | source | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:16:13:16:18 | source | .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:17:15:17:42 | tj-actions/changed-files@v40 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:17:15:17:42 | tj-actions/changed-files@v40 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:17:15:17:42 | tj-actions/changed-files@v40 | .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:19:15:19:43 | Remove foo from changed files | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:19:15:19:43 | Remove foo from changed files | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:19:15:19:43 | Remove foo from changed files | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:20:13:20:16 | step | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:20:13:20:16 | step | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:20:13:20:16 | step | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:21:15:21:55 | mad9000/actions-find-and-replace-string@3 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:21:15:21:55 | mad9000/actions-find-and-replace-string@3 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:21:15:21:55 | mad9000/actions-find-and-replace-string@3 | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:19:23:63 | ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:23:19:23:63 | ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:23:19:23:63 | ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:23:19:23:63 | ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:24:17:24:21 | foo | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:24:17:24:21 | foo | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:24:17:24:21 | foo | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:25:20:25:21 | | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:25:20:25:21 | | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:25:20:25:21 | | .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:26:13:26:23 | simplesink1 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:26:13:26:23 | simplesink1 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:26:13:26:23 | simplesink1 | .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:28:13:28:23 | simplesink2 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:28:13:28:23 | simplesink2 | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:28:13:28:23 | simplesink2 | .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} | .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} | .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref | .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:32:14:32:26 | ubuntu-latest | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:32:14:32:26 | ubuntu-latest | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:34:9:34:23 | ${{ always() }} |
| .github/workflows/test.yml:34:9:34:23 | ${{ always() }} | .github/workflows/test.yml:34:9:34:23 | ${{ always() }} |
| .github/workflows/test.yml:34:10:34:24 | always() | .github/workflows/test.yml:34:9:34:23 | ${{ always() }} |
| .github/workflows/test.yml:34:11:34:25 | always() | .github/workflows/test.yml:34:9:34:23 | ${{ always() }} |
| .github/workflows/test.yml:36:12:36:15 | job1 | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:36:12:36:15 | job1 | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:36:12:36:15 | job1 | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:36:12:36:15 | job1 | .github/workflows/test.yml:36:12:36:15 | job1 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:13:39:16 | sink | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:39:13:39:16 | sink | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:13:39:16 | sink | .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} | .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} | .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output | .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
cfgNodes
| .github/workflows/expression_nodes.yml:1:1:21:47 | enter on: issue_comment |
| .github/workflows/expression_nodes.yml:1:1:21:47 | exit on: issue_comment |
| .github/workflows/expression_nodes.yml:1:1:21:47 | exit on: issue_comment (normal) |
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline.yml:1:1:33:14 | enter on: |
| .github/workflows/multiline.yml:1:1:33:14 | exit on: |
| .github/workflows/multiline.yml:1:1:33:14 | exit on: (normal) |
| .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/test.yml:1:1:40:53 | enter on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push (normal) |
| .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value |
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
dfNodes
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value |
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
argumentNodes
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
usesIds
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source | source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | step |
nodeLocations
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber | .github/workflows/expression_nodes.yml:5:5:21:47 | .github/workflows/expression_nodes.yml@5:5:21:47 |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | .github/workflows/expression_nodes.yml:7:9:8:6 | .github/workflows/expression_nodes.yml@7:9:8:6 |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' | .github/workflows/expression_nodes.yml:7:14:7:58 | .github/workflows/expression_nodes.yml@7:14:7:58 |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body | .github/workflows/expression_nodes.yml:7:27:7:58 | .github/workflows/expression_nodes.yml@7:27:7:58 |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | .github/workflows/expression_nodes.yml:8:9:10:6 | .github/workflows/expression_nodes.yml@8:9:10:6 |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:8:14:9:57 | .github/workflows/expression_nodes.yml@8:14:9:57 |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:9:25:9:56 | .github/workflows/expression_nodes.yml@9:25:9:56 |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:10:9:13:6 | .github/workflows/expression_nodes.yml@10:9:13:6 |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:10:14:12:53 | .github/workflows/expression_nodes.yml@10:14:12:53 |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:11:25:11:56 | .github/workflows/expression_nodes.yml@11:25:11:56 |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:12:24:12:51 | .github/workflows/expression_nodes.yml@12:24:12:51 |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:13:9:16:6 | .github/workflows/expression_nodes.yml@13:9:16:6 |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:13:14:15:46 | .github/workflows/expression_nodes.yml@13:14:15:46 |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:14:9:15:46 | .github/workflows/expression_nodes.yml@14:9:15:46 |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:14:9:15:46 | .github/workflows/expression_nodes.yml@14:9:15:46 |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:16:9:20:6 | .github/workflows/expression_nodes.yml@16:9:20:6 |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:16:14:19:57 | .github/workflows/expression_nodes.yml@16:14:19:57 |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:17:25:17:56 | .github/workflows/expression_nodes.yml@17:25:17:56 |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:18:24:18:51 | .github/workflows/expression_nodes.yml@18:24:18:51 |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body | .github/workflows/expression_nodes.yml:19:24:19:55 | .github/workflows/expression_nodes.yml@19:24:19:55 |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:9:21:47 | .github/workflows/expression_nodes.yml@20:9:21:47 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test | .github/workflows/multiline.yml:9:5:33:14 | .github/workflows/multiline.yml@9:5:33:14 |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step | .github/workflows/multiline.yml:11:9:15:6 | .github/workflows/multiline.yml@11:9:15:6 |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:11:14:14:48 | .github/workflows/multiline.yml@11:14:14:48 |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step | .github/workflows/multiline.yml:15:9:20:6 | .github/workflows/multiline.yml@15:9:20:6 |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:15:14:19:40 | .github/workflows/multiline.yml@15:14:19:40 |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step | .github/workflows/multiline.yml:20:9:24:6 | .github/workflows/multiline.yml@20:9:24:6 |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:20:14:23:40 | .github/workflows/multiline.yml@20:14:23:40 |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step | .github/workflows/multiline.yml:24:9:30:6 | .github/workflows/multiline.yml@24:9:30:6 |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:24:14:29:29 | .github/workflows/multiline.yml@24:14:29:29 |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | .github/workflows/multiline.yml:30:9:33:14 | .github/workflows/multiline.yml@30:9:33:14 |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n | .github/workflows/multiline.yml:30:14:33:14 | .github/workflows/multiline.yml@30:14:33:14 |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) | .github/workflows/multiline.yml:32:13:32:39 | .github/workflows/multiline.yml@32:13:32:39 |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 | .github/workflows/test.yml:5:5:31:2 | .github/workflows/test.yml@5:5:31:2 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:8:7:10:4 | .github/workflows/test.yml@8:7:10:4 |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value | .github/workflows/test.yml:8:20:8:50 | .github/workflows/test.yml@8:20:8:50 |
| .github/workflows/test.yml:11:9:15:6 | Uses Step | .github/workflows/test.yml:11:9:15:6 | .github/workflows/test.yml@11:9:15:6 |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source | .github/workflows/test.yml:15:9:19:6 | .github/workflows/test.yml@15:9:19:6 |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | .github/workflows/test.yml:19:9:26:6 | .github/workflows/test.yml@19:9:26:6 |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:23:20:23:64 | .github/workflows/test.yml@23:20:23:64 |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:26:9:28:6 | .github/workflows/test.yml@26:9:28:6 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:27:14:27:63 | .github/workflows/test.yml@27:14:27:63 |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:27:20:27:64 | .github/workflows/test.yml@27:20:27:64 |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:28:9:31:2 | .github/workflows/test.yml@28:9:31:2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} | .github/workflows/test.yml:29:14:29:54 | .github/workflows/test.yml@29:14:29:54 |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref | .github/workflows/test.yml:29:15:29:55 | .github/workflows/test.yml@29:15:29:55 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 | .github/workflows/test.yml:32:5:40:53 | .github/workflows/test.yml@32:5:40:53 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:39:9:40:53 | .github/workflows/test.yml@39:9:40:53 |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} | .github/workflows/test.yml:40:14:40:52 | .github/workflows/test.yml@40:14:40:52 |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output | .github/workflows/test.yml:40:20:40:53 | .github/workflows/test.yml@40:20:40:53 |
scopes
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/test.yml:1:1:40:53 | on: push |
sources
| ahmadnassri/action-changed-files | * | output.files | PR changed files | manual |
| ahmadnassri/action-changed-files | * | output.json | PR changed files | manual |
| amannn/action-semantic-pull-request | * | output.error_message | PR title | manual |
| cypress-io/github-action | * | env.GH_BRANCH | PR branch | manual |
| dawidd6/action-download-artifact | * | output.artifacts | Artifact details | manual |
| dorny/paths-filter | * | output.changes | PR changed files | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_DESCRIPTION | PR body | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_TITLE | PR title | manual |
| googlecloudplatform/magic-modules | * | output.changed-files | PR changed files | manual |
| jitterbit/get-changed-files | * | output.added | PR changed files | manual |
| jitterbit/get-changed-files | * | output.added_modified | PR changed files | manual |
| jitterbit/get-changed-files | * | output.all | PR changed files | manual |
