hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #67 from github/bash_script_parsing

Browse Source 
feat(bash): Improve bash command parsing
This commit is contained in:
Alvaro Muñoz
2024-08-02 12:46:04 +02:00
committed by GitHub
parent c4d70e66e1 41fade5feb
commit 4d7c985027
8 changed files with 167 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/lib/codeql/actions/ast/internal/Ast.qll
View File

@@ -1243,7 +1243,7 @@ class RunImpl extends StepImpl {
RunImpl() { this.getNode().lookup("run") = script }
string getScript() { result = script.getValue() }
string getScript() { result = script.getValue().regexpReplaceAll("\\\\\\s*\n", "") }
ScalarValueImpl getScriptScalar() { result = TScalarValueNode(script) }

2
ql/lib/codeql/actions/config/Config.qll
View File

@@ -92,7 +92,7 @@ predicate argumentInjectionSinksDataModel(string regexp, int command_group, int
exists(string sub_regexp |
Extensions::argumentInjectionSinksDataModel(sub_regexp, command_group, argument_group) and
// capture regexp
regexp = ".*" + commandPrefixDelimiter() + sub_regexp + commandSuffixDelimiter() + ".*"
regexp = ".*" + commandPrefixDelimiter() + sub_regexp // + commandSuffixDelimiter() + ".*"
)
}

5
ql/test/library-tests/.github/workflows/poisonable_steps.yml vendored
View File

@@ -39,3 +39,8 @@ jobs:
- run: echo "foo" | awk -f ./config.awk > foo.txt
- run: gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo
- run: ./foo/cmd
- run: |
sed -e 's#<branch_to_sync>#TITLE#' \
-e 's#<sot_repo>#${{ env.sot_repo }}#' \
-e 's#<destination_repo>#${TITLE}#' \
.github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky

