From 2988bc8885d51529ea9b998076e8b3744e27fd28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Wed, 3 Apr 2024 15:39:00 +0200 Subject: [PATCH] Centralize isPrivileged decisions --- ql/lib/codeql/actions/Ast.qll | 21 +++++ ql/lib/codeql/actions/ast/internal/Ast.qll | 7 +- ql/src/Security/CWE-077/EnvVarInjection.ql | 11 ++- .../CWE-077/PrivilegedEnvVarInjection.ql | 13 ++- ql/src/Security/CWE-078/CommandInjection.ql | 11 ++- .../CWE-078/PrivilegedCommandInjection.ql | 13 ++- ql/src/Security/CWE-094/CodeInjection.ql | 11 ++- .../CWE-094/PrivilegedCodeInjection.ql | 13 ++- ql/src/Security/CWE-829/ArtifactPoisoning.ql | 22 +---- ql/src/Security/CWE-829/UntrustedCheckout.ql | 19 +--- .../Security/CWE-077/EnvVarInjection.expected | 1 - .../CWE-078/CommandInjection.expected | 1 - .../Security/CWE-094/CodeInjection.expected | 87 ------------------- 13 files changed, 75 insertions(+), 155 deletions(-) diff --git a/ql/lib/codeql/actions/Ast.qll b/ql/lib/codeql/actions/Ast.qll index d865eb54905..17768245fdc 100644 --- a/ql/lib/codeql/actions/Ast.qll +++ b/ql/lib/codeql/actions/Ast.qll @@ -35,6 +35,8 @@ class AstNode instanceof AstNodeImpl { Workflow getEnclosingWorkflow() { result = super.getEnclosingWorkflow() } + CompositeAction getEnclosingCompositeAction() { result = super.getEnclosingCompositeAction() } + Expression getInScopeEnvVarExpr(string name) { result = super.getInScopeEnvVarExpr(name) } } @@ -123,6 +125,25 @@ class Workflow extends AstNode instanceof WorkflowImpl { Permissions getPermissions() { result = super.getPermissions() } Strategy getStrategy() { result = super.getStrategy() } + + predicate hasSingleTrigger(string trigger) { + this.getATriggerEvent() = trigger and + count(string t | this.getATriggerEvent() = t | t) = 1 + } + + predicate isPrivileged() { + // The Workflow is triggered by an event other than `pull_request` + not this.hasSingleTrigger("pull_request") + or + // The Workflow is only triggered by `workflow_call` and there is + // a caller workflow triggered by an event other than `pull_request` + this.hasSingleTrigger("workflow_call") and + exists(ExternalJob call, Workflow caller | + call.getCallee() = this.getLocation().getFile().getRelativePath() and + caller = call.getWorkflow() and + not caller.hasSingleTrigger("pull_request") + ) + } } class ReusableWorkflow extends Workflow instanceof ReusableWorkflowImpl { diff --git a/ql/lib/codeql/actions/ast/internal/Ast.qll b/ql/lib/codeql/actions/ast/internal/Ast.qll index a1470a41dd0..3f9293bc972 100644 --- a/ql/lib/codeql/actions/ast/internal/Ast.qll +++ b/ql/lib/codeql/actions/ast/internal/Ast.qll @@ -95,10 +95,15 @@ abstract class AstNodeImpl extends TAstNode { JobImpl getEnclosingJob() { result.getAChildNode*() = this.getParentNode() } /** - * Gets the enclosing workflow statement. + * Gets the enclosing workflow if any. */ WorkflowImpl getEnclosingWorkflow() { this = result.getAChildNode*() } + /** + * Gets the enclosing composite action if any. + */ + CompositeActionImpl getEnclosingCompositeAction() { this = result.getAChildNode*() } + /** * Gets a environment variable expression by name in the scope of the current node. */ diff --git a/ql/src/Security/CWE-077/EnvVarInjection.ql b/ql/src/Security/CWE-077/EnvVarInjection.ql index 2e978ad9e53..e758932b208 100644 --- a/ql/src/Security/CWE-077/EnvVarInjection.ql +++ b/ql/src/Security/CWE-077/EnvVarInjection.ql @@ -17,7 +17,16 @@ import codeql.actions.security.EnvVarInjectionQuery import EnvVarInjectionFlow::PathGraph from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink -where EnvVarInjectionFlow::flowPath(source, sink) +where + EnvVarInjectionFlow::flowPath(source, sink) and + ( + exists(source.getNode().asExpr().getEnclosingCompositeAction()) + or + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + not w.isPrivileged() + ) + ) select sink.getNode(), source, sink, "Potential environment variable injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql b/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql index 6508b458629..811a6f65c7c 100644 --- a/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql +++ b/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql @@ -16,16 +16,13 @@ import actions import codeql.actions.security.EnvVarInjectionQuery import EnvVarInjectionFlow::PathGraph -predicate isSingleTriggerWorkflow(Workflow w, string trigger) { - w.getATriggerEvent() = trigger and - count(string t | w.getATriggerEvent() = t | t) = 1 -} - -from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink, Workflow w +from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink where EnvVarInjectionFlow::flowPath(source, sink) and - w = source.getNode().asExpr().getEnclosingWorkflow() and - not isSingleTriggerWorkflow(w, "pull_request") + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + w.isPrivileged() + ) select sink.getNode(), source, sink, "Potential privileged environment variable injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-078/CommandInjection.ql b/ql/src/Security/CWE-078/CommandInjection.ql index 826a3b41e38..de60141bb40 100644 --- a/ql/src/Security/CWE-078/CommandInjection.ql +++ b/ql/src/Security/CWE-078/CommandInjection.ql @@ -17,7 +17,16 @@ import codeql.actions.security.CommandInjectionQuery import CommandInjectionFlow::PathGraph from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink -where CommandInjectionFlow::flowPath(source, sink) +where + CommandInjectionFlow::flowPath(source, sink) and + ( + exists(source.getNode().asExpr().getEnclosingCompositeAction()) + or + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + not w.isPrivileged() + ) + ) select sink.getNode(), source, sink, "Potential command injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-078/PrivilegedCommandInjection.ql b/ql/src/Security/CWE-078/PrivilegedCommandInjection.ql index 2f9a09f59c3..bbfb226ecd1 100644 --- a/ql/src/Security/CWE-078/PrivilegedCommandInjection.ql +++ b/ql/src/Security/CWE-078/PrivilegedCommandInjection.ql @@ -16,16 +16,13 @@ import actions import codeql.actions.security.CommandInjectionQuery import CommandInjectionFlow::PathGraph -predicate isSingleTriggerWorkflow(Workflow w, string trigger) { - w.getATriggerEvent() = trigger and - count(string t | w.getATriggerEvent() = t | t) = 1 -} - -from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Workflow w +from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink where CommandInjectionFlow::flowPath(source, sink) and - w = source.getNode().asExpr().getEnclosingWorkflow() and - not isSingleTriggerWorkflow(w, "pull_request") + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + w.isPrivileged() + ) select sink.getNode(), source, sink, "Potential privileged command injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-094/CodeInjection.ql b/ql/src/Security/CWE-094/CodeInjection.ql index f71c178822c..dc28cc2569f 100644 --- a/ql/src/Security/CWE-094/CodeInjection.ql +++ b/ql/src/Security/CWE-094/CodeInjection.ql @@ -19,7 +19,16 @@ import codeql.actions.security.CodeInjectionQuery import CodeInjectionFlow::PathGraph from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink -where CodeInjectionFlow::flowPath(source, sink) +where + CodeInjectionFlow::flowPath(source, sink) and + ( + exists(source.getNode().asExpr().getEnclosingCompositeAction()) + or + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + not w.isPrivileged() + ) + ) select sink.getNode(), source, sink, "Potential code injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-094/PrivilegedCodeInjection.ql b/ql/src/Security/CWE-094/PrivilegedCodeInjection.ql index 62030e32263..9814df091dd 100644 --- a/ql/src/Security/CWE-094/PrivilegedCodeInjection.ql +++ b/ql/src/Security/CWE-094/PrivilegedCodeInjection.ql @@ -18,16 +18,13 @@ import actions import codeql.actions.security.CodeInjectionQuery import CodeInjectionFlow::PathGraph -predicate isSingleTriggerWorkflow(Workflow w, string trigger) { - w.getATriggerEvent() = trigger and - count(string t | w.getATriggerEvent() = t | t) = 1 -} - -from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Workflow w +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink where CodeInjectionFlow::flowPath(source, sink) and - w = source.getNode().asExpr().getEnclosingWorkflow() and - not isSingleTriggerWorkflow(w, "pull_request") + exists(Workflow w | + w = source.getNode().asExpr().getEnclosingWorkflow() and + w.isPrivileged() + ) select sink.getNode(), source, sink, "Potential privileged code injection in $@, which may be controlled by an external user.