| jitterbit/get-changed-files | * | output.deleted | PR changed files | manual |
| jitterbit/get-changed-files | * | output.modified | PR changed files | manual |
| jitterbit/get-changed-files | * | output.removed | PR changed files | manual |
| jitterbit/get-changed-files | * | output.renamed | PR changed files | manual |
| khan/pull-request-comment-trigger | * | output.comment_body | Comment body | manual |
| marocchino/on_artifact | * | output.* | Downloaded artifact | manual |
| puppeteer/puppeteer/.github/workflows/changed-packages.yml | * | output.changes | Changed files | manual |
| redhat-plumbers-in-action/download-artifact | * | output.* | Downloaded artifact | manual |
| tj-actions/branch-names | * | output.current_branch | PR current branch | manual |
| tj-actions/branch-names | * | output.head_ref_branch | PR head branch | manual |
| tj-actions/branch-names | * | output.ref_branch | Branch tirggering workflow run | manual |
| tj-actions/changed-files | * | output.added_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_changed_and_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_old_new_renamed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.changed_keys | PR changed files | manual |
| tj-actions/changed-files | * | output.copied_files | PR changed files | manual |
| tj-actions/changed-files | * | output.deleted_files | PR changed files | manual |
| tj-actions/changed-files | * | output.modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.modified_keys | PR changed files | manual |
| tj-actions/changed-files | * | output.other_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.other_deleted_files | PR changed files | manual |
| tj-actions/changed-files | * | output.other_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.renamed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.type_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.unknown_files | PR changed files | manual |
| tj-actions/changed-files | * | output.unmerged_files | PR changed files | manual |
| tj-actions/verify-changed-files | * | output.changed-files | PR changed files | manual |
| trilom/file-changes-action | * | output.files | PR changed files | manual |
| trilom/file-changes-action | * | output.files_added | PR changed files | manual |
| trilom/file-changes-action | * | output.files_modified | PR changed files | manual |
| trilom/file-changes-action | * | output.files_removed | PR changed files | manual |
| tzkhan/pr-update-action | * | output.headMatch | | manual |
| xt0rted/slash-command-action | * | output.command-arguments | | manual |
summaries
| akhileshns/heroku-deploy | * | input.branch | output.status | taint | manual |
| android-actions/setup-android | * | input.cmdline-tools-version | output.ANDROID_COMMANDLINE_TOOLS_VERSION | taint | manual |
| apache/incubator-kie-tools | * | input.pnpm_filter_string | output.pnpm_filter_string | taint | manual |
| apple-actions/import-codesign-certs | * | input.keychain-password | output.keychain-password | taint | manual |
| ashley-taylor/read-json-property-action | * | input.json | output.value | taint | manual |
| ashley-taylor/regex-property-action | * | input.replacement | output.value | taint | manual |
| ashley-taylor/regex-property-action | * | input.value | output.value | taint | manual |
| aszc/change-string-case-action | * | input.replace-with | output.lowercase | taint | manual |
| aszc/change-string-case-action | * | input.replace-with | output.uppercase | taint | manual |
| aszc/change-string-case-action | * | input.string | output.capitalized | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-access-key-id | env.AWS_ACCESS_KEY_ID | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-access-key-id | secret.AWS_ACCESS_KEY_ID | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-secret-access-key | env.AWS_SECRET_ACCESS_KEY | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-secret-access-key | secret.AWS_SECRET_ACCESS_KEY | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-session-token | env.AWS_SESSION_TOKEN | taint | manual |
| aws-actions/configure-aws-credentials | * | input.aws-session-token | secret.AWS_SESSION_TOKEN | taint | manual |
| aws-powertools/powertools-lambda-python | * | input.artifact_name_prefix | output.artifact_name | taint | manual |
| bobheadxi/deployments | * | input.env | output.env | taint | manual |
| bufbuild/buf-breaking-action | * | input.buf_token | env.BUF_TOKEN | taint | manual |
| bufbuild/buf-lint-action | * | input.buf_token | env.BUF_TOKEN | taint | manual |
| cachix/cachix-action | * | input.signingKey | env.CACHIX_SIGNING_KEY | taint | manual |
| cloudposse/github-action-matrix-outputs-write/.github/workflows/setup-test.yml | * | input.matrix-key | output.result | taint | manual |
| coursier/cache-action | * | input.path | env.COURSIER_CACHE | taint | manual |
| crazy-max/ghaction-import-gpg | * | input.fingerprint | output.fingerprint | taint | manual |
| csexton/release-asset-action | * | input.release-url | output.url | taint | manual |
| delaguardo/setup-clojure | * | input.boot | env.BOOT_VERSION | taint | manual |
| drawpile/drawpile | * | input.cache_key | output.cache_key | taint | manual |
| drawpile/drawpile | * | input.path | output.path | taint | manual |
| element-hq/element-desktop/.github/workflows/build_prepare.yaml | * | input.deploy | output.deploy | taint | manual |
| envoyproxy/envoy/.github/workflows/_load.yml | * | input.check-name | output.check-name | taint | manual |
| envoyproxy/envoy/.github/workflows/_load.yml | * | input.run-id | output.run-id | taint | manual |
| flagsmith/flagsmith | * | input.aws_ecr_repository_arn | output.image | taint | manual |
| frabert/replace-string-action | * | input.replace-with | output.replaced | taint | manual |
| frabert/replace-string-action | * | input.string | output.replaced | taint | manual |
| game-ci/unity-test-runner | * | input.artifactsPath | output.artifactsPath | taint | manual |
| getsentry/action-release | * | input.version | output.version | taint | manual |
| getsentry/action-release | * | input.version_prefix | output.version | taint | manual |
| github/codeql-action | * | input.output | output.sarif-output | taint | manual |
