hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
This commit is contained in:
yoff
2025-04-01 13:18:30 +02:00
committed by GitHub
parent e7bb47f335
commit 1ec3e8712b
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
View File

@@ -30,6 +30,7 @@ string jobNeedsPersmission(Job job) {
actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result)
}
/** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */
string permissionsForJob(Job job) {
result =
"{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}"
@@ -46,4 +47,4 @@ where
) and
permissions = permissionsForJob(job)
select job,
"Actions Job or Workflow does not set permissions. A minimal set might be " + permissions
"Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + permissions