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/ql/src/Security/CWE-829/ArtifactPoisoning.ql b/ql/src/Security/CWE-829/ArtifactPoisoning.ql index 5b71a64d52e..5d38faa94df 100644 --- a/ql/src/Security/CWE-829/ArtifactPoisoning.ql +++ b/ql/src/Security/CWE-829/ArtifactPoisoning.ql @@ -14,27 +14,9 @@ import actions import codeql.actions.security.ArtifactPoisoningQuery -predicate isSingleTriggerWorkflow(Workflow w, string trigger) { - w.getATriggerEvent() = trigger and - count(string t | w.getATriggerEvent() = t | t) = 1 -} - -from Workflow w, LocalJob job, ArtifactDownloadStep download, Step run +from LocalJob job, ArtifactDownloadStep download, Step run where - w = job.getWorkflow() and - ( - // The Workflow is triggered by an event other than `pull_request` - not isSingleTriggerWorkflow(w, "pull_request") - or - // The Workflow is only triggered by `workflow_call` and there is - // a caller workflow triggered by an event other than `pull_request` - isSingleTriggerWorkflow(w, "workflow_call") and - exists(ExternalJob call, Workflow caller | - call.getCallee() = w.getLocation().getFile().getRelativePath() and - caller = call.getWorkflow() and - not isSingleTriggerWorkflow(caller, "pull_request") - ) - ) and + job.getWorkflow().isPrivileged() and (run instanceof Run or run instanceof UsesStep) and exists(int i, int j | job.getStep(i) = download and diff --git a/ql/src/Security/CWE-829/UntrustedCheckout.ql b/ql/src/Security/CWE-829/UntrustedCheckout.ql index 86b80c67215..40f6d2fec9e 100644 --- a/ql/src/Security/CWE-829/UntrustedCheckout.ql +++ b/ql/src/Security/CWE-829/UntrustedCheckout.ql @@ -121,26 +121,9 @@ class GitCheckout extends PRHeadCheckoutStep instanceof Run { } } -predicate isSingleTriggerWorkflow(Workflow w, string trigger) { - w.getATriggerEvent() = trigger and - count(string t | w.getATriggerEvent() = t | t) = 1 -} - from Workflow w, PRHeadCheckoutStep checkout where - ( - // The Workflow is triggered by an event other than `pull_request` - not isSingleTriggerWorkflow(w, "pull_request") - or - // The Workflow is only triggered by `workflow_call` and there is - // a caller workflow triggered by an event other than `pull_request` - isSingleTriggerWorkflow(w, "workflow_call") and - exists(ExternalJob call, Workflow caller | - call.getCallee() = w.getLocation().getFile().getRelativePath() and - caller = call.getWorkflow() and - not isSingleTriggerWorkflow(caller, "pull_request") - ) - ) and + w.isPrivileged() and w.getAJob().(LocalJob).getAStep() = checkout and not exists(ControlCheck check | checkout.getIf() = check or checkout.getEnclosingJob().getIf() = check diff --git a/ql/test/query-tests/Security/CWE-077/EnvVarInjection.expected b/ql/test/query-tests/Security/CWE-077/EnvVarInjection.expected index 2d96ec5a435..d5dbcbde086 100644 --- a/ql/test/query-tests/Security/CWE-077/EnvVarInjection.expected +++ b/ql/test/query-tests/Security/CWE-077/EnvVarInjection.expected @@ -3,4 +3,3 @@ nodes | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | semmle.label | github.event.pull_request.title | subpaths #select -| .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | Potential environment variable injection in $@, which may be controlled by an external user. | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | diff --git a/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index decabad082f..99ebb1edc05 100644 --- a/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -3,4 +3,3 @@ nodes | .github/workflows/comment_issue.yml:9:26:9:57 | github.event.comment.body | semmle.label | github.event.comment.body | subpaths #select -| .github/workflows/comment_issue.yml:9:26:9:57 | github.event.comment.body | .github/workflows/comment_issue.yml:9:26:9:57 | github.event.comment.body | .github/workflows/comment_issue.yml:9:26:9:57 | github.event.comment.body | Potential command injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:9:26:9:57 | github.event.comment.body | ${{ github.event.comment.body }} | diff --git a/ql/test/query-tests/Security/CWE-094/CodeInjection.expected b/ql/test/query-tests/Security/CWE-094/CodeInjection.expected index 1fad288860e..6cb2c1ed399 100644 --- a/ql/test/query-tests/Security/CWE-094/CodeInjection.expected +++ b/ql/test/query-tests/Security/CWE-094/CodeInjection.expected @@ -209,92 +209,5 @@ nodes | action1/action.yml:14:19:14:50 | github.event.comment.body | semmle.label | github.event.comment.body | subpaths #select -| .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | .github/workflows/argus_case_study.yml:17:25:17:53 | github.event.issue.title | .