hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

tests: Organize tests

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-07-12 10:14:39 +02:00
parent c5d31ce08c
commit 29d2b287c9
19 changed files with 318 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll
View File

@@ -254,6 +254,8 @@ class ArtifactPoisoningSink extends DataFlow::Node {
poisonable.(UsesStep) = this.asExpr()
) and
(
// Check if the poisonable step is a local script execution step
// and the path of the command or script matches the path of the downloaded artifact
not poisonable instanceof LocalScriptExecutionRunStep or
poisonable
.(LocalScriptExecutionRunStep)

10
ql/lib/ext/manual/lots0logs_gh-action-get-changed-files.model.yml Normal file
View File

@@ -0,0 +1,10 @@
extensions:
- addsTo:
pack: github/actions-all
extensible: actionsSourceModel
data:
- ["lots0logs/gh-action-get-changed-files", "*", "output.all", "PR changed files", "manual"]
- ["lots0logs/gh-action-get-changed-files", "*", "output.added", "PR changed files", "manual"]
- ["lots0logs/gh-action-get-changed-files", "*", "output.modified", "PR changed files", "manual"]
- ["lots0logs/gh-action-get-changed-files", "*", "output.renamed", "PR changed files", "manual"]

3
ql/test/library-tests/poisonable_steps.expected
View File

@@ -27,4 +27,5 @@
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |

247
ql/test/library-tests/test.expected
View File

@@ -6,20 +6,20 @@ files
workflows
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/test.yml:1:1:40:53 | on: push |
reusableWorkflows
compositeActions
jobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
localJobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
extJobs
@@ -74,7 +74,8 @@ steps
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
@@ -131,7 +132,8 @@ runSteps
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | sed -f ./config.sed file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | ./foo/cmd |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | echo ${{needs.job1.outputs.job_output}} |
@@ -224,7 +226,8 @@ runStepChildren
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step | .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:26:13:26:23 | simplesink1 |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:28:13:28:23 | simplesink2 |
@@ -377,138 +380,142 @@ parentNodes
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
| .github/workflows/poisonable_steps.yml:11:53:11:75 | github.workspace | .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n |
| .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step |
| .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step |
| .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step |
| .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step |
| .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step |
| .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step |
| .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step |
| .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step |
| .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step |
| .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step |
| .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step |
| .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step |
| .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step |
| .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step |
| .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step |
| .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step |
| .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step |
| .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step |
| .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step |
| .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step |
| .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step |
| .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step |
| .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step |
| .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step |
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:5:1:8 | push |
@@ -665,11 +672,11 @@ cfgNodes
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | enter on: push |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | exit on: push |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | exit on: push (normal) |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | enter on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | exit on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | exit on: push (normal) |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
@@ -728,8 +735,10 @@ cfgNodes
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/test.yml:1:1:40:53 | enter on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push (normal) |
@@ -808,7 +817,7 @@ dfNodes
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
@@ -867,8 +876,10 @@ dfNodes
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value |
@@ -949,7 +960,7 @@ nodeLocations
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:79:14:84:29 | .github/workflows/multiline.yml@79:14:84:29 |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step | .github/workflows/multiline.yml:85:9:89:29 | .github/workflows/multiline.yml@85:9:89:29 |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:86:14:89:29 | .github/workflows/multiline.yml@86:14:89:29 |
| .github/workflows/poisonable_steps.yml:5:5:40:74 | Job: local_commands | .github/workflows/poisonable_steps.yml:5:5:40:74 | .github/workflows/poisonable_steps.yml@5:5:40:74 |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands | .github/workflows/poisonable_steps.yml:5:5:41:23 | .github/workflows/poisonable_steps.yml@5:5:41:23 |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:7:9:8:6 | .github/workflows/poisonable_steps.yml@7:9:8:6 |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:7:14:7:30 | .github/workflows/poisonable_steps.yml@7:14:7:30 |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:8:9:13:6 | .github/workflows/poisonable_steps.yml@8:9:13:6 |
@@ -1008,8 +1019,10 @@ nodeLocations
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:38:14:38:45 | .github/workflows/poisonable_steps.yml@38:14:38:45 |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:39:9:40:6 | .github/workflows/poisonable_steps.yml@39:9:40:6 |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:39:14:39:55 | .github/workflows/poisonable_steps.yml@39:14:39:55 |
| .github/workflows/poisonable_steps.yml:40:9:40:74 | Run Step | .github/workflows/poisonable_steps.yml:40:9:40:74 | .github/workflows/poisonable_steps.yml@40:9:40:74 |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:40:9:41:6 | .github/workflows/poisonable_steps.yml@40:9:41:6 |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:40:14:40:73 | .github/workflows/poisonable_steps.yml@40:14:40:73 |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:41:9:41:23 | .github/workflows/poisonable_steps.yml@41:9:41:23 |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:41:14:41:22 | .github/workflows/poisonable_steps.yml@41:14:41:22 |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 | .github/workflows/test.yml:5:5:31:2 | .github/workflows/test.yml@5:5:31:2 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:8:7:10:4 | .github/workflows/test.yml@8:7:10:4 |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value | .github/workflows/test.yml:8:20:8:50 | .github/workflows/test.yml@8:20:8:50 |
@@ -1030,7 +1043,7 @@ nodeLocations
scopes
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/poisonable_steps.yml:1:1:40:74 | on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/test.yml:1:1:40:53 | on: push |
sources
| ahmadnassri/action-changed-files | * | output.files | filename | manual |
@@ -1052,6 +1065,10 @@ sources
| jitterbit/get-changed-files | * | output.removed | filename | manual |
| jitterbit/get-changed-files | * | output.renamed | filename | manual |
| khan/pull-request-comment-trigger | * | output.comment_body | text | manual |
| lots0logs/gh-action-get-changed-files | * | output.added | PR changed files | manual |
| lots0logs/gh-action-get-changed-files | * | output.all | PR changed files | manual |
| lots0logs/gh-action-get-changed-files | * | output.modified | PR changed files | manual |
| lots0logs/gh-action-get-changed-files | * | output.renamed | PR changed files | manual |
| marocchino/on_artifact | * | output.* | artifact | manual |
| peter-murray/issue-body-parser-action | * | output.* | text | manual |
| potiuk/get-workflow-origin | * | output.sourceHeadBranch | branch | manual |