2
ql/test/library-tests/poisonable_steps.expected
View File

@@ -30,4 +30,4 @@
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step |

254
ql/test/library-tests/test.expected
View File

@@ -8,7 +8,7 @@ workflows
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline2.yml:1:1:89:35 | on: |
| .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/test.yml:1:1:40:53 | on: push |
reusableWorkflows
compositeActions
@@ -16,14 +16,14 @@ jobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline2.yml:9:5:89:35 | Job: Test |
| .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
localJobs
| .github/workflows/expression_nodes.yml:5:5:21:47 | Job: echo-chamber |
| .github/workflows/multiline2.yml:9:5:89:35 | Job: Test |
| .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:32:5:40:53 | Job: job2 |
extJobs
@@ -94,7 +94,8 @@ steps
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step |
| .github/workflows/test.yml:11:9:15:6 | Uses Step |
| .github/workflows/test.yml:15:9:19:6 | Uses Step: source |
| .github/workflows/test.yml:19:9:26:6 | Uses Step: step |
@@ -167,7 +168,8 @@ runSteps
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step | sed -e 's#<branch_to_sync>#TITLE#' -e 's#<sot_repo>#${{ env.sot_repo }}#' -e 's#<destination_repo>#${TITLE}#' .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | echo ${{needs.job1.outputs.job_output}} |
@@ -185,6 +187,7 @@ runExprs
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | .github/workflows/expression_nodes.yml:20:14:21:46 | github.event.issue.body |
| .github/workflows/multiline2.yml:30:9:34:6 | Run Step | .github/workflows/multiline2.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/multiline.yml:30:9:34:6 | Run Step | .github/workflows/multiline.yml:32:13:32:39 | toJson(github.event) |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step | .github/workflows/poisonable_steps.yml:44:32:44:50 | env.sot_repo |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:27:20:27:64 | steps.source.outputs.all_changed_files |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:29:15:29:55 | github.event.pull_request.head.ref |
| .github/workflows/test.yml:39:9:40:53 | Run Step: sink | .github/workflows/test.yml:40:20:40:53 | needs.job1.outputs.job_output |
@@ -287,7 +290,8 @@ runStepChildren
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step | .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step | .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:26:13:26:23 | simplesink1 |
| .github/workflows/test.yml:26:9:28:6 | Run Step: simplesink1 | .github/workflows/test.yml:27:14:27:63 | echo ${{ steps.source.outputs.all_changed_files }} |
| .github/workflows/test.yml:28:9:31:2 | Run Step: simplesink2 | .github/workflows/test.yml:28:13:28:23 | simplesink2 |
@@ -542,142 +546,147 @@ parentNodes
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:9:5:89:29 | Job: Test |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:1:5:1:8 | push | .github/workflows/poisonable_steps.yml:1:5:1:8 | push |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:5:14:5:26 | ubuntu-latest | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:8:15:8:38 | actions/github-script@v7 | .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n | .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
| .github/workflows/poisonable_steps.yml:11:53:11:75 | github.workspace | .github/workflows/poisonable_steps.yml:10:19:12:72 | const { default: foo } = await import('${{ github.workspace }}/scripts/foo.mjs')\nreturn foo({ github, context, core }, body, number, sender)\n |
| .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:13:14:13:32 | . venv/bin/activate | .github/workflows/poisonable_steps.yml:13:9:14:6 | Run Step |
| .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:14:14:14:42 | echo foo; . venv/bin/activate | .github/workflows/poisonable_steps.yml:14:9:15:6 | Run Step |
| .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:15:14:15:41 | echo foo;. venv/bin/activate | .github/workflows/poisonable_steps.yml:15:9:16:6 | Run Step |
| .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:16:14:16:42 | echo foo \|. venv/bin/activate | .github/workflows/poisonable_steps.yml:16:9:17:6 | Run Step |
| .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:17:14:17:32 | ./venv/bin/activate | .github/workflows/poisonable_steps.yml:17:9:18:6 | Run Step |
| .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:18:14:18:36 | sh venv/bin/activate.sh | .github/workflows/poisonable_steps.yml:18:9:19:6 | Run Step |
| .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:19:14:19:44 | echo $(sh venv/bin/activate.sh) | .github/workflows/poisonable_steps.yml:19:9:20:6 | Run Step |
| .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:20:14:20:56 | echo foo; sh venv/bin/activate.sh; echo bar | .github/workflows/poisonable_steps.yml:20:9:21:6 | Run Step |
| .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:21:14:21:56 | echo foo \| sh venv/bin/activate.sh > output | .github/workflows/poisonable_steps.yml:21:9:22:6 | Run Step |
| .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:22:14:22:40 | python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:22:9:23:6 | Run Step |
| .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:23:14:23:50 | echo foo; python venv/bin/activate.py | .github/workflows/poisonable_steps.yml:23:9:24:6 | Run Step |
| .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:24:14:24:29 | pnpm run test:ct | .github/workflows/poisonable_steps.yml:24:9:25:6 | Run Step |
| .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:25:14:25:73 | pip install nbformat && python scripts/generate_notebooks.py | .github/workflows/poisonable_steps.yml:25:9:26:6 | Run Step |
| .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:26:14:26:78 | python scripts/generate_theme.py --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:26:9:27:6 | Run Step |
| .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:27:14:27:76 | ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:27:9:28:6 | Run Step |
| .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:28:14:28:92 | bundle run exec ruby scripts/generate_theme.rb --outfile js/storybook/theme.css | .github/workflows/poisonable_steps.yml:28:9:29:6 | Run Step |
| .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:29:14:29:42 | xvfb-run ./mvnw clean package | .github/workflows/poisonable_steps.yml:29:9:30:6 | Run Step |
| .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:30:14:30:46 | echo "foo" && npm i && echo "bar" | .github/workflows/poisonable_steps.yml:30:9:31:6 | Run Step |
| .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:31:14:31:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:31:9:32:6 | Run Step |
