diff --git a/.gitignore b/.gitignore index 1127e8f55db..4ba9d315acc 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ ql/lib/.codeql/ ql/src/.codeql/ ql/test/.codeql/ db/ +.cache \ No newline at end of file diff --git a/ql/lib/codeql/actions/dataflow/ExternalFlow.qll b/ql/lib/codeql/actions/dataflow/ExternalFlow.qll index c1c93221d1a..cc7e4c633e3 100644 --- a/ql/lib/codeql/actions/dataflow/ExternalFlow.qll +++ b/ql/lib/codeql/actions/dataflow/ExternalFlow.qll @@ -8,9 +8,10 @@ private import actions * - action: Fully-qualified action name (NWO) * - version: Either '*' or a specific SHA/Tag * - output arg: To node (prefixed with either `env.` or `output.`) + * - provenance: verification of the model */ -predicate sourceModel(string action, string version, string output, string kind) { - Extensions::sourceModel(action, version, output, kind) +predicate sourceModel(string action, string version, string output, string kind, string provenance) { + Extensions::sourceModel(action, version, output, kind, provenance) } /** @@ -21,9 +22,12 @@ predicate sourceModel(string action, string version, string output, string kind) * - input arg: From node (prefixed with either `env.` or `input.`) * - output arg: To node (prefixed with either `env.` or `output.`) * - kind: Either 'Taint' or 'Value' + * - provenance: verification of the model */ -predicate summaryModel(string action, string version, string input, string output, string kind) { - Extensions::summaryModel(action, version, input, output, kind) +predicate summaryModel( + string action, string version, string input, string output, string kind, string provenance +) { + Extensions::summaryModel(action, version, input, output, kind, provenance) } /** @@ -33,14 +37,15 @@ predicate summaryModel(string action, string version, string input, string outpu * - version: Either '*' or a specific SHA/Tag * - input: sink node (prefixed with either `env.` or `input.`) * - kind: sink kind + * - provenance: verification of the model */ -predicate sinkModel(string action, string version, string input, string kind) { - Extensions::sinkModel(action, version, input, kind) +predicate sinkModel(string action, string version, string input, string kind, string provenance) { + Extensions::sinkModel(action, version, input, kind, provenance) } predicate externallyDefinedSource(DataFlow::Node source, string sourceType, string fieldName) { exists(Uses uses, string action, string version, string kind | - sourceModel(action, version, fieldName, kind) and + sourceModel(action, version, fieldName, kind, _) and uses.getCallee() = action.toLowerCase() and ( if version.trim() = "*" @@ -63,7 +68,7 @@ predicate externallyDefinedStoreStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::ContentSet c ) { exists(Uses uses, string action, string version, string input, string output | - summaryModel(action, version, input, output, "taint") and + summaryModel(action, version, input, output, "taint", _) and c = any(DataFlow::FieldContent ct | ct.getName() = output.replaceAll("output.", "")) and uses.getCallee() = action.toLowerCase() and ( @@ -85,7 +90,7 @@ predicate externallyDefinedStoreStep( predicate externallyDefinedSink(DataFlow::Node sink, string kind) { exists(Uses uses, string action, string version, string input | - sinkModel(action, version, input, kind) and + sinkModel(action, version, input, kind, _) and uses.getCallee() = action.toLowerCase() and ( if input.trim().matches("env.%") diff --git a/ql/lib/codeql/actions/dataflow/FlowSources.qll b/ql/lib/codeql/actions/dataflow/FlowSources.qll index e07b9f76762..01aa8bbc320 100644 --- a/ql/lib/codeql/actions/dataflow/FlowSources.qll +++ b/ql/lib/codeql/actions/dataflow/FlowSources.qll @@ -1,7 +1,6 @@ private import actions private import codeql.actions.DataFlow private import codeql.actions.dataflow.ExternalFlow -private import codeql.actions.Ast::Utils as Utils private import codeql.actions.security.ArtifactPoisoningQuery /** diff --git a/ql/lib/codeql/actions/dataflow/FlowSteps.qll b/ql/lib/codeql/actions/dataflow/FlowSteps.qll index e66c8e7c1b9..36965166d3b 100644 --- a/ql/lib/codeql/actions/dataflow/FlowSteps.qll +++ b/ql/lib/codeql/actions/dataflow/FlowSteps.qll @@ -6,7 +6,6 @@ private import actions private import codeql.util.Unit private import codeql.actions.DataFlow private import codeql.actions.dataflow.ExternalFlow -private import codeql.actions.Ast::Utils as Utils private import codeql.actions.security.ArtifactPoisoningQuery /** diff --git a/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll b/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll index 89cf4de0261..8e8ce10bba9 100644 --- a/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll +++ b/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll @@ -5,16 +5,20 @@ /** * Holds if a source model exists for the given parameters. */ -extensible predicate sourceModel(string action, string version, string output, string kind); +extensible predicate sourceModel( + string action, string version, string output, string kind, string provenance +); /** * Holds if a summary model exists for the given parameters. */ extensible predicate summaryModel( - string action, string version, string input, string output, string kind + string action, string version, string input, string output, string kind, string provenance ); /** * Holds if a sink model exists for the given parameters. */ -extensible predicate sinkModel(string action, string version, string input, string kind); +extensible predicate sinkModel( + string action, string version, string input, string kind, string provenance +); diff --git a/ql/lib/ext/8398a7_action-slack.model.yml b/ql/lib/ext/8398a7_action-slack.model.yml index e3d97adf69d..67455900ec3 100644 --- a/ql/lib/ext/8398a7_action-slack.model.yml +++ b/ql/lib/ext/8398a7_action-slack.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["8398a7/action-slack", "*", "input.custom_payload", "code-injection"] \ No newline at end of file + - ["8398a7/action-slack", "*", "input.custom_payload", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/TEST-RW-MODELS.model.yml b/ql/lib/ext/TEST-RW-MODELS.model.yml index 4ff387b1c5a..65952bccb35 100644 --- a/ql/lib/ext/TEST-RW-MODELS.model.yml +++ b/ql/lib/ext/TEST-RW-MODELS.model.yml @@ -3,15 +3,15 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["octo-org/this-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint"] - - ["octo-org/summary-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint"] + - ["octo-org/this-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint", "manual"] + - ["octo-org/summary-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["octo-org/source-repo/.github/workflows/workflow.yml", "*", "output.workflow-output", "Foo"] + - ["octo-org/source-repo/.github/workflows/workflow.yml", "*", "output.workflow-output", "Foo", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["octo-org/sink-repo/.github/workflows/workflow.yml", "*", "input.config-path", "code-injection"] + - ["octo-org/sink-repo/.github/workflows/workflow.yml", "*", "input.config-path", "code-injection", "manual"] diff --git a/ql/lib/ext/actions_github-script.model.yml b/ql/lib/ext/actions_github-script.model.yml index cd409f38b59..9b36680af8f 100644 --- a/ql/lib/ext/actions_github-script.model.yml +++ b/ql/lib/ext/actions_github-script.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["actions/github-script", "*", "input.script", "code-injection"] + - ["actions/github-script", "*", "input.script", "code-injection", "manual"] diff --git a/ql/lib/ext/ahmadnassri_action-changed-files.model.yml b/ql/lib/ext/ahmadnassri_action-changed-files.model.yml index aabd5a3ce36..63e99abd4d3 100644 --- a/ql/lib/ext/ahmadnassri_action-changed-files.model.yml +++ b/ql/lib/ext/ahmadnassri_action-changed-files.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["ahmadnassri/action-changed-files", "*", "output.files", "PR changed files"] - - ["ahmadnassri/action-changed-files", "*", "output.json", "PR changed files"] + - ["ahmadnassri/action-changed-files", "*", "output.files", "PR changed files", "manual"] + - ["ahmadnassri/action-changed-files", "*", "output.json", "PR changed files", "manual"] diff --git a/ql/lib/ext/akhileshns_heroku-deploy.model.yml b/ql/lib/ext/akhileshns_heroku-deploy.model.yml index ad65775e58d..41b67c2a625 100644 --- a/ql/lib/ext/akhileshns_heroku-deploy.model.yml +++ b/ql/lib/ext/akhileshns_heroku-deploy.model.yml @@ -3,19 +3,19 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint"] + - ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.region", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.stack", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.team", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.docker_heroku_process_type", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.docker_build_args", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.branch", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.appdir", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.heroku_api_key", "command-injection"] - - ["akhileshns/heroku-deploy", "*", "input.heroku_email", "command-injection"] + - ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.region", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.stack", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.team", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.docker_heroku_process_type", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.docker_build_args", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.branch", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.appdir", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.heroku_api_key", "command-injection", "manual"] + - ["akhileshns/heroku-deploy", "*", "input.heroku_email", "command-injection", "manual"] diff --git a/ql/lib/ext/amannn_action-semantic-pull-request.model.yml b/ql/lib/ext/amannn_action-semantic-pull-request.model.yml index 638ff449735..f2b8c8549a9 100644 --- a/ql/lib/ext/amannn_action-semantic-pull-request.model.yml +++ b/ql/lib/ext/amannn_action-semantic-pull-request.