61
ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning1.yml vendored
View File

@@ -21,69 +21,8 @@ jobs:
id: pr
run: echo "::set-output name=id::$(<pr-id.txt)"
- name: download dist artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
workflow_conclusion: success
name: dist
- name: upload surge service
id: deploy
run: |
export DEPLOY_DOMAIN=https://ant-design-pro-preview-pr-${{ steps.pr.outputs.id }}.surge.sh
npx surge --project ./ --domain $DEPLOY_DOMAIN --token ${{ secrets.SURGE_TOKEN }}
- name: update status comment
uses: actions-cool/maintain-one-comment@v1.2.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
body: |
🎊 PR Preview has been successfully built and deployed to https://ant-design-pro-preview-pr-${{ steps.pr.outputs.id }}.surge.sh
<img width="300" src="https://user-images.githubusercontent.com/507615/90250366-88233900-de6e-11ea-95a5-84f0762ffd39.png">
<!-- Sticky Pull Request Comment -->
body-include: '<!-- Sticky Pull Request Comment -->'
number: ${{ steps.pr.outputs.id }}
- name: The job failed
if: ${{ failure() }}
uses: actions-cool/maintain-one-comment@v1.2.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
body: |
😭 Deploy PR Preview failed.
<img width="300" src="https://user-images.githubusercontent.com/507615/90250824-4e066700-de6f-11ea-8230-600ecc3d6a6b.png">
<!-- Sticky Pull Request Comment -->
body-include: '<!-- Sticky Pull Request Comment -->'
number: ${{ steps.pr.outputs.id }}
failed:
runs-on: ubuntu-latest
if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'failure'
steps:
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
name: pr
- name: save PR id
id: pr
run: echo "::set-output name=id::$(<pr-id.txt)"
- name: The job failed
uses: actions-cool/maintain-one-comment@v1.2.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
body: |
😭 Deploy PR Preview failed.
<img width="300" src="https://user-images.githubusercontent.com/507615/90250824-4e066700-de6f-11ea-8230-600ecc3d6a6b.png">
<!-- Sticky Pull Request Comment -->
body-include: '<!-- Sticky Pull Request Comment -->'
number: ${{ steps.pr.outputs.id }}