| gradle/gradle-build-action | * | input.build-scan-terms-of-service-agree | env.BUILD_SCAN_TERMS_OF_SERVICE_AGREE | taint | manual |
| gradle/gradle-build-action | * | input.build-scan-terms-of-service-url | env.BUILD_SCAN_TERMS_OF_SERVICE_URL | taint | manual |
| gradle/gradle-build-action | * | input.cache-encryption-key | env.GRADLE_ENCRYPTION_KEY | taint | manual |
| hashgraph/hedera-services/.github/workflows/zxc-publish-production-image.yaml | * | input.version | output.docker-image | taint | manual |
| hashgraph/hedera-services/.github/workflows/zxc-publish-production-image.yaml | * | input.version | output.docker-image-tag | taint | manual |
| hashicorp/vault | * | input.vault-binary-path | output.vault-binary-path | taint | manual |
| hashicorp/vault | * | input.vault-version | output.vault-version | taint | manual |
| hashicorp/vault/.github/workflows/build-artifacts-ce.yml | * | input.vault-revision | output.testable-containers | taint | manual |
| hashicorp/vault/.github/workflows/build-artifacts-ce.yml | * | input.vault-version-package | output.testable-packages | taint | manual |
| haya14busa/action-cond | * | input.if_false | output.value | taint | manual |
| haya14busa/action-cond | * | input.if_true | output.value | taint | manual |
| hexlet/project-action | * | input.mount-path | env.PWD | taint | manual |
| hitobito/hitobito/.github/workflows/stage-settings.yml | * | input.repository | output.project | taint | manual |
| hitobito/hitobito/.github/workflows/stage-settings.yml | * | input.repository | output.repo_name | taint | manual |
| hitobito/hitobito/.github/workflows/stage-settings.yml | * | input.repository | output.repo_url | taint | manual |
| hitobito/hitobito/.github/workflows/stage-settings.yml | * | input.stage | output.release_stage | taint | manual |
| jhipster/generator-jhipster | * | input.skip-workflow | output.skip-workflow | taint | manual |
| jsdaniell/create-json | * | input.dir | output.successfully | taint | manual |
| jsdaniell/create-json | * | input.json | output.successfully | taint | manual |
| jsdaniell/create-json | * | input.name | output.successfully | taint | manual |
| jwalton/gh-ecr-push | * | input.image | output.imageUrl | taint | manual |
| kubeshop/botkube/.github/workflows/process-chart.yml | * | input.next-version | output.new-version | taint | manual |
| larsoner/circleci-artifacts-redirector-action | * | input.artifact-path | output.url | taint | manual |
| linkerd/linkerd2 | * | input.component | output.image | taint | manual |
| linkerd/linkerd2 | * | input.docker-registry | output.image | taint | manual |
| linkerd/linkerd2 | * | input.tag | output.image | taint | manual |
| mad9000/actions-find-and-replace-string | * | input.replace | output.value | taint | manual |
| mad9000/actions-find-and-replace-string | * | input.source | output.value | taint | manual |
| mattdavis0351/actions | * | input.image-name | output.imageUrl | taint | manual |
| mattdavis0351/actions | * | input.tag | output.imageUrl | taint | manual |
| metro-digital/setup-tools-for-waas | * | input.gcp_sa_key | env.GCLOUD_PROJECT | taint | manual |
| mishakav/pytest-coverage-comment | * | input.multiple-files | output.summaryReport | taint | manual |
| mymindstorm/setup-emsdk | * | input.actions-cache-folder | env.EMSDK | taint | manual |
| neondatabase/neon/.github/workflows/build-build-tools-image.yml | * | input.image-tag | output.image | taint | manual |
| neondatabase/neon/.github/workflows/build-build-tools-image.yml | * | input.image-tag | output.image-tag | taint | manual |
| novuhq/novu | * | input.docker_name | output.image | taint | manual |
| philosowaffle/peloton-to-garmin | * | input.os | output.artifact_name | taint | manual |
| ruby/setup-ruby | * | input.ruby-version | output.ruby-prefix | taint | manual |
| salsify/action-detect-and-tag-new-version | * | input.tag-template | output.tag | taint | manual |
| shallwefootball/upload-s3-action | * | input.destination_dir | output.object_key | taint | manual |
| shogo82148/actions-setup-perl | * | input.working-directory | env.PERL5LIB | taint | manual |
| streetsidesoftware/cspell | * | input.value | output.value | taint | manual |
| streetsidesoftware/cspell/.github/workflows/reuseable-load-integrations-repo-list.yml | * | input.ref | output.ref | taint | manual |
| suisei-cn/actions-download-file | * | input.filename | output.filename | taint | manual |
| tencent/hippy/.github/workflows/reuse_approve_checks_run.yml | * | input.pull_request_head_sha | output.pull_request_head_sha | taint | manual |
| tencent/hippy/.github/workflows/reuse_approve_checks_run.yml | * | input.pull_request_number | output.pull_request_number | taint | manual |
| timheuer/base64-to-file | * | input.fileDir | output.filePath | taint | manual |
| timheuer/base64-to-file | * | input.fileName | output.filePath | taint | manual |
| zitadel/zitadel/.github/workflows/container.yml | * | input.build_image_name | output.build_image | taint | manual |
calls
| .github/workflows/test.yml:11:9:15:6 | Uses Step | actions/checkout |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source | tj-actions/changed-files |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | mad9000/actions-find-and-replace-string |
needs
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
testNormalizeExpr
| foo['bar'] == baz | foo.bar == baz |
| github.event.pull_request.user["login"] | github.event.pull_request.user.login |
| github.event.pull_request.user['login'] | github.event.pull_request.user.login |
| github.event.pull_request['user']['login'] | github.event.pull_request.user.login |
writeToGitHubEnv
| id1 | $(<pr-id1.txt) |
| id2 | $(<pr-id2.txt) |
| id3 | $(<pr-id3.txt) |
| sha1 | $(<test-results1/sha-number) |
| sha2 | $(<test-results2/sha-number) |
| sha3 | $(<test-results3/sha-number) |
writeToGitHubOutput
| id1 | $(<pr-id1.txt) |
| id2 | $(<pr-id2.txt) |
| id3 | $(<pr-id3.txt) |
| sha1 | $(<test-results1/sha-number) |
| sha2 | $(<test-results2/sha-number) |
| sha3 | $(<test-results3/sha-number) |
| sha4 | $(<test-results4/sha-number) |
| sha5 | $(<test-results5/sha-number) |
| sha6 | $(<test-results6/sha-number) |

136
ql/test/library-tests/test.expected
View File

@@ -256,20 +256,26 @@ cfgNodes
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline.yml:1:1:33:14 | enter on: |