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["amannn/action-semantic-pull-request", "*", "output.error_message", "PR title"] + - ["amannn/action-semantic-pull-request", "*", "output.error_message", "PR title", "manual"] diff --git a/ql/lib/ext/anchore_sbom-action.model.yml b/ql/lib/ext/anchore_sbom-action.model.yml index c632a3a1ff2..7cb2e10e926 100644 --- a/ql/lib/ext/anchore_sbom-action.model.yml +++ b/ql/lib/ext/anchore_sbom-action.model.yml @@ -3,8 +3,8 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["anchore/sbom-action", "*", "input.syft-version", "command-injection"] - - ["anchore/sbom-action", "*", "input.format", "command-injection"] - - ["anchore/sbom-action", "*", "input.path", "command-injection"] - - ["anchore/sbom-action", "*", "input.file", "command-injection"] - - ["anchore/sbom-action", "*", "input.image", "command-injection"] + - ["anchore/sbom-action", "*", "input.syft-version", "command-injection", "manual"] + - ["anchore/sbom-action", "*", "input.format", "command-injection", "manual"] + - ["anchore/sbom-action", "*", "input.path", "command-injection", "manual"] + - ["anchore/sbom-action", "*", "input.file", "command-injection", "manual"] + - ["anchore/sbom-action", "*", "input.image", "command-injection", "manual"] diff --git a/ql/lib/ext/anchore_scan-action.model.yml b/ql/lib/ext/anchore_scan-action.model.yml index 26e5adea505..83f09bc6bde 100644 --- a/ql/lib/ext/anchore_scan-action.model.yml +++ b/ql/lib/ext/anchore_scan-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["anchore/scan-action", "*", "input.grype-version", "command-injection"] + - ["anchore/scan-action", "*", "input.grype-version", "command-injection", "manual"] diff --git a/ql/lib/ext/andresz1_size-limit-action.model.yml b/ql/lib/ext/andresz1_size-limit-action.model.yml index 2903888a731..bdd8a8f77c9 100644 --- a/ql/lib/ext/andresz1_size-limit-action.model.yml +++ b/ql/lib/ext/andresz1_size-limit-action.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["andresz1/size-limit-action", "*", "input.package_manager", "command-injection"] - - ["andresz1/size-limit-action", "*", "input.build_script", "command-injection"] - - ["andresz1/size-limit-action", "*", "input.script", "command-injection"] - - ["andresz1/size-limit-action", "*", "input.clean_script", "command-injection"] + - ["andresz1/size-limit-action", "*", "input.package_manager", "command-injection", "manual"] + - ["andresz1/size-limit-action", "*", "input.build_script", "command-injection", "manual"] + - ["andresz1/size-limit-action", "*", "input.script", "command-injection", "manual"] + - ["andresz1/size-limit-action", "*", "input.clean_script", "command-injection", "manual"] diff --git a/ql/lib/ext/android-actions_setup-android.model.yml b/ql/lib/ext/android-actions_setup-android.model.yml index 5ecd36f0926..7e5f5c9ee6a 100644 --- a/ql/lib/ext/android-actions_setup-android.model.yml +++ b/ql/lib/ext/android-actions_setup-android.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint"] + - ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint", "manual"] diff --git a/ql/lib/ext/apple-actions_import-codesign-certs.model.yml b/ql/lib/ext/apple-actions_import-codesign-certs.model.yml index b81f5c17ca2..8daa9a9c2b3 100644 --- a/ql/lib/ext/apple-actions_import-codesign-certs.model.yml +++ b/ql/lib/ext/apple-actions_import-codesign-certs.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint"] + - ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint", "manual"] diff --git a/ql/lib/ext/asdf-vm_actions.model.yml b/ql/lib/ext/asdf-vm_actions.model.yml index 21dcd22c8b7..80502e487b8 100644 --- a/ql/lib/ext/asdf-vm_actions.model.yml +++ b/ql/lib/ext/asdf-vm_actions.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["asdf-vm/actions", "*", "input.before_install", "command-injection"] \ No newline at end of file + - ["asdf-vm/actions", "*", "input.before_install", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml b/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml index 5ab9fee1667..2a26d31feac 100644 --- a/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml +++ b/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint"] + - ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint", "manual"] diff --git a/ql/lib/ext/ashley-taylor_regex-property-action.model.yml b/ql/lib/ext/ashley-taylor_regex-property-action.model.yml index a6e1364d218..82e81f55816 100644 --- a/ql/lib/ext/ashley-taylor_regex-property-action.model.yml +++ b/ql/lib/ext/ashley-taylor_regex-property-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint"] - - ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint"] + - ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint", "manual"] + - ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint", "manual"] diff --git a/ql/lib/ext/aszc_change-string-case-action.model.yml b/ql/lib/ext/aszc_change-string-case-action.model.yml index cfdbb0b825f..58554eb3f61 100644 --- a/ql/lib/ext/aszc_change-string-case-action.model.yml +++ b/ql/lib/ext/aszc_change-string-case-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint"] - - ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint"] - - ["aszc/change-string-case-action", "*", "input.replace-with", "output.lowercase", "taint"] + - ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint", "manual"] + - ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint", "manual"] + - ["aszc/change-string-case-action", "*", "input.replace-with", "output.lowercase", "taint", "manual"] diff --git a/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml b/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml index 26b3a1fd3df..ca99210b4c2 100644 --- a/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml +++ b/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint"] - - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint"] - - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "env.AWS_SECRET_ACCESS_KEY", "taint"] - - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "secret.AWS_SECRET_ACCESS_KEY", "taint"] - - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "env.AWS_SESSION_TOKEN", "taint"] - - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "secret.AWS_SESSION_TOKEN", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint", "manual"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint", "manual"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "env.AWS_SECRET_ACCESS_KEY", "taint", "manual"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "secret.AWS_SECRET_ACCESS_KEY", "taint", "manual"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "env.AWS_SESSION_TOKEN", "taint", "manual"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "secret.AWS_SESSION_TOKEN", "taint", "manual"] diff --git a/ql/lib/ext/axel-op_googlejavaformat-action.model.yml b/ql/lib/ext/axel-op_googlejavaformat-action.model.yml index 236eade34a6..1563d95b0b1 100644 --- a/ql/lib/ext/axel-op_googlejavaformat-action.model.yml +++ b/ql/lib/ext/axel-op_googlejavaformat-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["axel-op/googlejavaformat-action", "*", "input.commitMessage", "command-injection"] - - ["axel-op/googlejavaformat-action", "*", "input.commit-message", "command-injection"] + - ["axel-op/googlejavaformat-action", "*", "input.commitMessage", "command-injection", "manual"] + - ["axel-op/googlejavaformat-action", "*", "input.commit-message", "command-injection", "manual"] diff --git a/ql/lib/ext/azure_powershell.model.yml b/ql/lib/ext/azure_powershell.model.yml index c0e11c8201f..2bb6000355d 100644 --- a/ql/lib/ext/azure_powershell.model.yml +++ b/ql/lib/ext/azure_powershell.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["azure/powershell", "*", "input.azPSVersion", "command-injection"] + - ["azure/powershell", "*", "input.azPSVersion", "command-injection", "manual"] diff --git a/ql/lib/ext/bahmutov_npm-install.model.yml b/ql/lib/ext/bahmutov_npm-install.model.yml index 2841f406bda..b0c3419abe9 100644 --- a/ql/lib/ext/bahmutov_npm-install.model.yml +++ b/ql/lib/ext/bahmutov_npm-install.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["bahmutov/npm-install", "*", "input.install-command", "command-injection"] + - ["bahmutov/npm-install", "*", "input.install-command", "command-injection", "manual"] diff --git a/ql/lib/ext/blackducksoftware_github-action.model.yml b/ql/lib/ext/blackducksoftware_github-action.model.yml index aa060de610d..cbe593690e4 100644 --- a/ql/lib/ext/blackducksoftware_github-action.model.yml +++ b/ql/lib/ext/blackducksoftware_github-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["blackducksoftware/github-action", "*", "input.args", "command-injection"] - - ["blackducksoftware/github-action", "*", "input.blackduck.url", "command-injection"] - - ["blackducksoftware/github-action", "*", "input.blackduck.api.token", "command-injection"] + - ["blackducksoftware/github-action", "*", "input.args", "command-injection", "manual"] + - ["blackducksoftware/github-action", "*", "input.blackduck.url", "command-injection", "manual"] + - ["blackducksoftware/github-action", "*", "input.blackduck.api.token", "command-injection", "manual"] diff --git a/ql/lib/ext/bobheadxi_deployments.model.yml b/ql/lib/ext/bobheadxi_deployments.model.yml index 2d8932d87fb..f29355d4882 100644 --- a/ql/lib/ext/bobheadxi_deployments.model.yml +++ b/ql/lib/ext/bobheadxi_deployments.