hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

set js/actions/injection as a high precision warning query

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-05-03 13:13:54 +02:00
parent 2a65d1d3ec
commit 48fb01f9f7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
View File

@@ -3,7 +3,7 @@
* @description Using user-controlled GitHub Actions contexts like `run:` or `script:` may allow a malicious
* user to inject code into the GitHub action.
* @kind problem
* @problem.severity error
* @problem.severity warning
* @precision high
* @id js/actions/injection
* @tags actions