@@ -278,10 +284,15 @@ cfgNodes
| .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/test.yml:1:1:40:53 | enter on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push |
@@ -295,37 +306,51 @@ cfgNodes
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
dfNodes
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node |
@@ -335,11 +360,14 @@ dfNodes
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
argumentNodes
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files |
@@ -349,28 +377,39 @@ usesIds
nodeLocations
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber | .github/workflows/expression_nodes.yml:5:5:21:47 | .github/workflows/expression_nodes.yml@5:5:21:47 |
| .github/workflows/expression_nodes.yml:7:9:8:6 | Run Step | .github/workflows/expression_nodes.yml:7:9:8:6 | .github/workflows/expression_nodes.yml@7:9:8:6 |
| .github/workflows/expression_nodes.yml:7:14:7:58 | LINE 1echo '${{ github.event.comment.body }}' | .github/workflows/expression_nodes.yml:7:14:7:58 | .github/workflows/expression_nodes.yml@7:14:7:58 |
| .github/workflows/expression_nodes.yml:7:27:7:58 | github.event.comment.body | .github/workflows/expression_nodes.yml:7:27:7:58 | .github/workflows/expression_nodes.yml@7:27:7:58 |
| .github/workflows/expression_nodes.yml:8:9:10:6 | Run Step | .github/workflows/expression_nodes.yml:8:9:10:6 | .github/workflows/expression_nodes.yml@8:9:10:6 |
| .github/workflows/expression_nodes.yml:8:14:9:57 | LINE 1 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:8:14:9:57 | .github/workflows/expression_nodes.yml@8:14:9:57 |
| .github/workflows/expression_nodes.yml:9:25:9:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:9:25:9:56 | .github/workflows/expression_nodes.yml@9:25:9:56 |
| .github/workflows/expression_nodes.yml:10:9:13:6 | Run Step | .github/workflows/expression_nodes.yml:10:9:13:6 | .github/workflows/expression_nodes.yml@10:9:13:6 |
| .github/workflows/expression_nodes.yml:10:14:12:53 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:10:14:12:53 | .github/workflows/expression_nodes.yml@10:14:12:53 |
| .github/workflows/expression_nodes.yml:11:25:11:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:11:25:11:56 | .github/workflows/expression_nodes.yml@11:25:11:56 |
| .github/workflows/expression_nodes.yml:12:24:12:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:12:24:12:51 | .github/workflows/expression_nodes.yml@12:24:12:51 |
| .github/workflows/expression_nodes.yml:13:9:16:6 | Run Step | .github/workflows/expression_nodes.yml:13:9:16:6 | .github/workflows/expression_nodes.yml@13:9:16:6 |
| .github/workflows/expression_nodes.yml:13:14:15:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}'\n | .github/workflows/expression_nodes.yml:13:14:15:46 | .github/workflows/expression_nodes.yml@13:14:15:46 |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:14:9:15:46 | .github/workflows/expression_nodes.yml@14:9:15:46 |
| .github/workflows/expression_nodes.yml:14:9:15:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:14:9:15:46 | .github/workflows/expression_nodes.yml@14:9:15:46 |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | .github/workflows/expression_nodes.yml:16:9:20:6 | .github/workflows/expression_nodes.yml@16:9:20:6 |
| .github/workflows/expression_nodes.yml:16:14:19:57 | LINE 1 echo '${{ github.event.comment.body }}'\nLINE 2 echo '${{github.event.issue.body}}'\nLINE 3 echo '${{ github.event.comment.body }}'\n | .github/workflows/expression_nodes.yml:16:14:19:57 | .github/workflows/expression_nodes.yml@16:14:19:57 |
| .github/workflows/expression_nodes.yml:17:25:17:56 | github.event.comment.body | .github/workflows/expression_nodes.yml:17:25:17:56 | .github/workflows/expression_nodes.yml@17:25:17:56 |
| .github/workflows/expression_nodes.yml:18:24:18:51 | github.event.issue.body | .github/workflows/expression_nodes.yml:18:24:18:51 | .github/workflows/expression_nodes.yml@18:24:18:51 |
| .github/workflows/expression_nodes.yml:19:24:19:55 | github.event.comment.body | .github/workflows/expression_nodes.yml:19:24:19:55 | .github/workflows/expression_nodes.yml@19:24:19:55 |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:9:21:47 | .github/workflows/expression_nodes.yml@20:9:21:47 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.comment.body | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body | .github/workflows/expression_nodes.yml:20:14:21:46 | .github/workflows/expression_nodes.yml@20:14:21:46 |
| .github/workflows/multiline.yml:9:5:33:14 | Job: Test | .github/workflows/multiline.yml:9:5:33:14 | .github/workflows/multiline.yml@9:5:33:14 |
| .github/workflows/multiline.yml:11:9:15:6 | Run Step | .github/workflows/multiline.yml:11:9:15:6 | .github/workflows/multiline.yml@11:9:15:6 |
| .github/workflows/multiline.yml:11:14:14:48 | echo "changelog<<CHANGELOGEOF" >> $GITHUB_OUTPUT\necho -e "$FILTERED_CHANGELOG" >> $GITHUB_OUTPUT\necho "CHANGELOGEOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:11:14:14:48 | .github/workflows/multiline.yml@11:14:14:48 |
| .github/workflows/multiline.yml:15:9:20:6 | Run Step | .github/workflows/multiline.yml:15:9:20:6 | .github/workflows/multiline.yml@15:9:20:6 |
| .github/workflows/multiline.yml:15:14:19:40 | EOF=$(dd if=/dev/urandom bs=15 count=1 status=none \| base64)\necho "status<<$EOF" >> $GITHUB_OUTPUT\necho "$(cat status.output.json)" >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:15:14:19:40 | .github/workflows/multiline.yml@15:14:19:40 |
| .github/workflows/multiline.yml:20:9:24:6 | Run Step | .github/workflows/multiline.yml:20:9:24:6 | .github/workflows/multiline.yml@20:9:24:6 |
| .github/workflows/multiline.yml:20:14:23:40 | echo "response<<$EOF" >> $GITHUB_OUTPUT\necho $output >> $GITHUB_OUTPUT\necho "$EOF" >> $GITHUB_OUTPUT\n | .github/workflows/multiline.yml:20:14:23:40 | .github/workflows/multiline.yml@20:14:23:40 |
| .github/workflows/multiline.yml:24:9:30:6 | Run Step | .github/workflows/multiline.yml:24:9:30:6 | .github/workflows/multiline.yml@24:9:30:6 |
| .github/workflows/multiline.yml:24:14:29:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:24:14:29:29 | .github/workflows/multiline.yml@24:14:29:29 |
| .github/workflows/multiline.yml:30:9:33:14 | Run Step | .github/workflows/multiline.yml:30:9:33:14 | .github/workflows/multiline.yml@30:9:33:14 |