| .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:32:14:32:44 | echo "foo" \| npm i \| echo "bar" | .github/workflows/poisonable_steps.yml:32:9:33:6 | Run Step |
| .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:33:14:33:35 | echo "foo `npm i` bar" | .github/workflows/poisonable_steps.yml:33:9:34:6 | Run Step |
| .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:34:14:34:52 | dotnet test foo/Tests.csproj -c Release | .github/workflows/poisonable_steps.yml:34:9:35:6 | Run Step |
| .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:35:14:35:26 | go run foo.go | .github/workflows/poisonable_steps.yml:35:9:36:6 | Run Step |
| .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:36:14:36:86 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json | .github/workflows/poisonable_steps.yml:36:9:37:6 | Run Step |
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:37:14:37:51 | sed -f ./config.sed file.txt > foo.txt | .github/workflows/poisonable_steps.yml:37:9:38:6 | Run Step |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:38:14:38:45 | sed -f config file.txt > foo.txt | .github/workflows/poisonable_steps.yml:38:9:39:6 | Run Step |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:39:9:40:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step |
| .github/workflows/poisonable_steps.yml:44:32:44:50 | env.sot_repo | .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:1:40:53 | on: push |
| .github/workflows/test.yml:1:5:1:8 | push | .github/workflows/test.yml:1:5:1:8 | push |
@@ -870,11 +879,11 @@ cfgNodes
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | enter on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | exit on: push |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | exit on: push (normal) |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | enter on: push |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | exit on: push |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | exit on: push (normal) |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
@@ -935,8 +944,11 @@ cfgNodes
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/poisonable_steps.yml:44:32:44:50 | env.sot_repo |
| .github/workflows/test.yml:1:1:40:53 | enter on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push |
| .github/workflows/test.yml:1:1:40:53 | exit on: push (normal) |
@@ -1047,7 +1059,7 @@ dfNodes
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step |
@@ -1108,8 +1120,11 @@ dfNodes
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/poisonable_steps.yml:44:32:44:50 | env.sot_repo |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value |
@@ -1222,7 +1237,7 @@ nodeLocations
| .github/workflows/multiline.yml:79:14:84:29 | {\n echo 'JSON_RESPONSE<<EOF'\n echo '$ISSUE'\n echo 'EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:79:14:84:29 | .github/workflows/multiline.yml@79:14:84:29 |
| .github/workflows/multiline.yml:85:9:89:29 | Run Step | .github/workflows/multiline.yml:85:9:89:29 | .github/workflows/multiline.yml@85:9:89:29 |
| .github/workflows/multiline.yml:86:14:89:29 | {\n echo 'JSON_RESPONSE<<EOF'\n} >> "$GITHUB_ENV"\n | .github/workflows/multiline.yml:86:14:89:29 | .github/workflows/multiline.yml@86:14:89:29 |
| .github/workflows/poisonable_steps.yml:5:5:41:23 | Job: local_commands | .github/workflows/poisonable_steps.yml:5:5:41:23 | .github/workflows/poisonable_steps.yml@5:5:41:23 |
| .github/workflows/poisonable_steps.yml:5:5:46:111 | Job: local_commands | .github/workflows/poisonable_steps.yml:5:5:46:111 | .github/workflows/poisonable_steps.yml@5:5:46:111 |
| .github/workflows/poisonable_steps.yml:7:9:8:6 | Run Step | .github/workflows/poisonable_steps.yml:7:9:8:6 | .github/workflows/poisonable_steps.yml@7:9:8:6 |
| .github/workflows/poisonable_steps.yml:7:14:7:30 | venv/bin/activate | .github/workflows/poisonable_steps.yml:7:14:7:30 | .github/workflows/poisonable_steps.yml@7:14:7:30 |
| .github/workflows/poisonable_steps.yml:8:9:13:6 | Uses Step | .github/workflows/poisonable_steps.yml:8:9:13:6 | .github/workflows/poisonable_steps.yml@8:9:13:6 |
@@ -1283,8 +1298,11 @@ nodeLocations
| .github/workflows/poisonable_steps.yml:39:14:39:55 | echo "foo" \| awk -f ./config.awk > foo.txt | .github/workflows/poisonable_steps.yml:39:14:39:55 | .github/workflows/poisonable_steps.yml@39:14:39:55 |
| .github/workflows/poisonable_steps.yml:40:9:41:6 | Run Step | .github/workflows/poisonable_steps.yml:40:9:41:6 | .github/workflows/poisonable_steps.yml@40:9:41:6 |
| .github/workflows/poisonable_steps.yml:40:14:40:73 | gcloud builds submit --quiet --substitutions="COMMIT_SHA=foo | .github/workflows/poisonable_steps.yml:40:14:40:73 | .github/workflows/poisonable_steps.yml@40:14:40:73 |
| .github/workflows/poisonable_steps.yml:41:9:41:23 | Run Step | .github/workflows/poisonable_steps.yml:41:9:41:23 | .github/workflows/poisonable_steps.yml@41:9:41:23 |
| .github/workflows/poisonable_steps.yml:41:9:42:6 | Run Step | .github/workflows/poisonable_steps.yml:41:9:42:6 | .github/workflows/poisonable_steps.yml@41:9:42:6 |
| .github/workflows/poisonable_steps.yml:41:14:41:22 | ./foo/cmd | .github/workflows/poisonable_steps.yml:41:14:41:22 | .github/workflows/poisonable_steps.yml@41:14:41:22 |
| .github/workflows/poisonable_steps.yml:42:9:46:111 | Run Step | .github/workflows/poisonable_steps.yml:42:9:46:111 | .github/workflows/poisonable_steps.yml@42:9:46:111 |
| .github/workflows/poisonable_steps.yml:42:14:46:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/poisonable_steps.yml:42:14:46:111 | .github/workflows/poisonable_steps.yml@42:14:46:111 |
| .github/workflows/poisonable_steps.yml:44:32:44:50 | env.sot_repo | .github/workflows/poisonable_steps.yml:44:32:44:50 | .github/workflows/poisonable_steps.yml@44:32:44:50 |
| .github/workflows/test.yml:5:5:31:2 | Job: job1 | .github/workflows/test.yml:5:5:31:2 | .github/workflows/test.yml@5:5:31:2 |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node | .github/workflows/test.yml:8:7:10:4 | .github/workflows/test.yml@8:7:10:4 |
| .github/workflows/test.yml:8:20:8:50 | steps.step.outputs.value | .github/workflows/test.yml:8:20:8:50 | .github/workflows/test.yml@8:20:8:50 |
@@ -1306,7 +1324,7 @@ scopes
| .github/workflows/expression_nodes.yml:1:1:21:47 | on: issue_comment |
| .github/workflows/multiline2.yml:1:1:89:35 | on: |
| .github/workflows/multiline.yml:1:1:89:29 | on: |
| .github/workflows/poisonable_steps.yml:1:1:41:23 | on: push |
| .github/workflows/poisonable_steps.yml:1:1:46:111 | on: push |
| .github/workflows/test.yml:1:1:40:53 | on: push |
sources
| ahmadnassri/action-changed-files | * | output.files | filename | manual |