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | ${{steps.remove_quotations.outputs.replaced}} | | .github/workflows/changed-files.yml:22:24:22:75 | steps.changed-files.outputs.all_changed_files | .github/workflows/changed-files.yml:16:9:20:6 | Uses Step: changed-files | .github/workflows/changed-files.yml:22:24:22:75 | steps.changed-files.outputs.all_changed_files | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/changed-files.yml:22:24:22:75 | steps.changed-files.outputs.all_changed_files | ${{ steps.changed-files.outputs.all_changed_files }} | -| .github/workflows/changelog.yml:58:26:58:39 | env.log | .github/workflows/changelog.yml:49:19:49:56 | github.event.pull_request.title | .github/workflows/changelog.yml:58:26:58:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/changelog.yml:58:26:58:39 | env.log | ${{ env.log }} | -| .github/workflows/changelog_from_prt.yml:58:26:58:39 | env.log | .github/workflows/changelog_from_prt.yml:49:19:49:56 | github.event.pull_request.title | .github/workflows/changelog_from_prt.yml:58:26:58:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/changelog_from_prt.yml:58:26:58:39 | env.log | ${{ env.log }} | -| .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | ${{ github.event.issue.body }} | -| .github/workflows/comment_issue.yml:17:19:17:49 | github.event.issue.title | .github/workflows/comment_issue.yml:17:19:17:49 | github.event.issue.title | .github/workflows/comment_issue.yml:17:19:17:49 | github.event.issue.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:17:19:17:49 | github.event.issue.title | ${{ github.event.issue.title }} | -| .github/workflows/comment_issue.yml:24:31:24:62 | github.event.comment.body | .github/workflows/comment_issue.yml:24:31:24:62 | github.event.comment.body | .github/workflows/comment_issue.yml:24:31:24:62 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:24:31:24:62 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/comment_issue.yml:27:31:27:60 | github.event.issue.body | .github/workflows/comment_issue.yml:27:31:27:60 | github.event.issue.body | .github/workflows/comment_issue.yml:27:31:27:60 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:27:31:27:60 | github.event.issue.body | ${{ github.event.issue.body }} | -| .github/workflows/comment_issue.yml:30:31:30:61 | github.event.issue.title | .github/workflows/comment_issue.yml:30:31:30:61 | github.event.issue.title | .github/workflows/comment_issue.yml:30:31:30:61 | github.event.issue.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:30:31:30:61 | github.event.issue.title | ${{ github.event.issue.title }} | -| .github/workflows/comment_issue_newline.yml:10:25:10:56 | github.event.comment.body | .github/workflows/comment_issue_newline.yml:10:25:10:56 | github.event.comment.body | .github/workflows/comment_issue_newline.yml:10:25:10:56 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue_newline.yml:10:25:10:56 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/comment_issue_newline.yml:11:24:11:51 | github.event.issue.body | .github/workflows/comment_issue_newline.yml:11:24:11:51 | github.event.issue.body | .github/workflows/comment_issue_newline.yml:11:24:11:51 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue_newline.yml:11:24:11:51 | github.event.issue.body | ${{github.event.issue.body}} | -| .github/workflows/comment_issue_newline.yml:12:24:12:55 | github.event.comment.body | .github/workflows/comment_issue_newline.yml:12:24:12:55 | github.event.comment.body | .github/workflows/comment_issue_newline.yml:12:24:12:55 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue_newline.yml:12:24:12:55 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/cross3.yml:42:86:42:113 | env.ISSUE_BODY_PARSED | .github/workflows/cross3.yml:32:18:32:53 | github.event.commits[0].message | .github/workflows/cross3.yml:42:86:42:113 | env.ISSUE_BODY_PARSED | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/cross3.yml:42:86:42:113 | env.ISSUE_BODY_PARSED | ${{ env.ISSUE_BODY_PARSED }} | -| .github/workflows/cross3.yml:53:89:53:107 | env.pr_message | .github/workflows/cross3.yml:32:18:32:53 | github.event.commits[0].message | .github/workflows/cross3.yml:53:89:53:107 | env.pr_message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/cross3.yml:53:89:53:107 | env.pr_message | ${{env.pr_message}} | -| .github/workflows/discussion.yml:7:19:7:54 | github.event.discussion.title | .github/workflows/discussion.yml:7:19:7:54 | github.event.discussion.title | .github/workflows/discussion.yml:7:19:7:54 | github.event.discussion.