| .github/workflows/multiline.yml:30:14:33:14 | cat <<-"EOF" > event.json\n ${{ toJson(github.event) }}\nEOF\n | .github/workflows/multiline.yml:30:14:33:14 | .github/workflows/multiline.yml@30:14:33:14 |
| .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) | .github/workflows/multiline.yml:32:13:32:39 | .github/workflows/multiline.yml@32:13:32:39 |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 | .github/workflows/test.yml:5:5:31:2 | .github/workflows/test.yml@5:5:31:2 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:8:7:10:4 | .github/workflows/test.yml@8:7:10:4 |
@@ -380,64 +419,67 @@ nodeLocations
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step | .github/workflows/test.yml:19:9:26:6 | .github/workflows/test.yml@19:9:26:6 |
| .github/workflows/test.yml:23:20:23:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:23:20:23:64 | .github/workflows/test.yml@23:20:23:64 |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:26:9:28:6 | .github/workflows/test.yml@26:9:28:6 |
| .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} | .github/workflows/test.yml:27:14:27:63 | .github/workflows/test.yml@27:14:27:63 |
| .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files | .github/workflows/test.yml:27:20:27:64 | .github/workflows/test.yml@27:20:27:64 |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:28:9:31:2 | .github/workflows/test.yml@28:9:31:2 |
| .github/workflows/test.yml:29:14:29:54 | ${{ github.event.pull_request.head.ref }} | .github/workflows/test.yml:29:14:29:54 | .github/workflows/test.yml@29:14:29:54 |
| .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref | .github/workflows/test.yml:29:15:29:55 | .github/workflows/test.yml@29:15:29:55 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 | .github/workflows/test.yml:32:5:40:53 | .github/workflows/test.yml@32:5:40:53 |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:39:9:40:53 | .github/workflows/test.yml@39:9:40:53 |
| .github/workflows/test.yml:40:14:40:52 | echo ${{needs.job1.outputs.job_output}} | .github/workflows/test.yml:40:14:40:52 | .github/workflows/test.yml@40:14:40:52 |
| .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output | .github/workflows/test.yml:40:20:40:53 | .github/workflows/test.yml@40:20:40:53 |
scopes
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline.yml:1:1:33:14 | on: |
| .github/workflows/test.yml:1:1:40:53 | on: push |
sources
| ahmadnassri/action-changed-files | * | output.files | PR changed files | manual |
| ahmadnassri/action-changed-files | * | output.json | PR changed files | manual |
| amannn/action-semantic-pull-request | * | output.error_message | PR title | manual |
| cypress-io/github-action | * | env.GH_BRANCH | PR branch | manual |
| dawidd6/action-download-artifact | * | output.artifacts | Artifact details | manual |
| dorny/paths-filter | * | output.changes | PR changed files | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_DESCRIPTION | PR body | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_TITLE | PR title | manual |
| googlecloudplatform/magic-modules | * | output.changed-files | PR changed files | manual |
| jitterbit/get-changed-files | * | output.added | PR changed files | manual |
| jitterbit/get-changed-files | * | output.added_modified | PR changed files | manual |
| jitterbit/get-changed-files | * | output.all | PR changed files | manual |
| jitterbit/get-changed-files | * | output.deleted | PR changed files | manual |
| jitterbit/get-changed-files | * | output.modified | PR changed files | manual |
| jitterbit/get-changed-files | * | output.removed | PR changed files | manual |
| jitterbit/get-changed-files | * | output.renamed | PR changed files | manual |
| khan/pull-request-comment-trigger | * | output.comment_body | Comment body | manual |
| marocchino/on_artifact | * | output.* | Downloaded artifact | manual |
| puppeteer/puppeteer/.github/workflows/changed-packages.yml | * | output.changes | Changed files | manual |
| redhat-plumbers-in-action/download-artifact | * | output.* | Downloaded artifact | manual |
| tj-actions/branch-names | * | output.current_branch | PR current branch | manual |
| tj-actions/branch-names | * | output.head_ref_branch | PR head branch | manual |
| tj-actions/branch-names | * | output.ref_branch | Branch tirggering workflow run | manual |
| tj-actions/changed-files | * | output.added_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_changed_and_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.all_old_new_renamed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.changed_keys | PR changed files | manual |
| tj-actions/changed-files | * | output.copied_files | PR changed files | manual |
| tj-actions/changed-files | * | output.deleted_files | PR changed files | manual |
| tj-actions/changed-files | * | output.modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.modified_keys | PR changed files | manual |
| tj-actions/changed-files | * | output.other_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.other_deleted_files | PR changed files | manual |
| tj-actions/changed-files | * | output.other_modified_files | PR changed files | manual |
| tj-actions/changed-files | * | output.renamed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.type_changed_files | PR changed files | manual |
| tj-actions/changed-files | * | output.unknown_files | PR changed files | manual |
| tj-actions/changed-files | * | output.unmerged_files | PR changed files | manual |
| tj-actions/verify-changed-files | * | output.changed-files | PR changed files | manual |
| trilom/file-changes-action | * | output.files | PR changed files | manual |
| trilom/file-changes-action | * | output.files_added | PR changed files | manual |
| trilom/file-changes-action | * | output.files_modified | PR changed files | manual |
| trilom/file-changes-action | * | output.files_removed | PR changed files | manual |
| tzkhan/pr-update-action | * | output.headMatch | | manual |
| xt0rted/slash-command-action | * | output.command-arguments | | manual |
| ahmadnassri/action-changed-files | * | output.files | filename | manual |
| ahmadnassri/action-changed-files | * | output.json | json | manual |