0
ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning61.yml → ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning3.yml vendored
View File

0
ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning7.yml → ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning4.yml vendored
View File

23
ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning5.yml vendored Normal file
View File

@@ -0,0 +1,23 @@
# It consumes an artifact produced by the First Workflow
on: workflow_run
jobs:
my-second-job:
runs-on: ubuntu-latest
steps:
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{github.event.workflow_run.workflow_id}}
run_id: ${{github.event.workflow_run.id}}
name: artifact
# Save PR id to output
- name: Save artifact data
id: artifact
uses: juliangruber/read-file-action@v1
with:
path: ./artifact.txt
- name: Use artifact
run: echo ${{ steps.artifact.outputs.contents }}

30
ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning6.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
# It consumes an artifact produced by the First Workflow
on: workflow_run
jobs:
my-second-job:
runs-on: ubuntu-latest
steps:
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{github.event.workflow_run.workflow_id}}
run_id: ${{github.event.workflow_run.id}}
name: artifact
- id: artifact
run: |
echo "::set-output name=pr_number::$(<artifact.txt)"
mkdir firebase-android
unzip firebase-android.zip -d firebase-android
- name: Use artifact
run: echo ${{ steps.artifact.outputs.pr_number }}
- id: artifact2
run: |
echo "::set-output name=pr_number::$(cat -e artifact.txt)"
mkdir firebase-android
unzip firebase-android.zip -d firebase-android
- name: Use artifact
run: echo ${{ steps.artifact2.outputs.pr_number }}

24
ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning7.yml vendored
View File

@@ -1,9 +1,9 @@
# Second Workflow
# It consumes an artifact produced by the First Workflow
on: workflow_run
jobs:
my-second-job:
runs-on: ubuntu-latest
steps:
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
@@ -12,10 +12,20 @@ jobs:
run_id: ${{github.event.workflow_run.id}}
name: artifact
# Save PR id to output
- name: Save artifact data
id: artifact
run: echo "::set-output name=id::$(<artifact.txt)"
- id: artifact
run: |
set -eou pipefail
pr_number=$(cat -e artifact.txt)
pr_number=${pr_number%?}
pr_length=${#pr_number}
only_numbers_re="^[0-9]+$"
if ! [[ $pr_length <= 10 && $pr_number =~ $only_numbers_re ]] ; then
echo "invalid PR number"
exit 1
fi
echo "::set-output name=pr_number::$pr_number"
mkdir firebase-android
unzip firebase-android.zip -d firebase-android
- name: Use artifact
run: echo ${{ steps.artifact.outputs.id }}
run: echo ${{ steps.artifact.outputs.pr_number }}

22
ql/test/query-tests/Security/CWE-094/.github/workflows/artifactpoisoning8.yml vendored Normal file
View File

@@ -0,0 +1,22 @@
# Second Workflow
# It consumes an artifact produced by the First Workflow
on: workflow_run
jobs:
my-second-job:
runs-on: ubuntu-latest
steps:
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{github.event.workflow_run.workflow_id}}
run_id: ${{github.event.workflow_run.id}}
name: artifact
# Save PR id to output
- name: Save artifact data
id: artifact
run: echo "::set-output name=id::$(<artifact.txt)"
- name: Use artifact
run: echo ${{ steps.artifact.outputs.id }}