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/discussion.yml:7:19:7:54 | github.event.discussion.title | ${{ github.event.discussion.title }} | -| .github/workflows/discussion.yml:8:19:8:53 | github.event.discussion.body | .github/workflows/discussion.yml:8:19:8:53 | github.event.discussion.body | .github/workflows/discussion.yml:8:19:8:53 | github.event.discussion.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/discussion.yml:8:19:8:53 | github.event.discussion.body | ${{ github.event.discussion.body }} | -| .github/workflows/discussion_comment.yml:7:19:7:54 | github.event.discussion.title | .github/workflows/discussion_comment.yml:7:19:7:54 | github.event.discussion.title | .github/workflows/discussion_comment.yml:7:19:7:54 | github.event.discussion.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/discussion_comment.yml:7:19:7:54 | github.event.discussion.title | ${{ github.event.discussion.title }} | -| .github/workflows/discussion_comment.yml:8:19:8:53 | github.event.discussion.body | .github/workflows/discussion_comment.yml:8:19:8:53 | github.event.discussion.body | .github/workflows/discussion_comment.yml:8:19:8:53 | github.event.discussion.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/discussion_comment.yml:8:19:8:53 | github.event.discussion.body | ${{ github.event.discussion.body }} | -| .github/workflows/discussion_comment.yml:9:19:9:50 | github.event.comment.body | .github/workflows/discussion_comment.yml:9:19:9:50 | github.event.comment.body | .github/workflows/discussion_comment.yml:9:19:9:50 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/discussion_comment.yml:9:19:9:50 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/gollum.yml:7:19:7:52 | github.event.pages[1].title | .github/workflows/gollum.yml:7:19:7:52 | github.event.pages[1].title | .github/workflows/gollum.yml:7:19:7:52 | github.event.pages[1].title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:7:19:7:52 | github.event.pages[1].title | ${{ github.event.pages[1].title }} | -| .github/workflows/gollum.yml:8:19:8:53 | github.event.pages[11].title | .github/workflows/gollum.yml:8:19:8:53 | github.event.pages[11].title | .github/workflows/gollum.yml:8:19:8:53 | github.event.pages[11].title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:8:19:8:53 | github.event.pages[11].title | ${{ github.event.pages[11].title }} | -| .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | ${{ github.event.pages[0].page_name }} | -| .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | ${{ github.event.pages[2222].page_name }} | -| .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | .github/workflows/image_link_generator.yml:18:18:18:49 | github.event.comment.body | .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | ${{ steps.trim-url.outputs.trimmed_url }} | -| .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | .github/workflows/inter-job0.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | -| .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | .github/workflows/inter-job1.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | -| .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job2.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | -| .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | .github/workflows/inter-job4.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} | -| .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | ${{ github.event.issue.title }} | -| .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | ${{ github.event.issue.body }} | -| .github/workflows/issues.yaml:15:19:15:39 | env.global_env | .github/workflows/issues.yaml:4:16:4:46 | github.event.issue.title | .github/workflows/issues.yaml:15:19:15:39 | env.global_env | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:15:19:15:39 | env.global_env | ${{ env.global_env }} | -| .github/workflows/issues.yaml:17:19:17:36 | env.job_env | .github/workflows/issues.yaml:10:17:10:47 | github.event.issue.title | .github/workflows/issues.yaml:17:19:17:36 | env.job_env | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:17:19:17:36 | env.job_env | ${{ env.job_env }} | -| .github/workflows/issues.yaml:18:19:18:37 | env.step_env | .github/workflows/issues.yaml:20:20:20:50 | github.event.issue.title | .github/workflows/issues.yaml:18:19:18:37 | env.step_env | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:18:19:18:37 | env.step_env | ${{ env.step_env }} | -| .github/workflows/json_wrap.yml:13:20:13:51 | github.event.comment.body | .github/workflows/json_wrap.yml:13:20:13:51 | github.event.comment.body | .github/workflows/json_wrap.yml:13:20:13:51 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/json_wrap.yml:13:20:13:51 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/json_wrap.yml:23:31:23:68 | toJSON(github.event.issue.title) | .github/workflows/json_wrap.yml:23:31:23:68 | toJSON(github.event.issue.title) | .github/workflows/json_wrap.yml:23:31:23:68 | toJSON(github.event.issue.title) | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/json_wrap.yml:23:31:23:68 | toJSON(github.event.issue.title) | ${{ toJSON(github.event.issue.title)}} | -| .