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["bobheadxi/deployments", "*", "input.env", "output.env", "taint"] + - ["bobheadxi/deployments", "*", "input.env", "output.env", "taint", "manual"] diff --git a/ql/lib/ext/bufbuild_buf-breaking-action.model.yml b/ql/lib/ext/bufbuild_buf-breaking-action.model.yml index 7d5f699a0e9..8463ed9577b 100644 --- a/ql/lib/ext/bufbuild_buf-breaking-action.model.yml +++ b/ql/lib/ext/bufbuild_buf-breaking-action.model.yml @@ -3,10 +3,10 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"] + - ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["bufbuild/buf-breaking-action", "*", "input.input", "command-injection"] - - ["bufbuild/buf-breaking-action", "*", "input.against", "command-injection"] + - ["bufbuild/buf-breaking-action", "*", "input.input", "command-injection", "manual"] + - ["bufbuild/buf-breaking-action", "*", "input.against", "command-injection", "manual"] diff --git a/ql/lib/ext/bufbuild_buf-lint-action.model.yml b/ql/lib/ext/bufbuild_buf-lint-action.model.yml index aeda7998631..f20a877c3d2 100644 --- a/ql/lib/ext/bufbuild_buf-lint-action.model.yml +++ b/ql/lib/ext/bufbuild_buf-lint-action.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"] + - ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["bufbuild/buf-lint-action", "*", "input.input", "command-injection"] + - ["bufbuild/buf-lint-action", "*", "input.input", "command-injection", "manual"] diff --git a/ql/lib/ext/bufbuild_buf-setup-action.model.yml b/ql/lib/ext/bufbuild_buf-setup-action.model.yml index 38b18cf6cac..e0fe96ff915 100644 --- a/ql/lib/ext/bufbuild_buf-setup-action.model.yml +++ b/ql/lib/ext/bufbuild_buf-setup-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["bufbuild/buf-setup-action", "*", "input.buf_domain", "command-injection"] - - ["bufbuild/buf-setup-action", "*", "input.buf_user", "command-injection"] + - ["bufbuild/buf-setup-action", "*", "input.buf_domain", "command-injection", "manual"] + - ["bufbuild/buf-setup-action", "*", "input.buf_user", "command-injection", "manual"] diff --git a/ql/lib/ext/cachix_cachix-action.model.yml b/ql/lib/ext/cachix_cachix-action.model.yml index 2e4291eb480..a7489b68688 100644 --- a/ql/lib/ext/cachix_cachix-action.model.yml +++ b/ql/lib/ext/cachix_cachix-action.model.yml @@ -3,10 +3,10 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint"] + - ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["cachix/cachix-action", "*", "input.installCommand", "command-injection"] - - ["cachix/cachix-action", "*", "input.cachixBin", "command-injection"] \ No newline at end of file + - ["cachix/cachix-action", "*", "input.installCommand", "command-injection", "manual"] + - ["cachix/cachix-action", "*", "input.cachixBin", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/changesets_action.model.yml b/ql/lib/ext/changesets_action.model.yml index 3be7669275c..c0a18c36465 100644 --- a/ql/lib/ext/changesets_action.model.yml +++ b/ql/lib/ext/changesets_action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["changesets/action", "*", "input.publish", "command-injection"] - - ["changesets/action", "*", "input.version", "command-injection"] + - ["changesets/action", "*", "input.publish", "command-injection", "manual"] + - ["changesets/action", "*", "input.version", "command-injection", "manual"] diff --git a/ql/lib/ext/cloudflare_wrangler-action.model.yml b/ql/lib/ext/cloudflare_wrangler-action.model.yml index cb0870b4883..79ed7a80437 100644 --- a/ql/lib/ext/cloudflare_wrangler-action.model.yml +++ b/ql/lib/ext/cloudflare_wrangler-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["cloudflare/wrangler-action", "*", "input.preCommands", "command-injection"] - - ["cloudflare/wrangler-action", "*", "input.postCommands", "command-injection"] + - ["cloudflare/wrangler-action", "*", "input.preCommands", "command-injection", "manual"] + - ["cloudflare/wrangler-action", "*", "input.postCommands", "command-injection", "manual"] diff --git a/ql/lib/ext/coursier_cache-action.model.yml b/ql/lib/ext/coursier_cache-action.model.yml index bfb45dddb66..550b5b854ed 100644 --- a/ql/lib/ext/coursier_cache-action.model.yml +++ b/ql/lib/ext/coursier_cache-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint"] + - ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint", "manual"] diff --git a/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml b/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml index 30e59e91d60..bbe88611259 100644 --- a/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml +++ b/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["crazy-max/ghaction-chocolatey", "*", "input.args", "command-injection"] + - ["crazy-max/ghaction-chocolatey", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml b/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml index f3b021d226b..83b3bc3520d 100644 --- a/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml +++ b/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint"] \ No newline at end of file + - ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/csexton_release-asset-action.model.yml b/ql/lib/ext/csexton_release-asset-action.model.yml index 60e35e66a4d..3b0642fece4 100644 --- a/ql/lib/ext/csexton_release-asset-action.model.yml +++ b/ql/lib/ext/csexton_release-asset-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint"] + - ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint", "manual"] diff --git a/ql/lib/ext/cycjimmy_semantic-release-action.model.yml b/ql/lib/ext/cycjimmy_semantic-release-action.model.yml index 25df02dacaa..db55d3c6f3a 100644 --- a/ql/lib/ext/cycjimmy_semantic-release-action.model.yml +++ b/ql/lib/ext/cycjimmy_semantic-release-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["cycjimmy/semantic-release-action", "*", "input.semantic_version", "command-injection"] - - ["cycjimmy/semantic-release-action", "*", "input.extra_plugins", "command-injection"] - - ["cycjimmy/semantic-release-action", "*", "input.extends", "command-injection"] + - ["cycjimmy/semantic-release-action", "*", "input.semantic_version", "command-injection", "manual"] + - ["cycjimmy/semantic-release-action", "*", "input.extra_plugins", "command-injection", "manual"] + - ["cycjimmy/semantic-release-action", "*", "input.extends", "command-injection", "manual"] diff --git a/ql/lib/ext/cypress-io_github-action.model.yml b/ql/lib/ext/cypress-io_github-action.model.yml index 0aaa1b0722a..21688675a2e 100644 --- a/ql/lib/ext/cypress-io_github-action.model.yml +++ b/ql/lib/ext/cypress-io_github-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["cypress-io/github-action", "*", "env.GH_BRANCH", "PR branch"] + - ["cypress-io/github-action", "*", "env.GH_BRANCH", "PR branch", "manual"] diff --git a/ql/lib/ext/dailydotdev_action-devcard.model.yml b/ql/lib/ext/dailydotdev_action-devcard.model.yml index 324171f3c4b..46226863687 100644 --- a/ql/lib/ext/dailydotdev_action-devcard.model.yml +++ b/ql/lib/ext/dailydotdev_action-devcard.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["dailydotdev/action-devcard", "*", "input.commit_branch", "sql-injection"] - - ["dailydotdev/action-devcard", "*", "input.commit_filename", "sql-injection"] + - ["dailydotdev/action-devcard", "*", "input.commit_branch", "sql-injection", "manual"] + - ["dailydotdev/action-devcard", "*", "input.commit_filename", "sql-injection", "manual"] diff --git a/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml b/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml index cc5c311eea7..afe3e82ca1f 100644 --- a/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml +++ b/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["danielpalme/reportgenerator-github-action", "*", "input.toolpath", "command-injection"] + - ["danielpalme/reportgenerator-github-action", "*", "input.toolpath", "command-injection", "manual"] diff --git a/ql/lib/ext/daspn_private-actions-checkout.model.yml b/ql/lib/ext/daspn_private-actions-checkout.model.yml index f45aae02158..5b0a9dab38d 100644 --- a/ql/lib/ext/daspn_private-actions-checkout.model.yml +++ b/ql/lib/ext/daspn_private-actions-checkout.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["daspn/private-actions-checkout", "*", "input.actions_list", "command-injection"] - - ["daspn/private-actions-checkout", "*", "input.checkout_base_path", "command-injection"] + - ["daspn/private-actions-checkout", "*", "input.actions_list", "command-injection", "manual"] + - ["daspn/private-actions-checkout", "*", "input.checkout_base_path", "command-injection", "manual"] diff --git a/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml b/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml index 7445d673fcf..35bbd72f0a4 100644 --- a/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml +++ b/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["dawidd6/action-ansible-playbook", "*", "input.playbook", "command-injection"] - - ["dawidd6/action-ansible-playbook", "*", "input.options", "command-injection"] + - ["dawidd6/action-ansible-playbook", "*", "input.playbook", "command-injection", "manual"] + - ["dawidd6/action-ansible-playbook", "*", "input.options", "command-injection", "manual"] diff --git a/ql/lib/ext/dawidd6_action-download-artifact.model.yml b/ql/lib/ext/dawidd6_action-download-artifact.model.yml index 3bc1dcc4759..f90eaeb7271 100644 --- a/ql/lib/ext/dawidd6_action-download-artifact.model.yml +++ b/ql/lib/ext/dawidd6_action-download-artifact.