mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
feat(sources): Do not take triggers into consideration
This commit is contained in:
Alvaro Muñoz
@@ -313,48 +313,46 @@ scopes
|
||||
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
|
||||
| .github/workflows/test.yml:1:1:40:53 | on: push |
|
||||
sources
|
||||
| ahmadnassri/action-changed-files | * | output.files | pull_request_target | PR changed files |
|
||||
| ahmadnassri/action-changed-files | * | output.json | pull_request_target | PR changed files |
|
||||
| amannn/action-semantic-pull-request | * | output.error_message | pull_request_target | PR title |
|
||||
| cypress-io/github-action | * | env.GH_BRANCH | pull_request_target | PR branch |
|
||||
| dawidd6/action-download-artifact | * | output.artifacts | * | Artifact details |
|
||||
| dorny/paths-filter | * | output.changes | pull_request_target | PR changed files |
|
||||
| franzdiebold/github-env-vars-action | * | output.CI_PR_DESCRIPTION | pull_request_target | PR body |
|
||||
| franzdiebold/github-env-vars-action | * | output.CI_PR_TITLE | pull_request_target | PR title |
|
||||
| jitterbit/get-changed-files | * | output.added | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.added_modified | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.all | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.deleted | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.modified | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.removed | pull_request_target | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.renamed | pull_request_target | PR changed files |
|
||||
| khan/pull-request-comment-trigger | * | output.comment_body | issue_comment | |
|
||||
| khan/pull-request-comment-trigger | * | output.comment_body | pull_request_comment | |
|
||||
| octo-org/source-repo/.github/workflows/workflow.yml | * | output.workflow-output | * | Foo |
|
||||
| tj-actions/branch-names | * | output.current_branch | pull_request_target | PR current branch |
|
||||
| tj-actions/branch-names | * | output.head_ref_branch | pull_request_target | PR head branch |
|
||||
| tj-actions/branch-names | * | output.ref_branch | pull_request_target | Branch tirggering workflow run |
|
||||
| tj-actions/changed-files | * | output.added_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_changed_and_modified_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_changed_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_modified_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_old_new_renamed_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.changed_keys | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.copied_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.deleted_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.modified_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.modified_keys | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_changed_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_deleted_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_modified_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.renamed_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.type_changed_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.unknown_files | pull_request_target | PR changed files |
|
||||
| tj-actions/changed-files | * | output.unmerged_files | pull_request_target | PR changed files |
|
||||
| tj-actions/verify-changed-files | * | output.changed-files | pull_request_target | PR changed files |
|
||||
| tzkhan/pr-update-action | * | output.headMatch | pull_request_target | |
|
||||
| xt0rted/slash-command-action | * | output.command-arguments | issue_comment | |
|
||||
| xt0rted/slash-command-action | * | output.command-arguments | pull_request_comment | |
|
||||
| ahmadnassri/action-changed-files | * | output.files | PR changed files |
|
||||
| ahmadnassri/action-changed-files | * | output.json | PR changed files |
|
||||
| amannn/action-semantic-pull-request | * | output.error_message | PR title |
|
||||
| cypress-io/github-action | * | env.GH_BRANCH | PR branch |
|
||||
| dawidd6/action-download-artifact | * | output.artifacts | Artifact details |
|
||||
| dorny/paths-filter | * | output.changes | PR changed files |
|
||||
| franzdiebold/github-env-vars-action | * | output.CI_PR_DESCRIPTION | PR body |
|
||||
| franzdiebold/github-env-vars-action | * | output.CI_PR_TITLE | PR title |
|
||||
| jitterbit/get-changed-files | * | output.added | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.added_modified | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.all | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.deleted | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.modified | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.removed | PR changed files |
|
||||
| jitterbit/get-changed-files | * | output.renamed | PR changed files |
|
||||
| khan/pull-request-comment-trigger | * | output.comment_body | Comment body |
|
||||
| octo-org/source-repo/.github/workflows/workflow.yml | * | output.workflow-output | Foo |
|
||||
| tj-actions/branch-names | * | output.current_branch | PR current branch |
|
||||
| tj-actions/branch-names | * | output.head_ref_branch | PR head branch |
|
||||
| tj-actions/branch-names | * | output.ref_branch | Branch tirggering workflow run |
|
||||
| tj-actions/changed-files | * | output.added_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_changed_and_modified_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_changed_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_modified_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.all_old_new_renamed_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.changed_keys | PR changed files |
|
||||
| tj-actions/changed-files | * | output.copied_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.deleted_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.modified_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.modified_keys | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_changed_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_deleted_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.other_modified_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.renamed_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.type_changed_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.unknown_files | PR changed files |
|
||||
| tj-actions/changed-files | * | output.unmerged_files | PR changed files |
|
||||
| tj-actions/verify-changed-files | * | output.changed-files | PR changed files |
|
||||
| tzkhan/pr-update-action | * | output.headMatch | |