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | -| .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | -| .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | ${{ github.event.pull_request.head.label }} | -| .github/workflows/pull_request_review.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_review.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_review.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | ${{ github.event.pull_request.head.repo.default_branch }} | -| .github/workflows/pull_request_review.yml:11:19:11:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_review.yml:11:19:11:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_review.yml:11:19:11:72 | github.event.pull_request.head.repo.description | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:11:19:11:72 | github.event.pull_request.head.repo.description | ${{ github.event.pull_request.head.repo.description }} | -| .github/workflows/pull_request_review.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | ${{ github.event.pull_request.head.repo.homepage }} | -| .github/workflows/pull_request_review.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review.yml:13:19:13:59 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:13:19:13:59 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} | -| .github/workflows/pull_request_review.yml:14:19:14:49 | github.event.review.body | .github/workflows/pull_request_review.yml:14:19:14:49 | github.event.review.body | .github/workflows/pull_request_review.yml:14:19:14:49 | github.event.review.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review.yml:14:19:14:49 | github.event.review.body | ${{ github.event.review.body }} | -| .github/workflows/pull_request_review_comment.yml:7:19:7:56 | github.event.pull_request.title | .github/workflows/pull_request_review_comment.yml:7:19:7:56 | github.event.pull_request.title | .github/workflows/pull_request_review_comment.yml:7:19:7:56 | github.event.pull_request.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:7:19:7:56 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | -| .github/workflows/pull_request_review_comment.yml:8:19:8:55 | github.event.pull_request.body | .github/workflows/pull_request_review_comment.yml:8:19:8:55 | github.event.pull_request.body | .github/workflows/pull_request_review_comment.yml:8:19:8:55 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:8:19:8:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | -| .github/workflows/pull_request_review_comment.yml:9:19:9:61 | github.event.pull_request.head.label | .github/workflows/pull_request_review_comment.yml:9:19:9:61 | github.event.pull_request.head.label | .github/workflows/pull_request_review_comment.yml:9:19:9:61 | github.event.pull_request.head.label | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:9:19:9:61 | github.event.pull_request.head.label | ${{ github.event.pull_request.head.label }} | -| .github/workflows/pull_request_review_comment.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_review_comment.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_review_comment.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:10:19:10:75 | github.event.pull_request.head.repo.default_branch | ${{ github.event.pull_request.head.repo.default_branch }} | -| .github/workflows/pull_request_review_comment.yml:11:19:11:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_review_comment.yml:11:19:11:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_review_comment.yml:11:19:11:72 | github.event.pull_request.head.repo.description | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:11:19:11:72 | github.event.pull_request.head.repo.description | ${{ github.event.pull_request.head.repo.description }} | -| .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | ${{ github.event.pull_request.head.repo.homepage }} | -| .