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["dawidd6/action-download-artifact", "*", "output.artifacts", "Artifact details"] + - ["dawidd6/action-download-artifact", "*", "output.artifacts", "Artifact details", "manual"] diff --git a/ql/lib/ext/delaguardo_setup-clojure.model.yml b/ql/lib/ext/delaguardo_setup-clojure.model.yml index 82f491390d2..1647e560730 100644 --- a/ql/lib/ext/delaguardo_setup-clojure.model.yml +++ b/ql/lib/ext/delaguardo_setup-clojure.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint"] \ No newline at end of file + - ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml b/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml index 430a96f6cbe..bbdad8287dd 100644 --- a/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml +++ b/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-url", "command-injection"] - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-tag", "command-injection"] - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-pr", "command-injection"] - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-branch", "command-injection"] - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-revision", "command-injection"] - - ["determinatesystems/magic-nix-cache-action", "*", "input.source-binary", "command-injection"] \ No newline at end of file + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-url", "command-injection", "manual"] + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-tag", "command-injection", "manual"] + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-pr", "command-injection", "manual"] + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-branch", "command-injection", "manual"] + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-revision", "command-injection", "manual"] + - ["determinatesystems/magic-nix-cache-action", "*", "input.source-binary", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/docker-practice_actions-setup-docker.model.yml b/ql/lib/ext/docker-practice_actions-setup-docker.model.yml index 37bcf2cc781..f3ac66006d9 100644 --- a/ql/lib/ext/docker-practice_actions-setup-docker.model.yml +++ b/ql/lib/ext/docker-practice_actions-setup-docker.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["docker-practice/actions-setup-docker", "*", "input.docker_version", "command-injection"] - - ["docker-practice/actions-setup-docker", "*", "input.docker_channel", "command-injection"] - - ["docker-practice/actions-setup-docker", "*", "input.docker_daemon_json", "command-injection"] + - ["docker-practice/actions-setup-docker", "*", "input.docker_version", "command-injection", "manual"] + - ["docker-practice/actions-setup-docker", "*", "input.docker_channel", "command-injection", "manual"] + - ["docker-practice/actions-setup-docker", "*", "input.docker_daemon_json", "command-injection", "manual"] diff --git a/ql/lib/ext/docker_build-push-action.model.yml b/ql/lib/ext/docker_build-push-action.model.yml index 77eaf3ae10f..9189245e228 100644 --- a/ql/lib/ext/docker_build-push-action.model.yml +++ b/ql/lib/ext/docker_build-push-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["docker/build-push-action", "*", "input.context", "code-injection"] \ No newline at end of file + - ["docker/build-push-action", "*", "input.context", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/dorny_paths-filter.model.yml b/ql/lib/ext/dorny_paths-filter.model.yml index 41a9c337f49..14743f2819e 100644 --- a/ql/lib/ext/dorny_paths-filter.model.yml +++ b/ql/lib/ext/dorny_paths-filter.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["dorny/paths-filter", "*", "output.changes", "PR changed files"] + - ["dorny/paths-filter", "*", "output.changes", "PR changed files", "manual"] diff --git a/ql/lib/ext/endbug_latest-tag.model.yml b/ql/lib/ext/endbug_latest-tag.model.yml index 63cdb2a496b..bd64fc37423 100644 --- a/ql/lib/ext/endbug_latest-tag.model.yml +++ b/ql/lib/ext/endbug_latest-tag.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["endbug/latest-tag", "*", "input.ref", "command-injection"] - - ["endbug/latest-tag", "*", "input.tag-name", "command-injection"] - - ["endbug/latest-tag", "*", "input.git-directory", "command-injection"] - - ["endbug/latest-tag", "*", "input.description", "command-injection"] + - ["endbug/latest-tag", "*", "input.ref", "command-injection", "manual"] + - ["endbug/latest-tag", "*", "input.tag-name", "command-injection", "manual"] + - ["endbug/latest-tag", "*", "input.git-directory", "command-injection", "manual"] + - ["endbug/latest-tag", "*", "input.description", "command-injection", "manual"] diff --git a/ql/lib/ext/expo_expo-github-action.model.yml b/ql/lib/ext/expo_expo-github-action.model.yml index d0bcbb4da98..9a20279e110 100644 --- a/ql/lib/ext/expo_expo-github-action.model.yml +++ b/ql/lib/ext/expo_expo-github-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["expo/expo-github-action", "*", "input.command", "command-injection"] - - ["expo/expo-github-action", "*", "input.packager", "command-injection"] + - ["expo/expo-github-action", "*", "input.command", "command-injection", "manual"] + - ["expo/expo-github-action", "*", "input.packager", "command-injection", "manual"] diff --git a/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml b/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml index 6418e71f22a..8d06bc8a512 100644 --- a/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml +++ b/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["firebaseextended/action-hosting-deploy", "*", "input.firebaseToolsVersion", "command-injection"] + - ["firebaseextended/action-hosting-deploy", "*", "input.firebaseToolsVersion", "command-injection", "manual"] diff --git a/ql/lib/ext/frabert_replace-string-action.model.yml b/ql/lib/ext/frabert_replace-string-action.model.yml index 760b7cd46e7..9d066ac23ec 100644 --- a/ql/lib/ext/frabert_replace-string-action.model.yml +++ b/ql/lib/ext/frabert_replace-string-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint"] - - ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint"] + - ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint", "manual"] + - ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint", "manual"] diff --git a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml index b6c75a06e57..ecfce617df4 100644 --- a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml +++ b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "PR body"] - - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "PR title"] + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "PR body", "manual"] + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "PR title", "manual"] diff --git a/ql/lib/ext/gabrielbb_xvfb-action.model.yml b/ql/lib/ext/gabrielbb_xvfb-action.model.yml index 86705319e23..563da9d4c0f 100644 --- a/ql/lib/ext/gabrielbb_xvfb-action.model.yml +++ b/ql/lib/ext/gabrielbb_xvfb-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["gabrielbb/xvfb-action", "*", "input.run", "command-injection"] - - ["gabrielbb/xvfb-action", "*", "input.options", "command-injection"] \ No newline at end of file + - ["gabrielbb/xvfb-action", "*", "input.run", "command-injection", "manual"] + - ["gabrielbb/xvfb-action", "*", "input.options", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/game-ci_unity-builder.model.yml b/ql/lib/ext/game-ci_unity-builder.model.yml index 61fdcd9254a..5194ce500fb 100644 --- a/ql/lib/ext/game-ci_unity-builder.model.yml +++ b/ql/lib/ext/game-ci_unity-builder.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["game-ci/unity-builder", "*", "input.cacheKey", "command-injection"] - - ["game-ci/unity-builder", "*", "input.unityHubVersionOnMac", "command-injection"] + - ["game-ci/unity-builder", "*", "input.cacheKey", "command-injection", "manual"] + - ["game-ci/unity-builder", "*", "input.unityHubVersionOnMac", "command-injection", "manual"] diff --git a/ql/lib/ext/game-ci_unity-test-runner.model.yml b/ql/lib/ext/game-ci_unity-test-runner.model.yml index 2d142d98099..8c2f32627d9 100644 --- a/ql/lib/ext/game-ci_unity-test-runner.model.yml +++ b/ql/lib/ext/game-ci_unity-test-runner.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint"] \ No newline at end of file + - ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml b/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml index 1727ca60e25..f74ae81a52c 100644 --- a/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml +++ b/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["gautamkrishnar/blog-post-workflow", "*", "input.item_exec", "code-injection"] \ No newline at end of file + - ["gautamkrishnar/blog-post-workflow", "*", "input.item_exec", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/actions_actions-runner-controller.model.yml b/ql/lib/ext/generated/composite-actions/actions_actions-runner-controller.model.yml new file mode 100644 index 00000000000..4bc9d5ed771 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/actions_actions-runner-controller.