From 2a1226c37a65cd5fab9b400845da5bbe692669bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Tue, 2 Apr 2024 12:54:42 +0200 Subject: [PATCH] Add workflow_dispatch to the triggers for artifact poisoning --- ql/src/Security/CWE-829/ArtifactPoisoning.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/src/Security/CWE-829/ArtifactPoisoning.ql b/ql/src/Security/CWE-829/ArtifactPoisoning.ql index 5b0c4fc4e69..348b6bbdf08 100644 --- a/ql/src/Security/CWE-829/ArtifactPoisoning.ql +++ b/ql/src/Security/CWE-829/ArtifactPoisoning.ql @@ -16,7 +16,7 @@ import codeql.actions.security.ArtifactPoisoningQuery from LocalJob job, ArtifactDownloadStep download, Step run where - job.getWorkflow().getATriggerEvent() = "workflow_run" and + job.getWorkflow().getATriggerEvent() = ["workflow_run", "workflow_dispatch"] and (run instanceof Run or run instanceof UsesStep) and exists(int i, int j | job.getStep(i) = download and