| amannn/action-semantic-pull-request | * | output.error_message | text | manual |
| cypress-io/github-action | * | env.GH_BRANCH | branch | manual |
| dawidd6/action-download-artifact | * | output.artifacts | artifact | manual |
| dorny/paths-filter | * | output.changes | filename | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_DESCRIPTION | text | manual |
| franzdiebold/github-env-vars-action | * | output.CI_PR_TITLE | title | manual |
| googlecloudplatform/magic-modules | * | output.changed-files | filename | manual |
| jitterbit/get-changed-files | * | output.added | filename | manual |
| jitterbit/get-changed-files | * | output.added_modified | filename | manual |
| jitterbit/get-changed-files | * | output.all | filename | manual |
| jitterbit/get-changed-files | * | output.deleted | filename | manual |
| jitterbit/get-changed-files | * | output.modified | filename | manual |
| jitterbit/get-changed-files | * | output.removed | filename | manual |
| jitterbit/get-changed-files | * | output.renamed | filename | manual |
| khan/pull-request-comment-trigger | * | output.comment_body | text | manual |
| marocchino/on_artifact | * | output.* | artifact | manual |
| puppeteer/puppeteer/.github/workflows/changed-packages.yml | * | output.changes | filename | manual |
| redhat-plumbers-in-action/download-artifact | * | output.* | artifact | manual |
| tj-actions/branch-names | * | output.current_branch | branch | manual |
| tj-actions/branch-names | * | output.head_ref_branch | branch | manual |
| tj-actions/branch-names | * | output.ref_branch | branch | manual |
| tj-actions/changed-files | * | output.added_files | filename | manual |
| tj-actions/changed-files | * | output.all_changed_and_modified_files | filename | manual |
| tj-actions/changed-files | * | output.all_changed_files | filename | manual |
| tj-actions/changed-files | * | output.all_modified_files | filename | manual |
| tj-actions/changed-files | * | output.all_old_new_renamed_files | filename | manual |
| tj-actions/changed-files | * | output.changed_keys | filename | manual |
| tj-actions/changed-files | * | output.copied_files | filename | manual |
| tj-actions/changed-files | * | output.deleted_files | filename | manual |
| tj-actions/changed-files | * | output.modified_files | filename | manual |
| tj-actions/changed-files | * | output.modified_keys | filename | manual |
| tj-actions/changed-files | * | output.other_changed_files | filename | manual |
| tj-actions/changed-files | * | output.other_deleted_files | filename | manual |
| tj-actions/changed-files | * | output.other_modified_files | filename | manual |
| tj-actions/changed-files | * | output.renamed_files | filename | manual |
| tj-actions/changed-files | * | output.type_changed_files | filename | manual |
| tj-actions/changed-files | * | output.unknown_files | filename | manual |
| tj-actions/changed-files | * | output.unmerged_files | filename | manual |
| tj-actions/verify-changed-files | * | output.changed-files | filename | manual |
| trilom/file-changes-action | * | output.files | filename | manual |
| trilom/file-changes-action | * | output.files_added | filename | manual |
| trilom/file-changes-action | * | output.files_modified | filename | manual |
| trilom/file-changes-action | * | output.files_removed | filename | manual |
| tzkhan/pr-update-action | * | output.headMatch | branch | manual |
| xt0rted/slash-command-action | * | output.command-arguments | text | manual |
summaries
| akhileshns/heroku-deploy | * | input.branch | output.status | taint | manual |
| android-actions/setup-android | * | input.cmdline-tools-version | output.ANDROID_COMMANDLINE_TOOLS_VERSION | taint | manual |

2
ql/test/query-tests/Security/CWE-077/.github/workflows/test1.yml vendored
View File

@@ -9,5 +9,7 @@ jobs:
steps:
- name: Code Injection, do not report as ENV VAR INJ
run: echo ISSUE_KEY=$(echo "${{ github.event.pull_request.title }}") >> $GITHUB_ENV
- name: Code Injection, do not report as ENV VAR INJ
run: echo ISSUE_KEY=$(echo "${{ github.event.pull_request.head.ref }}") >> $GITHUB_ENV

13
ql/test/query-tests/Security/CWE-077/.github/workflows/test4.yml vendored
View File

@@ -42,8 +42,19 @@ jobs:
- env:
TITLE: ${{ github.event.pull_request.title }}
run: |
cat <<-"EOF" >> "$GITHUB_ENV"
cat <<-EOF >> "$GITHUB_ENV"
echo "FOO=$TITLE"
EOF
- env:
TITLE: ${{ github.event.pull_request.head.ref }}
run: |
echo "PR_TITLE=$TITLE" >> $GITHUB_ENV
- run: echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV
env:
TARGET_BRANCH: ${{ github.head_ref }}
- run: echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV
env:
TARGET_BRANCH: ${{ github.event.pull_request.title }}

6
ql/test/query-tests/Security/CWE-077/EnvVarInjection.expected
View File

@@ -7,6 +7,8 @@ edges
| .github/workflows/test4.yml:23:19:23:56 | github.event.pull_request.title | .github/workflows/test4.yml:24:14:27:36 | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n |
| .github/workflows/test4.yml:29:19:29:56 | github.event.pull_request.title | .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/test4.yml:35:19:35:56 | github.event.pull_request.title | .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/test4.yml:43:19:43:56 | github.event.pull_request.title | .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n |
| .github/workflows/test4.yml:57:27:57:64 | github.event.pull_request.title | .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV |
| .github/workflows/test5.yml:10:9:30:6 | Uses Step | .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n |
nodes
| .github/workflows/test2.yml:12:9:41:6 | Uses Step | semmle.label | Uses Step |
@@ -25,6 +27,10 @@ nodes
| .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | semmle.label | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/test4.yml:35:19:35:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/test4.yml:43:19:43:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n | semmle.label | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n |
| .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV | semmle.label | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV |
| .github/workflows/test4.yml:57:27:57:64 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test5.yml:10:9:30:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n | semmle.label | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n |