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["actions/actions-runner-controller", "*", "inputs.image-tag", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.image-name", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.arc-controller-namespace", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.arc-namespace", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.arc-name", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.repo-name", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.repo-owner", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.workflow-file", "code-injection", "generated"] + - ["actions/actions-runner-controller", "*", "inputs.auth-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/adap_flower.model.yml b/ql/lib/ext/generated/composite-actions/adap_flower.model.yml new file mode 100644 index 00000000000..3ce17568490 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/adap_flower.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["adap/flower", "*", "inputs.poetry-version", "code-injection", "generated"] + - ["adap/flower", "*", "inputs.setuptools-version", "code-injection", "generated"] + - ["adap/flower", "*", "inputs.pip-version", "code-injection", "generated"] + - ["adap/flower", "*", "inputs.python-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/agoric_agoric-sdk.model.yml b/ql/lib/ext/generated/composite-actions/agoric_agoric-sdk.model.yml new file mode 100644 index 00000000000..80a23352e55 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/agoric_agoric-sdk.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["agoric/agoric-sdk", "*", "inputs.xsnap-random-init", "code-injection", "generated"] + - ["agoric/agoric-sdk", "*", "inputs.path", "code-injection", "generated"] + - ["agoric/agoric-sdk", "*", "inputs.ignore-endo-branch", "code-injection", "generated"] + - ["agoric/agoric-sdk", "*", "inputs.codecov-token", "code-injection", "generated"] + - ["agoric/agoric-sdk", "*", "inputs.datadog-token", "code-injection", "generated"] + - ["agoric/agoric-sdk", "*", "inputs.datadog-site", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/airbnb_lottie-ios.model.yml b/ql/lib/ext/generated/composite-actions/airbnb_lottie-ios.model.yml new file mode 100644 index 00000000000..441c8ebcd52 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/airbnb_lottie-ios.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["airbnb/lottie-ios", "*", "inputs.xcode", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/airbytehq_airbyte.model.yml b/ql/lib/ext/generated/composite-actions/airbytehq_airbyte.model.yml new file mode 100644 index 00000000000..d4e8a2c32bf --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/airbytehq_airbyte.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["airbytehq/airbyte", "*", "inputs.options", "code-injection", "generated"] + - ["airbytehq/airbyte", "*", "inputs.subcommand", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/amazon-ion_ion-java.model.yml b/ql/lib/ext/generated/composite-actions/amazon-ion_ion-java.model.yml new file mode 100644 index 00000000000..ce3ed699b9a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/amazon-ion_ion-java.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["amazon-ion/ion-java", "*", "inputs.project_version", "code-injection", "generated"] + - ["amazon-ion/ion-java", "*", "inputs.repo", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/anchore_grype.model.yml b/ql/lib/ext/generated/composite-actions/anchore_grype.model.yml new file mode 100644 index 00000000000..8b62fe8e0aa --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/anchore_grype.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["anchore/grype", "*", "inputs.bootstrap-apt-packages", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/anchore_syft.model.yml b/ql/lib/ext/generated/composite-actions/anchore_syft.model.yml new file mode 100644 index 00000000000..946faca35c9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/anchore_syft.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["anchore/syft", "*", "inputs.bootstrap-apt-packages", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/angular_dev-infra.model.yml b/ql/lib/ext/generated/composite-actions/angular_dev-infra.model.yml new file mode 100644 index 00000000000..b68c9462c1b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/angular_dev-infra.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["angular/dev-infra", "*", "inputs.firebase-public-dir", "code-injection", "generated"] + - ["angular/dev-infra", "*", "inputs.workflow-artifact-name", "code-injection", "generated"] + - ["angular/dev-infra", "*", "inputs.artifact-build-revision", "code-injection", "generated"] + - ["angular/dev-infra", "*", "inputs.pull-number", "code-injection", "generated"] + - ["angular/dev-infra", "*", "inputs.deploy-directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ansible_ansible-lint.model.yml b/ql/lib/ext/generated/composite-actions/ansible_ansible-lint.model.yml new file mode 100644 index 00000000000..aedefc9ee02 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ansible_ansible-lint.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ansible/ansible-lint", "*", "inputs.args", "code-injection", "generated"] + - ["ansible/ansible-lint", "*", "inputs.working_directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ansible_awx.model.yml b/ql/lib/ext/generated/composite-actions/ansible_awx.model.yml new file mode 100644 index 00000000000..36f7a18e198 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ansible_awx.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ansible/awx", "*", "inputs.log-filename", "code-injection", "generated"] + - ["ansible/awx", "*", "inputs.github-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_arrow-datafusion.model.yml b/ql/lib/ext/generated/composite-actions/apache_arrow-datafusion.model.yml new file mode 100644 index 00000000000..a1d324f44bd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_arrow-datafusion.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/arrow-datafusion", "*", "inputs.rust-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_arrow-rs.model.yml b/ql/lib/ext/generated/composite-actions/apache_arrow-rs.model.yml new file mode 100644 index 00000000000..53142801fec --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_arrow-rs.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/arrow-rs", "*", "inputs.target", "code-injection", "generated"] + - ["apache/arrow-rs", "*", "inputs.rust-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_arrow.model.yml b/ql/lib/ext/generated/composite-actions/apache_arrow.model.yml new file mode 100644 index 00000000000..5170beb3a7a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_arrow.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/arrow", "*", "inputs.upload", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_bookkeeper.model.yml b/ql/lib/ext/generated/composite-actions/apache_bookkeeper.model.yml new file mode 100644 index 00000000000..1fabdd9085b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_bookkeeper.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/bookkeeper", "*", "inputs.mode", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_brpc.model.yml b/ql/lib/ext/generated/composite-actions/apache_brpc.model.yml new file mode 100644 index 00000000000..370d3c6954e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_brpc.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/brpc", "*", "inputs.options", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_camel-k.model.yml b/ql/lib/ext/generated/composite-actions/apache_camel-k.model.yml new file mode 100644 index 00000000000..ac0156b719f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_camel-k.model.yml @@ -0,0 +1,17 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/camel-k", "*", "inputs.test-suite", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.image-version", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.image-registry-insecure", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.image-name", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.image-registry-host", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.catalog-source-namespace", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.catalog-source-name", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.image-namespace", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.version", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.otlp-collector-image-version", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.otlp-collector-image-name", "code-injection", "generated"] + - ["apache/camel-k", "*", "inputs.global-operator-namespace", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_camel.model.yml b/ql/lib/ext/generated/composite-actions/apache_camel.model.yml new file mode 100644 index 00000000000..9ee197ed884 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_camel.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/camel", "*", "inputs.end-commit", "code-injection", "generated"] + - ["apache/camel", "*", "inputs.start-commit", "code-injection", "generated"] + - ["apache/camel", "*", "inputs.distribution", "code-injection", "generated"] + - ["apache/camel", "*", "inputs.version", "code-injection", "generated"] + - ["apache/camel", "*", "inputs.pr-id", "code-injection", "generated"] + - ["apache/camel", "*", "inputs.mode", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_flink.model.yml b/ql/lib/ext/generated/composite-actions/apache_flink.model.yml new file mode 100644 index 00000000000..99a1e4cec71 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_flink.