hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove artifact source as a source of PR refs

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-12-09 17:32:09 +01:00
parent ef713ff13b
commit 3591db9e9c
1 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ql/lib/codeql/actions/security/UntrustedCheckoutQuery.qll
View File

@@ -15,8 +15,6 @@ private module ActionsMutableRefCheckoutConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
(
// remote flow sources
source instanceof ArtifactSource
or
source instanceof GitHubCtxSource
or
source instanceof GitHubEventCtxSource
@@ -245,10 +243,14 @@ class ActionsMutableRefCheckout extends MutableRefCheckoutStep instanceof UsesSt
exists(string value, Expression expr |
value.regexpMatch(".*(head|branch|ref).*") and expr = this.getArgumentExpr("ref")
|
expr.(StepsExpression).getStepId() = value or
expr.(SimpleReferenceExpression).getFieldName() = value or
expr.(NeedsExpression).getNeededJobId() = value or
expr.(JsonReferenceExpression).getAccessPath() = value or
expr.(StepsExpression).getStepId() = value
or
expr.(SimpleReferenceExpression).getFieldName() = value
or
expr.(NeedsExpression).getNeededJobId() = value
or
expr.(JsonReferenceExpression).getAccessPath() = value
or
expr.(JsonReferenceExpression).getInnerExpression() = value
)
)
@@ -275,10 +277,14 @@ class ActionsSHACheckout extends SHACheckoutStep instanceof UsesStep {
exists(string value, Expression expr |
value.regexpMatch(".*(head|sha|commit).*") and expr = this.getArgumentExpr("ref")
|
expr.(StepsExpression).getStepId() = value or
expr.(SimpleReferenceExpression).getFieldName() = value or
expr.(NeedsExpression).getNeededJobId() = value or
expr.(JsonReferenceExpression).getAccessPath() = value or
expr.(StepsExpression).getStepId() = value
or
expr.(SimpleReferenceExpression).getFieldName() = value
or
expr.(NeedsExpression).getNeededJobId() = value
or
expr.(JsonReferenceExpression).getAccessPath() = value
or
expr.(JsonReferenceExpression).getInnerExpression() = value
)
)