|
||||
| xt0rted/slash-command-action | * | output.command-arguments | |
|
||||
summaries
|
||||
| akhileshns/heroku-deploy | * | input.branch | output.status | taint |
|
||||
| android-actions/setup-android | * | input.cmdline-tools-version | output.ANDROID_COMMANDLINE_TOOLS_VERSION | taint |
|
||||
|
||||
@@ -49,8 +49,8 @@ query predicate nodeLocations(DataFlow::Node n, Location l) { n.getLocation() =
|
||||
|
||||
query predicate scopes(Cfg::CfgScope c) { any() }
|
||||
|
||||
query predicate sources(string action, string version, string output, string trigger, string kind) {
|
||||
sourceModel(action, version, output, trigger, kind)
|
||||
query predicate sources(string action, string version, string output, string kind) {
|
||||
sourceModel(action, version, output, kind)
|
||||
}
|
||||
|
||||
query predicate summaries(string action, string version, string input, string output, string kind) {
|
||||
|
||||
@@ -4,8 +4,8 @@ jobs:
|
||||
echo-chamber:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- run: echo '${{ github.event.issue.title }}' # not defined
|
||||
- run: echo '${{ github.event.issue.body }}' # not defined
|
||||
- run: echo '${{ github.event.issue.title }}' # not defined for this trigger, but we will still report it
|
||||
- run: echo '${{ github.event.issue.body }}' # not defined for this trigger, but we will still report it
|
||||
- run: echo '${{ github.event.pull_request.title }}'
|
||||
- run: echo '${{ github.event.pull_request.body }}'
|
||||
- run: echo '${{ github.event.pull_request.head.label }}'
|
||||
|
||||
@@ -230,6 +230,10 @@ subpaths
|
||||
| .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:9:19:9:56 | github.event.pages[0].page_name | ${{ github.event.pages[0].page_name }} |
|
||||
| .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/gollum.yml:10:19:10:59 | github.event.pages[2222].page_name | ${{ github.event.pages[2222].page_name }} |
|
||||
| .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | .github/workflows/image_link_generator.yml:18:18:18:49 | github.event.comment.body | .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/image_link_generator.yml:37:85:37:125 | steps.trim-url.outputs.trimmed_url | ${{ steps.trim-url.outputs.trimmed_url }} |
|
||||
| .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | .github/workflows/inter-job0.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job0.yml:43:20:43:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
|
||||
| .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | .github/workflows/inter-job1.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job1.yml:43:20:43:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
|
||||
| .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job2.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
|
||||
| .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | .github/workflows/inter-job4.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
|
||||
| .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:13:19:13:49 | github.event.issue.title | ${{ github.event.issue.title }} |
|
||||
| .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:14:19:14:48 | github.event.issue.body | ${{ github.event.issue.body }} |
|
||||
| .github/workflows/issues.yaml:15:19:15:39 | env.global_env | .github/workflows/issues.yaml:4:16:4:46 | github.event.issue.title | .github/workflows/issues.yaml:15:19:15:39 | env.global_env | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/issues.yaml:15:19:15:39 | env.global_env | ${{ env.global_env }} |
|
||||
@@ -253,6 +257,8 @@ subpaths
|
||||
| .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:12:19:12:69 | github.event.pull_request.head.repo.homepage | ${{ github.event.pull_request.head.repo.homepage }} |
|
||||
| .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:13:19:13:59 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
|
||||
| .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_review_comment.yml:14:19:14:50 | github.event.comment.body | ${{ github.event.comment.body }} |
|
||||
| .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:7:19:7:49 | github.event.issue.title | ${{ github.event.issue.title }} |
|
||||
| .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:8:19:8:48 | github.event.issue.body | ${{ github.event.issue.body }} |
|
||||
| .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:9:19:9:56 | github.event.pull_request.title | ${{ github.event.pull_request.title }} |
|
||||
| .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:10:19:10:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} |
|
||||
| .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/pull_request_target.yml:11:19:11:61 | github.event.pull_request.head.label | ${{ github.event.pull_request.head.label }} |
|
||||
@@ -271,6 +277,8 @@ subpaths
|
||||
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
|
||||
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
|
||||
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
|
||||
| .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | .github/workflows/self_needs.yml:16:20:16:64 | github.event['head_commit']['message'] | .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/self_needs.yml:19:15:19:47 | steps.source.outputs.value | ${{ steps.source.outputs.value }} |
|
||||
| .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | .github/workflows/self_needs.yml:16:20:16:64 | github.event['head_commit']['message'] | .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/self_needs.yml:20:15:20:51 | needs.test1.outputs.job_output | ${{ needs.test1.outputs.job_output }} |
|
||||
| .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | .github/workflows/simple1.yml:11:20:11:58 | github.event.head_commit.message | .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/simple1.yml:16:18:16:49 | steps.summary.outputs.value | ${{steps.summary.outputs.value}} |
|
||||
| .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | .github/workflows/simple2.yml:14:9:18:6 | Uses Step: source | .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/simple2.yml:29:24:29:54 | steps.step.outputs.value | ${{ steps.step.outputs.value }} |
|
||||
| .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | .github/workflows/test.yml:15:20:15:64 | github.event['head_commit']['message'] | .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | Potential privileged code injection in $@, which may be controlled by an external user. | .github/workflows/test.yml:37:20:37:56 | needs.job1.outputs['job_output'] | ${{needs.job1.outputs['job_output']}} |
|
||||
|
||||
Reference in New Issue
Block a user