12
ql/test/query-tests/Security/CWE-094/.github/workflows/arg_injection.yml vendored
View File

@@ -17,6 +17,14 @@ jobs:
- run: awk "BEGIN {$TITLE}"
- run: sed -i "s/git_branch = .*/git_branch = \"$GITHUB_HEAD_REF\"/" config.json
- run: |
# We consider | as a shell pipe so this one is not reported yet until
# we can better identify all the commands in a shell script
sed -i "s|git_branch = .*|git_branch = \"$GITHUB_HEAD_REF\"|" config.json
- run: |
sed -e 's#<branch_to_sync>#${TITLE}#' \
-e 's#<sot_repo>#${{ env.sot_repo }}#' \
-e 's#<destination_repo>#TITLE#' \
.github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky
- run: |
sed -e 's#<branch_to_sync>#TITLE#' \
-e 's#<sot_repo>#${{ env.sot_repo }}#' \
-e 's#<destination_repo>#${TITLE}#' \
.github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky

8
ql/test/query-tests/Security/CWE-094/ArgumentInjectionCritical.expected
View File

@@ -3,6 +3,8 @@ edges
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:15:14:15:52 | echo "foo" \| sed "s/FOO/$TITLE/g" > bar | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | provenance | |
nodes
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | semmle.label | github.event.issue.title |
| .github/workflows/arg_injection.yml:14:14:14:33 | sed "s/FOO/$TITLE/g" | semmle.label | sed "s/FOO/$TITLE/g" |
@@ -10,6 +12,9 @@ nodes
| .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | semmle.label | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) |
| .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | semmle.label | awk "BEGIN {$TITLE}" |
| .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | semmle.label | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json |
| .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | semmle.label | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n |
| .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | semmle.label | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | semmle.label | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
subpaths
#select
| .github/workflows/arg_injection.yml:14:14:14:33 | sed "s/FOO/$TITLE/g" | .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:14:14:14:33 | sed "s/FOO/$TITLE/g" | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:14:14:14:33 | sed "s/FOO/$TITLE/g" | sed |
@@ -17,3 +22,6 @@ subpaths
| .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | sed |
| .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | awk |
| .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | sed |
| .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | sed |
| .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | sed |
| .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | Potential argument injection in $@ command, which may be controlled by an external user. | .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | sed |

5
ql/test/query-tests/Security/CWE-094/ArgumentInjectionMedium.expected
View File

@@ -3,6 +3,8 @@ edges
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:15:14:15:52 | echo "foo" \| sed "s/FOO/$TITLE/g" > bar | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | provenance | |
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | provenance | |
nodes
| .github/workflows/arg_injection.yml:11:15:11:43 | github.event.issue.title | semmle.label | github.event.issue.title |
| .github/workflows/arg_injection.yml:14:14:14:33 | sed "s/FOO/$TITLE/g" | semmle.label | sed "s/FOO/$TITLE/g" |
@@ -10,5 +12,8 @@ nodes
| .github/workflows/arg_injection.yml:16:14:16:60 | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) | semmle.label | echo $(echo "foo" \| sed "s/FOO/$TITLE/g" > bar) |
| .github/workflows/arg_injection.yml:17:14:17:33 | awk "BEGIN {$TITLE}" | semmle.label | awk "BEGIN {$TITLE}" |
| .github/workflows/arg_injection.yml:18:14:18:86 | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json | semmle.label | sed -i "s/git_branch = .*/git_branch = \\"$GITHUB_HEAD_REF\\"/" config.json |
| .github/workflows/arg_injection.yml:19:14:20:84 | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n | semmle.label | sed -i "s\|git_branch = .*\|git_branch = \\"$GITHUB_HEAD_REF\\"\|" config.json\n |
| .github/workflows/arg_injection.yml:21:14:25:111 | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | semmle.label | sed -e 's#<branch_to_sync>#${TITLE}#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#TITLE#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
| .github/workflows/arg_injection.yml:26:14:30:111 | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n | semmle.label | sed -e 's#<branch_to_sync>#TITLE#' \\\n -e 's#<sot_repo>#${{ env.sot_repo }}#' \\\n -e 's#<destination_repo>#${TITLE}#' \\\n .github/workflows/common-copybara.bara.sky.template > .github/workflows/common-copybara.bara.sky\n |
subpaths
#select