subpaths

1
ql/test/query-tests/Security/CWE-077/PrivilegedEnvPathInjection.expected
View File

@@ -22,5 +22,4 @@ subpaths
| .github/workflows/path1.yml:17:14:17:42 | echo $PATHINJ >> $GITHUB_PATH | .github/workflows/path1.yml:16:21:16:58 | github.event.pull_request.title | .github/workflows/path1.yml:17:14:17:42 | echo $PATHINJ >> $GITHUB_PATH | Potential privileged PATH environment variable injection in $@, which may be controlled by an external user. | .github/workflows/path1.yml:17:14:17:42 | echo $PATHINJ >> $GITHUB_PATH | echo $PATHINJ >> $GITHUB_PATH |
| .github/workflows/path1.yml:20:14:20:44 | echo ${PATHINJ} >> $GITHUB_PATH | .github/workflows/path1.yml:19:21:19:58 | github.event.pull_request.title | .github/workflows/path1.yml:20:14:20:44 | echo ${PATHINJ} >> $GITHUB_PATH | Potential privileged PATH environment variable injection in $@, which may be controlled by an external user. | .github/workflows/path1.yml:20:14:20:44 | echo ${PATHINJ} >> $GITHUB_PATH | echo ${PATHINJ} >> $GITHUB_PATH |
| .github/workflows/path1.yml:25:14:25:50 | echo "$(cat foo/bar)" >> $GITHUB_PATH | .github/workflows/path1.yml:21:9:25:6 | Uses Step | .github/workflows/path1.yml:25:14:25:50 | echo "$(cat foo/bar)" >> $GITHUB_PATH | Potential privileged PATH environment variable injection in $@, which may be controlled by an external user. | .github/workflows/path1.yml:25:14:25:50 | echo "$(cat foo/bar)" >> $GITHUB_PATH | echo "$(cat foo/bar)" >> $GITHUB_PATH |
| .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | .github/workflows/path1.yml:21:9:25:6 | Uses Step | .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | Potential privileged PATH environment variable injection in $@, which may be controlled by an external user. | .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | echo "::add-path::$PATHINJ" |
| .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | .github/workflows/path1.yml:28:21:28:58 | github.event.pull_request.title | .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | Potential privileged PATH environment variable injection in $@, which may be controlled by an external user. | .github/workflows/path1.yml:29:14:29:40 | echo "::add-path::$PATHINJ" | echo "::add-path::$PATHINJ" |

8
ql/test/query-tests/Security/CWE-077/PrivilegedEnvVarInjection.expected
View File

@@ -7,6 +7,8 @@ edges
| .github/workflows/test4.yml:23:19:23:56 | github.event.pull_request.title | .github/workflows/test4.yml:24:14:27:36 | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n |
| .github/workflows/test4.yml:29:19:29:56 | github.event.pull_request.title | .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/test4.yml:35:19:35:56 | github.event.pull_request.title | .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/test4.yml:43:19:43:56 | github.event.pull_request.title | .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n |
| .github/workflows/test4.yml:57:27:57:64 | github.event.pull_request.title | .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV |
| .github/workflows/test5.yml:10:9:30:6 | Uses Step | .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n |
nodes
| .github/workflows/test2.yml:12:9:41:6 | Uses Step | semmle.label | Uses Step |
@@ -25,6 +27,10 @@ nodes
| .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | semmle.label | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/test4.yml:35:19:35:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/test4.yml:43:19:43:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n | semmle.label | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n |
| .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV | semmle.label | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV |
| .github/workflows/test4.yml:57:27:57:64 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/test5.yml:10:9:30:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n | semmle.label | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n |
subpaths
@@ -37,4 +43,6 @@ subpaths
| .github/workflows/test4.yml:24:14:27:36 | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n | .github/workflows/test4.yml:23:19:23:56 | github.event.pull_request.title | .github/workflows/test4.yml:24:14:27:36 | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test4.yml:24:14:27:36 | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n | echo "PR_TITLE<<EOF" >> $GITHUB_ENV\necho "$TITLE" >> $GITHUB_ENV\necho "EOF" >> $GITHUB_ENV\n |
| .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | .github/workflows/test4.yml:29:19:29:56 | github.event.pull_request.title | .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test4.yml:30:14:33:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\necho "$TITLE" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/test4.yml:35:19:35:56 | github.event.pull_request.title | .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test4.yml:36:14:41:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n | {\n echo 'JSON_RESPONSE<<EOF'\n echo "$TITLE" >> "$GITHUB_ENV"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n | .github/workflows/test4.yml:43:19:43:56 | github.event.pull_request.title | .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test4.yml:44:14:47:14 | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n | cat <<-EOF >> "$GITHUB_ENV"\n echo "FOO=$TITLE"\nEOF\n |
| .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV | .github/workflows/test4.yml:57:27:57:64 | github.event.pull_request.title | .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test4.yml:55:14:55:70 | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV | echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV |
| .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n | .github/workflows/test5.yml:10:9:30:6 | Uses Step | .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n | Potential privileged environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test5.yml:33:14:36:62 | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n | echo "PR_NUM=$(cat coverage/pr_num.txt)" >> $GITHUB_ENV\necho "BASE=$(cat coverage/base.txt)" >> $GITHUB_ENV\necho "HEAD=$(cat coverage/head.txt)" >> $GITHUB_ENV\n |