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} | -| .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | ${{ github.event.comment.body }} | -| .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | ${{ github.event.issue.title }} | -| .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | ${{ github.event.issue.body }} | -| .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | -| .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | -| .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | ${{ github.event.pull_request.head.label }} | -| .github/workflows/pull_request_target.yml:12:19:12:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_target.yml:12:19:12:75 | github.event.pull_request.head.repo.default_branch | .github/workflows/pull_request_target.yml:12:19:12:75 | github.event.pull_request.head.repo.default_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:12:19:12:75 | github.event.pull_request.head.repo.default_branch | ${{ github.event.pull_request.head.repo.default_branch }} | -| .github/workflows/pull_request_target.yml:13:19:13:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_target.yml:13:19:13:72 | github.event.pull_request.head.repo.description | .github/workflows/pull_request_target.yml:13:19:13:72 | github.event.pull_request.head.repo.description | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:13:19:13:72 | github.event.pull_request.head.repo.description | ${{ github.event.pull_request.head.repo.description }} | -| .github/workflows/pull_request_target.yml:14:19:14:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_target.yml:14:19:14:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_target.yml:14:19:14:69 | github.event.pull_request.head.repo.homepage | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:14:19:14:69 | github.event.pull_request.head.repo.homepage | ${{ github.event.pull_request.head.repo.homepage }} | -| .github/workflows/pull_request_target.yml:15:19:15:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_target.yml:15:19:15:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_target.yml:15:19:15:59 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:15:19:15:59 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} | -| .github/workflows/pull_request_target.yml:16:19:16:40 | github.head_ref | .github/workflows/pull_request_target.yml:16:19:16:40 | github.head_ref | .github/workflows/pull_request_target.yml:16:19:16:40 | github.head_ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:16:19:16:40 | github.head_ref | ${{ github.head_ref }} | -| .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} | -| .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} | -| .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} | -| .github/workflows/push.yml:10:19:10:57 | github.event.head_commit.message | .github/workflows/push.yml:10:19:10:57 | github.event.head_commit.message | .github/workflows/push.yml:10:19:10:57 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:10:19:10:57 | github.event.head_commit.message | ${{ github.event.head_commit.message }} | -| .github/workflows/push.yml:11:19:11:62 | github.event.head_commit.author.email | .github/workflows/push.yml:11:19:11:62 | github.event.head_commit.author.email | .github/workflows/push.yml:11:19:11:62 | github.event.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:11:19:11:62 | github.event.head_commit.author.email | ${{ github.event.head_commit.author.email }} | -| .github/workflows/push.yml:12:19:12:61 | github.event.head_commit.author.name | .github/workflows/push.yml:12:19:12:61 | github.event.head_commit.author.name | .github/workflows/push.yml:12:19:12:61 | github.event.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:12:19:12:61 | github.event.head_commit.author.name | ${{ github.event.head_commit.author.name }} | -| .github/workflows/push.yml:13:19:13:65 | github.event.head_commit.committer.email | .github/workflows/push.yml:13:19:13:65 | github.event.head_commit.committer.email | .github/workflows/push.yml:13:19:13:65 | github.event.head_commit.committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:13:19:13:65 | github.event.head_commit.committer.email | ${{ github.event.head_commit.committer.email }} | -| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} | -| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} | -| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} | -| .