hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve Artifact Poisoning query

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-04-05 09:18:01 +02:00
parent ce5928c6ba
commit 28ccf4fa68
18 changed files with 372 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ql/src/Security/CWE-829/ArtifactPoisoning.ql
View File

@@ -14,13 +14,10 @@
import actions
import codeql.actions.security.ArtifactPoisoningQuery
from LocalJob job, ArtifactDownloadStep download, Step run
from LocalJob job, ArtifactDownloadStep downloadStep, PoisonableStep step
where
// Workflow is privileged
job.getWorkflow().isPrivileged() and
(run instanceof Run or run instanceof UsesStep) and
exists(int i, int j |
job.getStep(i) = download and
job.getStep(j) = run and
i < j
)
select download, "Potential artifact poisoning."
// Download step is followed by a step that may be poisoned by the download
downloadStep.getAFollowingStep() = step
select downloadStep, "Potential artifact poisoning."