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/flink", "*", "inputs.maven-parameters", "code-injection", "generated"] + - ["apache/flink", "*", "inputs.env", "code-injection", "generated"] + - ["apache/flink", "*", "inputs.target_directory", "code-injection", "generated"] + - ["apache/flink", "*", "inputs.source_directory", "code-injection", "generated"] + - ["apache/flink", "*", "inputs.jdk_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_nuttx.model.yml b/ql/lib/ext/generated/composite-actions/apache_nuttx.model.yml new file mode 100644 index 00000000000..d2a6dbd4929 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_nuttx.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/nuttx", "*", "inputs.haskell", "code-injection", "generated"] + - ["apache/nuttx", "*", "inputs.dotnet", "code-injection", "generated"] + - ["apache/nuttx", "*", "inputs.android", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_opendal.model.yml b/ql/lib/ext/generated/composite-actions/apache_opendal.model.yml new file mode 100644 index 00000000000..13a9ff475b9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_opendal.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/opendal", "*", "inputs.feature", "code-injection", "generated"] + - ["apache/opendal", "*", "inputs.setup", "code-injection", "generated"] + - ["apache/opendal", "*", "inputs.service", "code-injection", "generated"] + - ["apache/opendal", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_pekko.model.yml b/ql/lib/ext/generated/composite-actions/apache_pekko.model.yml new file mode 100644 index 00000000000..a173154bec0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_pekko.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/pekko", "*", "inputs.upload", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_pulsar-helm-chart.model.yml b/ql/lib/ext/generated/composite-actions/apache_pulsar-helm-chart.model.yml new file mode 100644 index 00000000000..f7a5017d2fb --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_pulsar-helm-chart.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/pulsar-helm-chart", "*", "inputs.limit-access-to-users", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.limit-access-to-actor", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.secure-access", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.action", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.yamale_version", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.yamllint_version", "code-injection", "generated"] + - ["apache/pulsar-helm-chart", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/apache_superset.model.yml b/ql/lib/ext/generated/composite-actions/apache_superset.model.yml new file mode 100644 index 00000000000..1bcf118810f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/apache_superset.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/superset", "*", "inputs.requirements-type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/appflowy-io_appflowy.model.yml b/ql/lib/ext/generated/composite-actions/appflowy-io_appflowy.model.yml new file mode 100644 index 00000000000..fb210d5af55 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/appflowy-io_appflowy.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["appflowy-io/appflowy", "*", "inputs.test_path", "code-injection", "generated"] + - ["appflowy-io/appflowy", "*", "inputs.flutter_profile", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/aptos-labs_aptos-core.model.yml b/ql/lib/ext/generated/composite-actions/aptos-labs_aptos-core.model.yml new file mode 100644 index 00000000000..77554b9872e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/aptos-labs_aptos-core.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aptos-labs/aptos-core", "*", "inputs.GIT_CREDENTIALS", "code-injection", "generated"] + - ["aptos-labs/aptos-core", "*", "inputs.GCP_DOCKER_ARTIFACT_REPO", "code-injection", "generated"] + - ["aptos-labs/aptos-core", "*", "inputs.IMAGE_TAG", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/archivesspace_archivesspace.model.yml b/ql/lib/ext/generated/composite-actions/archivesspace_archivesspace.model.yml new file mode 100644 index 00000000000..7fc1eaaca48 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/archivesspace_archivesspace.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["archivesspace/archivesspace", "*", "inputs.mysql-connector-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/armadaproject_armada.model.yml b/ql/lib/ext/generated/composite-actions/armadaproject_armada.model.yml new file mode 100644 index 00000000000..921095f8a38 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/armadaproject_armada.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["armadaproject/armada", "*", "inputs.tox-env", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/armbian_build.model.yml b/ql/lib/ext/generated/composite-actions/armbian_build.model.yml new file mode 100644 index 00000000000..e8dba39c742 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/armbian_build.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["armbian/build", "*", "inputs.armbian_pgp_password", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_extensions", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_release", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_kernel_branch", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_board", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_target", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_branch", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_ui", "code-injection", "generated"] + - ["armbian/build", "*", "inputs.armbian_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/auth0_auth0-java.model.yml b/ql/lib/ext/generated/composite-actions/auth0_auth0-java.model.yml new file mode 100644 index 00000000000..69970d3419b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/auth0_auth0-java.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["auth0/auth0-java", "*", "inputs.signing-password", "code-injection", "generated"] + - ["auth0/auth0-java", "*", "inputs.signing-key", "code-injection", "generated"] + - ["auth0/auth0-java", "*", "inputs.ossr-password", "code-injection", "generated"] + - ["auth0/auth0-java", "*", "inputs.ossr-username", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/auth0_auth0.net.model.yml b/ql/lib/ext/generated/composite-actions/auth0_auth0.net.model.yml new file mode 100644 index 00000000000..b57797cc643 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/auth0_auth0.net.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["auth0/auth0.net", "*", "inputs.nuget-token", "code-injection", "generated"] + - ["auth0/auth0.net", "*", "inputs.nuget-directory", "code-injection", "generated"] + - ["auth0/auth0.net", "*", "inputs.project-paths", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/auth0_auth0.swift.model.yml b/ql/lib/ext/generated/composite-actions/auth0_auth0.swift.model.yml new file mode 100644 index 00000000000..08b65cea6d7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/auth0_auth0.swift.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["auth0/auth0.swift", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/autogluon_autogluon.model.yml b/ql/lib/ext/generated/composite-actions/autogluon_autogluon.model.yml new file mode 100644 index 00000000000..453e60f3595 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/autogluon_autogluon.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["autogluon/autogluon", "*", "inputs.submodule-to-test", "code-injection", "generated"] + - ["autogluon/autogluon", "*", "inputs.command", "code-injection", "generated"] + - ["autogluon/autogluon", "*", "inputs.work-dir", "code-injection", "generated"] + - ["autogluon/autogluon", "*", "inputs.job-name", "code-injection", "generated"] + - ["autogluon/autogluon", "*", "inputs.job-type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/avaiga_taipy.model.yml b/ql/lib/ext/generated/composite-actions/avaiga_taipy.model.yml new file mode 100644 index 00000000000..012802b8006 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/avaiga_taipy.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["avaiga/taipy", "*", "inputs.python-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/aws-amplify_amplify-cli.model.yml b/ql/lib/ext/generated/composite-actions/aws-amplify_amplify-cli.model.yml new file mode 100644 index 00000000000..a397a77f6dc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/aws-amplify_amplify-cli.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aws-amplify/amplify-cli", "*", "inputs.cli-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/aws_amazon-vpc-cni-k8s.model.yml b/ql/lib/ext/generated/composite-actions/aws_amazon-vpc-cni-k8s.model.yml new file mode 100644 index 00000000000..15de610c981 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/aws_amazon-vpc-cni-k8s.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aws/amazon-vpc-cni-k8s", "*", "inputs.go-package", "code-injection", "generated"] + - ["aws/amazon-vpc-cni-k8s", "*", "inputs.work-dir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/aws_karpenter-provider-aws.model.yml b/ql/lib/ext/generated/composite-actions/aws_karpenter-provider-aws.model.yml new file mode 100644 index 00000000000..ad6e7e806cd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/aws_karpenter-provider-aws.