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | .github/workflows/self_needs.yml:16:20:16:64 | github.event['head_commit']['message'] | .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | ${{ steps.source.outputs.value }} | -| .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | .github/workflows/self_needs.yml:16:20:16:64 | github.event['head_commit']['message'] | .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | ${{ needs.test1.outputs.job_output }} | -| .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | .github/workflows/simple1.yml:11:20:11:58 | github.event.head_commit.message | .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | ${{steps.summary.outputs.value}} | -| .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | .github/workflows/simple2.yml:14:9:18:6 | Uses Step: source | .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | ${{ steps.step.outputs.value }} | -| .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | -| .github/workflows/test1.yml:25:20:25:39 | env.ISSUE_KEY | .github/workflows/test1.yml:22:38:22:75 | github.event.pull_request.title | .github/workflows/test1.yml:25:20:25:39 | env.ISSUE_KEY | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test1.yml:25:20:25:39 | env.ISSUE_KEY | ${{ env.ISSUE_KEY }} | -| .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | .github/workflows/test.yml:15:20:15:64 | github.event['head_commit']['message'] | .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | ${{needs.job1.outputs['job_output']}} | -| .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | ${{ github.event.workflow_run.display_title }} | -| .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | ${{ github.event.workflow_run.head_commit.message }} | -| .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | ${{ github.event.workflow_run.head_commit.author.email }} | -| .github/workflows/workflow_run.yml:12:19:12:74 | github.event.workflow_run.head_commit.author.name | .github/workflows/workflow_run.yml:12:19:12:74 | github.event.workflow_run.head_commit.author.name | .github/workflows/workflow_run.yml:12:19:12:74 | github.event.workflow_run.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:12:19:12:74 | github.event.workflow_run.head_commit.author.name | ${{ github.event.workflow_run.head_commit.author.name }} | -| .github/workflows/workflow_run.yml:13:19:13:78 | github.event.workflow_run.head_commit.committer.email | .github/workflows/workflow_run.yml:13:19:13:78 | github.event.workflow_run.head_commit.committer.email | .github/workflows/workflow_run.yml:13:19:13:78 | github.event.workflow_run.head_commit.committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:13:19:13:78 | github.event.workflow_run.head_commit.committer.email | ${{ github.event.workflow_run.head_commit.committer.email }} | -| .github/workflows/workflow_run.yml:14:19:14:77 | github.event.workflow_run.head_commit.committer.name | .github/workflows/workflow_run.yml:14:19:14:77 | github.event.workflow_run.head_commit.committer.name | .github/workflows/workflow_run.yml:14:19:14:77 | github.event.workflow_run.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:14:19:14:77 | github.event.workflow_run.head_commit.committer.name | ${{ github.event.workflow_run.head_commit.committer.name }} | -| .github/workflows/workflow_run.yml:15:19:15:62 | github.event.workflow_run.head_branch | .github/workflows/workflow_run.yml:15:19:15:62 | github.event.workflow_run.head_branch | .github/workflows/workflow_run.yml:15:19:15:62 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:15:19:15:62 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} | -| .github/workflows/workflow_run.yml:16:19:16:78 | github.event.workflow_run.head_repository.description | .github/workflows/workflow_run.yml:16:19:16:78 | github.event.workflow_run.head_repository.description | .github/workflows/workflow_run.yml:16:19:16:78 | github.event.workflow_run.head_repository.description | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:16:19:16:78 | github.event.workflow_run.head_repository.description | ${{ github.event.workflow_run.head_repository.description }} | | action1/action.yml:14:19:14:50 | github.event.comment.body | action1/action.yml:14:19:14:50 | github.event.comment.body | action1/action.yml:14:19:14:50 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | action1/action.yml:14:19:14:50 | github.event.comment.body | ${{ github.event.comment.body }} |