45
ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
View File

@@ -3,12 +3,21 @@ edges
| .github/workflows/argus_case_study.yml:17:25:17:53 | github.event.issue.title | .github/workflows/argus_case_study.yml:22:20:22:39 | env.ISSUE_TITLE | provenance | |
| .github/workflows/argus_case_study.yml:22:20:22:39 | env.ISSUE_TITLE | .github/workflows/argus_case_study.yml:15:9:24:6 | Uses Step: remove_quotations [replaced] | provenance | |
| .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | provenance | |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | provenance | |
| .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance | |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance | |
| .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | provenance | |
| .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | provenance | |
| .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | provenance | |
| .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | provenance | |
| .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/changed-files.yml:15:9:18:6 | Uses Step: changed-files1 | .github/workflows/changed-files.yml:20:24:20:76 | steps.changed-files1.outputs.all_changed_files | provenance | |
| .github/workflows/changed-files.yml:33:9:38:6 | Uses Step: changed-files3 | .github/workflows/changed-files.yml:40:24:40:76 | steps.changed-files3.outputs.all_changed_files | provenance | |
| .github/workflows/changed-files.yml:53:9:56:6 | Uses Step: changed-files5 | .github/workflows/changed-files.yml:58:24:58:76 | steps.changed-files5.outputs.all_changed_files | provenance | |
@@ -101,13 +110,24 @@ nodes
| .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | semmle.label | Run Step: pr [id] |
| .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | semmle.label | echo "::set-output name=id::$(<pr-id.txt)" |
| .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | semmle.label | Uses Step: pr |
| .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | semmle.label | Run Step: artifact [pr_number] |
| .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |
| .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | semmle.label | steps.artifact.outputs.pr_number |
| .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | semmle.label | Run Step: artifact2 [pr_number] |
| .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |
| .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | semmle.label | steps.artifact2.outputs.pr_number |
| .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/changed-files.yml:15:9:18:6 | Uses Step: changed-files1 | semmle.label | Uses Step: changed-files1 |
| .github/workflows/changed-files.yml:20:24:20:76 | steps.changed-files1.outputs.all_changed_files | semmle.label | steps.changed-files1.outputs.all_changed_files |
| .github/workflows/changed-files.yml:33:9:38:6 | Uses Step: changed-files3 | semmle.label | Uses Step: changed-files3 |
@@ -310,9 +330,12 @@ subpaths
| .github/actions/action1/action.yml:7:19:7:55 | github.event.pull_request.body | .github/actions/action1/action.yml:7:19:7:55 | github.event.pull_request.body | .github/actions/action1/action.yml:7:19:7:55 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/actions/action1/action.yml:7:19:7:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} |
| .github/actions/action5/action.yml:16:19:16:55 | github.event.pull_request.body | .github/actions/action5/action.yml:16:19:16:55 | github.event.pull_request.body | .github/actions/action5/action.yml:16:19:16:55 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/actions/action5/action.yml:16:19:16:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} |
| .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | .github/workflows/argus_case_study.yml:17:25:17:53 | github.event.issue.title | .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/argus_case_study.yml:27:33:27:77 | steps.remove_quotations.outputs.replaced | ${{steps.remove_quotations.outputs.replaced}} |
| .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | ${{ steps.pr.outputs.id }} |
| .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | ${{ steps.pr.outputs.id }} |
| .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | ${{ steps.pr.outputs.id }} |
| .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | ${{ steps.artifact.outputs.id }} |
| .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | ${{ steps.artifact.outputs.id }} |
| .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | ${{ steps.artifact.outputs.pr_number }} |
| .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | ${{ steps.artifact2.outputs.pr_number }} |
| .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | ${{ steps.artifact.outputs.id }} |
| .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:9:15:9:46 | github.event.comment.body | ${{ github.event.comment.body }} |
| .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:15:19:15:50 | github.event.comment.body | ${{ github.event.comment.body }} |
| .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/comment_issue.yml:16:19:16:48 | github.event.issue.body | ${{ github.event.issue.body }} |