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aws/karpenter-provider-aws", "*", "inputs.account_id", "code-injection", "generated"] + - ["aws/karpenter-provider-aws", "*", "inputs.cluster_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/awslabs_amazon-eks-ami.model.yml b/ql/lib/ext/generated/composite-actions/awslabs_amazon-eks-ami.model.yml new file mode 100644 index 00000000000..67631102d71 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/awslabs_amazon-eks-ami.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["awslabs/amazon-eks-ami", "*", "inputs.max_resource_age_duration", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.aws_region", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.ami_id", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.k8s_version", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.os_distro", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.additional_arguments", "code-injection", "generated"] + - ["awslabs/amazon-eks-ami", "*", "inputs.build_id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/awslabs_aws-lambda-rust-runtime.model.yml b/ql/lib/ext/generated/composite-actions/awslabs_aws-lambda-rust-runtime.model.yml new file mode 100644 index 00000000000..098d7c139fa --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/awslabs_aws-lambda-rust-runtime.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["awslabs/aws-lambda-rust-runtime", "*", "inputs.package", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/azerothcore_azerothcore-wotlk.model.yml b/ql/lib/ext/generated/composite-actions/azerothcore_azerothcore-wotlk.model.yml new file mode 100644 index 00000000000..def12e48741 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/azerothcore_azerothcore-wotlk.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["azerothcore/azerothcore-wotlk", "*", "inputs.CXX", "code-injection", "generated"] + - ["azerothcore/azerothcore-wotlk", "*", "inputs.CC", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/azure_azure-datafactory.model.yml b/ql/lib/ext/generated/composite-actions/azure_azure-datafactory.model.yml new file mode 100644 index 00000000000..768db7317cc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/azure_azure-datafactory.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["azure/azure-datafactory", "*", "inputs.directory", "code-injection", "generated"] + - ["azure/azure-datafactory", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/badges_shields.model.yml b/ql/lib/ext/generated/composite-actions/badges_shields.model.yml new file mode 100644 index 00000000000..55218009c02 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/badges_shields.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["badges/shields", "*", "inputs.npm-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/balena-io_etcher.model.yml b/ql/lib/ext/generated/composite-actions/balena-io_etcher.model.yml new file mode 100644 index 00000000000..17ec5471e85 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/balena-io_etcher.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["balena-io/etcher", "*", "inputs.VERBOSE", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/balena-os_balena-engine.model.yml b/ql/lib/ext/generated/composite-actions/balena-os_balena-engine.model.yml new file mode 100644 index 00000000000..55cd8b18241 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/balena-os_balena-engine.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["balena-os/balena-engine", "*", "inputs.VERBOSE", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ben-manes_caffeine.model.yml b/ql/lib/ext/generated/composite-actions/ben-manes_caffeine.model.yml new file mode 100644 index 00000000000..328d58d9e42 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ben-manes_caffeine.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ben-manes/caffeine", "*", "inputs.attempt-delay", "code-injection", "generated"] + - ["ben-manes/caffeine", "*", "inputs.attempt-limit", "code-injection", "generated"] + - ["ben-manes/caffeine", "*", "inputs.arguments", "code-injection", "generated"] + - ["ben-manes/caffeine", "*", "inputs.graal", "code-injection", "generated"] + - ["ben-manes/caffeine", "*", "inputs.java", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/bokeh_bokeh.model.yml b/ql/lib/ext/generated/composite-actions/bokeh_bokeh.model.yml new file mode 100644 index 00000000000..836bda1041a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/bokeh_bokeh.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bokeh/bokeh", "*", "inputs.test-env", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/botpress_botpress.model.yml b/ql/lib/ext/generated/composite-actions/botpress_botpress.model.yml new file mode 100644 index 00000000000..b6f9ee027f1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/botpress_botpress.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["botpress/botpress", "*", "inputs.tilt_cmd", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/braintree_braintree-android-drop-in.model.yml b/ql/lib/ext/generated/composite-actions/braintree_braintree-android-drop-in.model.yml new file mode 100644 index 00000000000..2f6458219b6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/braintree_braintree-android-drop-in.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["braintree/braintree-android-drop-in", "*", "inputs.version", "code-injection", "generated"] + - ["braintree/braintree-android-drop-in", "*", "inputs.signing_file_path", "code-injection", "generated"] + - ["braintree/braintree-android-drop-in", "*", "inputs.signing_key_file", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/braintree_braintree_android.model.yml b/ql/lib/ext/generated/composite-actions/braintree_braintree_android.model.yml new file mode 100644 index 00000000000..374a13ccd82 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/braintree_braintree_android.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["braintree/braintree/android", "*", "inputs.version", "code-injection", "generated"] + - ["braintree/braintree/android", "*", "inputs.module", "code-injection", "generated"] + - ["braintree/braintree/android", "*", "inputs.signing_file_path", "code-injection", "generated"] + - ["braintree/braintree/android", "*", "inputs.signing_key_file", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/broadinstitute_gatk.model.yml b/ql/lib/ext/generated/composite-actions/broadinstitute_gatk.model.yml new file mode 100644 index 00000000000..fb4608ec70b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/broadinstitute_gatk.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["broadinstitute/gatk", "*", "inputs.identifier", "code-injection", "generated"] + - ["broadinstitute/gatk", "*", "inputs.repo-path", "code-injection", "generated"] + - ["broadinstitute/gatk", "*", "inputs.CROMWELL_VERSION", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/canonical_multipass.model.yml b/ql/lib/ext/generated/composite-actions/canonical_multipass.model.yml new file mode 100644 index 00000000000..3a6a4575d30 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/canonical_multipass.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["canonical/multipass", "*", "inputs.release-tag-re", "code-injection", "generated"] + - ["canonical/multipass", "*", "inputs.release-branch-re", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/chia-network_actions.model.yml b/ql/lib/ext/generated/composite-actions/chia-network_actions.model.yml new file mode 100644 index 00000000000..d21c609e5ed --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/chia-network_actions.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chia-network/actions", "*", "inputs.keypair_path", "code-injection", "generated"] + - ["chia-network/actions", "*", "inputs.role_name", "code-injection", "generated"] + - ["chia-network/actions", "*", "inputs.backend_name", "code-injection", "generated"] + - ["chia-network/actions", "*", "inputs.vault_url", "code-injection", "generated"] + - ["chia-network/actions", "*", "inputs.ttl", "code-injection", "generated"] + - ["chia-network/actions", "*", "inputs.vault_token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/chia-network_chia-blockchain.model.yml b/ql/lib/ext/generated/composite-actions/chia-network_chia-blockchain.model.yml new file mode 100644 index 00000000000..76c92f51d26 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/chia-network_chia-blockchain.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chia-network/chia-blockchain", "*", "inputs.command-prefix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/chipsalliance_chisel.model.yml b/ql/lib/ext/generated/composite-actions/chipsalliance_chisel.model.yml new file mode 100644 index 00000000000..dc48b2e8d20 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/chipsalliance_chisel.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chipsalliance/chisel", "*", "inputs.version", "code-injection", "generated"] + - ["chipsalliance/chisel", "*", "inputs.file-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/chocobozzz_peertube.model.yml b/ql/lib/ext/generated/composite-actions/chocobozzz_peertube.model.yml new file mode 100644 index 00000000000..b46b5592ac5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/chocobozzz_peertube.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chocobozzz/peertube", "*", "inputs.deployKey", "code-injection", "generated"] + - ["chocobozzz/peertube", "*", "inputs.knownHosts", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cilium_cilium-cli.model.yml b/ql/lib/ext/generated/composite-actions/cilium_cilium-cli.model.yml new file mode 100644 index 00000000000..a38482ba696 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cilium_cilium-cli.