hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19127 from github/marcogario/untrusted_checkout_name

Browse Source 
UntrustedCheckout: Try and differentiate between two versions of the query
This commit is contained in:
Marco Gario
2025-04-01 10:56:36 +02:00
committed by GitHub
parent 1ebce01c95 70150eea9a
commit 3652d6f258
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Checkout of untrusted code in trusted context
* @name Checkout of untrusted code in a priviledged context
* @description Privileged workflows have read/write access to the base repository and access to secrets.
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
* that is able to push to the base repository and to access secrets.