38
ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
View File

@@ -3,12 +3,21 @@ edges
| .github/workflows/argus_case_study.yml:17:25:17:53 | github.event.issue.title | .github/workflows/argus_case_study.yml:22:20:22:39 | env.ISSUE_TITLE | provenance | |
| .github/workflows/argus_case_study.yml:22:20:22:39 | env.ISSUE_TITLE | .github/workflows/argus_case_study.yml:15:9:24:6 | Uses Step: remove_quotations [replaced] | provenance | |
| .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | provenance | |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | provenance | |
| .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | provenance | |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance | |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | provenance | |
| .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | provenance | |
| .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | provenance | |
| .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | provenance | |
| .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | provenance | |
| .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | provenance | |
| .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | provenance | |
| .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | provenance | |
| .github/workflows/changed-files.yml:15:9:18:6 | Uses Step: changed-files1 | .github/workflows/changed-files.yml:20:24:20:76 | steps.changed-files1.outputs.all_changed_files | provenance | |
| .github/workflows/changed-files.yml:33:9:38:6 | Uses Step: changed-files3 | .github/workflows/changed-files.yml:40:24:40:76 | steps.changed-files3.outputs.all_changed_files | provenance | |
| .github/workflows/changed-files.yml:53:9:56:6 | Uses Step: changed-files5 | .github/workflows/changed-files.yml:58:24:58:76 | steps.changed-files5.outputs.all_changed_files | provenance | |
@@ -101,13 +110,24 @@ nodes
| .github/workflows/artifactpoisoning1.yml:14:9:20:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning1.yml:20:9:24:6 | Run Step: pr [id] | semmle.label | Run Step: pr [id] |
| .github/workflows/artifactpoisoning1.yml:22:14:22:55 | echo "::set-output name=id::$(<pr-id.txt)" | semmle.label | echo "::set-output name=id::$(<pr-id.txt)" |
| .github/workflows/artifactpoisoning1.yml:34:67:34:92 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning1.yml:27:67:27:92 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning2.yml:13:9:19:6 | Uses Step: pr | semmle.label | Uses Step: pr |
| .github/workflows/artifactpoisoning2.yml:22:17:22:42 | steps.pr.outputs.id | semmle.label | steps.pr.outputs.id |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning7.yml:18:14:18:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning7.yml:21:20:21:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/artifactpoisoning4.yml:9:9:17:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning4.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning4.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning4.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/artifactpoisoning6.yml:8:9:15:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning6.yml:15:9:20:6 | Run Step: artifact [pr_number] | semmle.label | Run Step: artifact [pr_number] |
| .github/workflows/artifactpoisoning6.yml:16:14:19:57 | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(<artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |
| .github/workflows/artifactpoisoning6.yml:21:20:21:58 | steps.artifact.outputs.pr_number | semmle.label | steps.artifact.outputs.pr_number |
| .github/workflows/artifactpoisoning6.yml:23:9:28:6 | Run Step: artifact2 [pr_number] | semmle.label | Run Step: artifact2 [pr_number] |
| .github/workflows/artifactpoisoning6.yml:24:14:27:57 | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n | semmle.label | echo "::set-output name=pr_number::$(cat -e artifact.txt)"\nmkdir firebase-android\nunzip firebase-android.zip -d firebase-android\n |
| .github/workflows/artifactpoisoning6.yml:29:20:29:59 | steps.artifact2.outputs.pr_number | semmle.label | steps.artifact2.outputs.pr_number |
| .github/workflows/artifactpoisoning8.yml:9:9:17:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning8.yml:17:9:21:6 | Run Step: artifact [id] | semmle.label | Run Step: artifact [id] |
| .github/workflows/artifactpoisoning8.yml:19:14:19:58 | echo "::set-output name=id::$(<artifact.txt)" | semmle.label | echo "::set-output name=id::$(<artifact.txt)" |
| .github/workflows/artifactpoisoning8.yml:22:20:22:51 | steps.artifact.outputs.id | semmle.label | steps.artifact.outputs.id |
| .github/workflows/changed-files.yml:15:9:18:6 | Uses Step: changed-files1 | semmle.label | Uses Step: changed-files1 |
| .github/workflows/changed-files.yml:20:24:20:76 | steps.changed-files1.outputs.all_changed_files | semmle.label | steps.changed-files1.outputs.all_changed_files |
| .github/workflows/changed-files.yml:33:9:38:6 | Uses Step: changed-files3 | semmle.label | Uses Step: changed-files3 |

2
ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning12.yml vendored
View File

@@ -35,6 +35,6 @@ jobs:
ls -a sonarcloud-data
- name: Run command
run:
./x.py build -j$(nproc) --compiler gcc --skip-build
python foo/x.py

0
ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning8.yml → ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoisoning71.yml vendored
View File

14
ql/test/query-tests/Security/CWE-829/ArtifactPoisoningCritical.expected
View File

@@ -1,7 +1,6 @@
edges
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | provenance | |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | provenance | |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | provenance | |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | provenance | |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | provenance | |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | provenance | |
@@ -13,13 +12,12 @@ edges
| .github/workflows/artifactpoisoning51.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning51.yml:19:14:20:57 | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n | provenance | |
| .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | provenance | |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | provenance | |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | |
nodes
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | semmle.label | python foo/x.py |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | semmle.label | sh foo/cmd\n |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | semmle.label | Uses Step |
@@ -42,11 +40,12 @@ nodes
| .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | semmle.label | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | semmle.label | Run Step |
| .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
subpaths
#select
| .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | sed -f config foo.md > bar.md\n |
| .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | ./x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | python foo/x.py |
| .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | sh foo/cmd\n |
| .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | sh cmd |
| .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | ./foo/cmd |
@@ -58,3 +57,4 @@ subpaths
| .github/workflows/artifactpoisoning51.yml:19:14:20:57 | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n | .github/workflows/artifactpoisoning51.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning51.yml:19:14:20:57 | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning51.yml:19:14:20:57 | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n |
| .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | Potential artifact poisoning in $@, which may be controlled by an external user. | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | sed -f config foo.md > bar.md\n |

10
ql/test/query-tests/Security/CWE-829/ArtifactPoisoningMedium.expected
View File

@@ -1,7 +1,6 @@
edges
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | provenance | |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | provenance | |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | provenance | |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | provenance | |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | provenance | |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | provenance | |
@@ -13,13 +12,12 @@ edges
| .github/workflows/artifactpoisoning51.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning51.yml:19:14:20:57 | echo "pr_number=$(cat foo/bar)" >> $GITHUB_ENV\n | provenance | |
| .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | provenance | |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | provenance | |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | provenance | |
nodes
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning8.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning12.yml:38:11:38:61 | ./x.py build -j$(nproc) --compiler gcc --skip-build | semmle.label | ./x.py build -j$(nproc) --compiler gcc --skip-build |
| .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | semmle.label | python foo/x.py |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | semmle.label | sh foo/cmd\n |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | semmle.label | Uses Step |
@@ -42,5 +40,7 @@ nodes
| .github/workflows/artifactpoisoning52.yml:19:14:23:40 | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n | semmle.label | echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"\nls \| grep -E "*.(tar.gz\|zip)$" >> "${GITHUB_ENV}"\nls \| grep -E "*.(txt\|md)$" >> "${GITHUB_ENV}"\necho "EOF" >> "${GITHUB_ENV}"\n |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | semmle.label | Run Step |
| .github/workflows/artifactpoisoning53.yml:18:14:23:29 | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n | semmle.label | {\n echo 'JSON_RESPONSE<<EOF'\n ls \| grep -E "*.(tar.gz\|zip)$"\n echo EOF\n} >> "$GITHUB_ENV"\n |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | semmle.label | Uses Step |
| .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | semmle.label | sed -f config foo.md > bar.md\n |
subpaths
#select

3
ql/test/query-tests/Security/CWE-829/UnpinnedActionsTag.expected
View File

@@ -1,9 +1,8 @@
| .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step | Unpinned 3rd party Action 'actor_trusted_checkout.yml' step $@ uses 'completely/fakeaction' with ref '2', not a pinned commit hash | .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step | Unpinned 3rd party Action 'actor_trusted_checkout.yml' step $@ uses 'fakerepo/comment-on-pr' with ref '1', not a pinned commit hash | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step | Uses Step |
| .github/workflows/artifactpoisoning7.yml:9:9:17:6 | Uses Step | Unpinned 3rd party Action 'artifactpoisoning7.yml' step $@ uses 'dawidd6/action-download-artifact' with ref '2', not a pinned commit hash | .github/workflows/artifactpoisoning7.yml:9:9:17:6 | Uses Step | Uses Step |
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | Unpinned 3rd party Action 'artifactpoisoning8.yml' step $@ uses 'dawidd6/action-download-artifact' with ref '2', not a pinned commit hash | .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | Uses Step |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | Unpinned 3rd party Action 'Pull Request Open' step $@ uses 'dawidd6/action-download-artifact' with ref '2', not a pinned commit hash | .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | Uses Step |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | Unpinned 3rd party Action 'Pull Request Open' step $@ uses 'dawidd6/action-download-artifact' with ref '2', not a pinned commit hash | .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | Uses Step |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | Unpinned 3rd party Action 'artifactpoisoning71.yml' step $@ uses 'dawidd6/action-download-artifact' with ref '2', not a pinned commit hash | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | Uses Step |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | Unpinned 3rd party Action 'Python CI' step $@ uses 'codecov/codecov-action' with ref '3', not a pinned commit hash | .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | Uses Step |
| .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr | Unpinned 3rd party Action 'Python CI' step $@ uses 'peter-evans/create-pull-request' with ref '5', not a pinned commit hash | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step | Unpinned 3rd party Action 'Python CI' step $@ uses 'thollander/actions-comment-pull-request' with ref '2', not a pinned commit hash | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step | Uses Step |

12
ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected
View File

@@ -9,16 +9,12 @@ edges
| .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step | .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/artifactpoisoning7.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:17:9:21:6 | Run Step: artifact |
| .github/workflows/artifactpoisoning7.yml:9:9:17:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:21:9:22:52 | Run Step |
| .github/workflows/artifactpoisoning7.yml:17:9:21:6 | Run Step: artifact | .github/workflows/artifactpoisoning7.yml:21:9:22:52 | Run Step |
| .github/workflows/artifactpoisoning8.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning8.yml:16:9:18:40 | Run Step |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:32:9:36:6 | Run Step |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:36:9:38:78 | Run Step |
| .github/workflows/artifactpoisoning11.yml:32:9:36:6 | Run Step | .github/workflows/artifactpoisoning11.yml:36:9:38:78 | Run Step |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:32:9:36:6 | Run Step |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:36:9:38:62 | Run Step |
| .github/workflows/artifactpoisoning12.yml:32:9:36:6 | Run Step | .github/workflows/artifactpoisoning12.yml:36:9:38:62 | Run Step |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:36:9:38:26 | Run Step |
| .github/workflows/artifactpoisoning12.yml:32:9:36:6 | Run Step | .github/workflows/artifactpoisoning12.yml:36:9:38:26 | Run Step |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:18:9:20:21 | Run Step |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:17:9:18:20 | Run Step |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:15:9:18:6 | Run Step |
@@ -40,9 +36,7 @@ edges
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:9:23:29 | Run Step |
| .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:9:23:29 | Run Step |
| .github/workflows/artifactpoisoning61.yml:20:9:41:6 | Uses Step | .github/workflows/artifactpoisoning61.yml:41:9:53:6 | Run Step: prepare |
| .github/workflows/artifactpoisoning61.yml:20:9:41:6 | Uses Step | .github/workflows/artifactpoisoning61.yml:53:9:53:50 | Run Step |
| .github/workflows/artifactpoisoning61.yml:41:9:53:6 | Run Step: prepare | .github/workflows/artifactpoisoning61.yml:53:9:53:50 | Run Step |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:16:9:18:40 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:37:9:40:6 | Run Step |