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cilium/cilium-cli", "*", "inputs.binary-name", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.binary-dir", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.ci-version", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.release-version", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.repository", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.go-mod-directory", "code-injection", "generated"] + - ["cilium/cilium-cli", "*", "inputs.local-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cilium_cilium.model.yml b/ql/lib/ext/generated/composite-actions/cilium_cilium.model.yml new file mode 100644 index 00000000000..ca1bf2f894f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cilium_cilium.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cilium/cilium", "*", "inputs.job-name", "code-injection", "generated"] + - ["cilium/cilium", "*", "inputs.lb-acceleration", "code-injection", "generated"] + - ["cilium/cilium", "*", "inputs.mutual-auth", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/citusdata_citus.model.yml b/ql/lib/ext/generated/composite-actions/citusdata_citus.model.yml new file mode 100644 index 00000000000..4a46ca788e5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/citusdata_citus.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["citusdata/citus", "*", "inputs.flags", "code-injection", "generated"] + - ["citusdata/citus", "*", "inputs.pg_major", "code-injection", "generated"] + - ["citusdata/citus", "*", "inputs.count", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/clerk_javascript.model.yml b/ql/lib/ext/generated/composite-actions/clerk_javascript.model.yml new file mode 100644 index 00000000000..b1c5270165b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/clerk_javascript.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["clerk/javascript", "*", "inputs.auth-email", "code-injection", "generated"] + - ["clerk/javascript", "*", "inputs.auth-password", "code-injection", "generated"] + - ["clerk/javascript", "*", "inputs.auth-user", "code-injection", "generated"] + - ["clerk/javascript", "*", "inputs.registry", "code-injection", "generated"] + - ["clerk/javascript", "*", "inputs.publish-cmd", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cloud-custodian_cloud-custodian.model.yml b/ql/lib/ext/generated/composite-actions/cloud-custodian_cloud-custodian.model.yml new file mode 100644 index 00000000000..9fcaa3fff76 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cloud-custodian_cloud-custodian.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cloud-custodian/cloud-custodian", "*", "inputs.poetry-version", "code-injection", "generated"] + - ["cloud-custodian/cloud-custodian", "*", "inputs.bucket-url", "code-injection", "generated"] + - ["cloud-custodian/cloud-custodian", "*", "inputs.docs-dir", "code-injection", "generated"] + - ["cloud-custodian/cloud-custodian", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cloudflare_workers-sdk.model.yml b/ql/lib/ext/generated/composite-actions/cloudflare_workers-sdk.model.yml new file mode 100644 index 00000000000..f21c3c1f9de --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cloudflare_workers-sdk.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cloudflare/workers-sdk", "*", "inputs.package-manager", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cloudfoundry_cloud_controller_ng.model.yml b/ql/lib/ext/generated/composite-actions/cloudfoundry_cloud_controller_ng.model.yml new file mode 100644 index 00000000000..7ff68860cf8 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cloudfoundry_cloud_controller_ng.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cloudfoundry/cloud_controller/ng", "*", "inputs.BOSH_CLI_VERSION", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/coder_coder.model.yml b/ql/lib/ext/generated/composite-actions/coder_coder.model.yml new file mode 100644 index 00000000000..9e3d5bd41e3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/coder_coder.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["coder/coder", "*", "inputs.api-key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/coil-kt_coil.model.yml b/ql/lib/ext/generated/composite-actions/coil-kt_coil.model.yml new file mode 100644 index 00000000000..63373bd78a7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/coil-kt_coil.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["coil-kt/coil", "*", "inputs.api-level", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/commaai_openpilot.model.yml b/ql/lib/ext/generated/composite-actions/commaai_openpilot.model.yml new file mode 100644 index 00000000000..529614b8d79 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/commaai_openpilot.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["commaai/openpilot", "*", "inputs.sleep_time", "code-injection", "generated"] + - ["commaai/openpilot", "*", "inputs.docker_hub_pat", "code-injection", "generated"] + - ["commaai/openpilot", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/conan-io_conan-center-index.model.yml b/ql/lib/ext/generated/composite-actions/conan-io_conan-center-index.model.yml new file mode 100644 index 00000000000..ce3ce91d773 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/conan-io_conan-center-index.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["conan-io/conan-center-index", "*", "inputs.files", "code-injection", "generated"] + - ["conan-io/conan-center-index", "*", "inputs.reviewers", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/corretto_corretto-8.model.yml b/ql/lib/ext/generated/composite-actions/corretto_corretto-8.model.yml new file mode 100644 index 00000000000..ececaa835e9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/corretto_corretto-8.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["corretto/corretto-8", "*", "inputs.version-branch", "code-injection", "generated"] + - ["corretto/corretto-8", "*", "inputs.upstream", "code-injection", "generated"] + - ["corretto/corretto-8", "*", "inputs.merge-branch", "code-injection", "generated"] + - ["corretto/corretto-8", "*", "inputs.local-branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cosmos_cosmos-sdk.model.yml b/ql/lib/ext/generated/composite-actions/cosmos_cosmos-sdk.model.yml new file mode 100644 index 00000000000..0c19019e4f3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cosmos_cosmos-sdk.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cosmos/cosmos-sdk", "*", "inputs.github_token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/coturn_coturn.model.yml b/ql/lib/ext/generated/composite-actions/coturn_coturn.model.yml new file mode 100644 index 00000000000..67a21fc2e86 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/coturn_coturn.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["coturn/coturn", "*", "inputs.SUDO", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/crunchydata_postgres-operator.model.yml b/ql/lib/ext/generated/composite-actions/crunchydata_postgres-operator.model.yml new file mode 100644 index 00000000000..3f0c5e645de --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/crunchydata_postgres-operator.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["crunchydata/postgres-operator", "*", "inputs.k3s-channel", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/cvc5_cvc5.model.yml b/ql/lib/ext/generated/composite-actions/cvc5_cvc5.model.yml new file mode 100644 index 00000000000..470109b5e85 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/cvc5_cvc5.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cvc5/cvc5", "*", "inputs.build-dir", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.macos-target", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.check-examples", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.check-python-bindings", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.check-install", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.regressions-exclude", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.strip-bin", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.configure-config", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.configure-env", "code-injection", "generated"] + - ["cvc5/cvc5", "*", "inputs.package-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/d2l-ai_d2l-en.model.yml b/ql/lib/ext/generated/composite-actions/d2l-ai_d2l-en.model.yml new file mode 100644 index 00000000000..5ffefd58e53 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/d2l-ai_d2l-en.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["d2l-ai/d2l-en", "*", "inputs.command", "code-injection", "generated"] + - ["d2l-ai/d2l-en", "*", "inputs.work-dir", "code-injection", "generated"] + - ["d2l-ai/d2l-en", "*", "inputs.job-name", "code-injection", "generated"] + - ["d2l-ai/d2l-en", "*", "inputs.job-type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/danysk_build-check-deploy-gradle-action.model.yml b/ql/lib/ext/generated/composite-actions/danysk_build-check-deploy-gradle-action.model.yml new file mode 100644 index 00000000000..742e1876811 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/danysk_build-check-deploy-gradle-action.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.clean-command", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.deploy-command", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.wait-between-retries", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.retries-on-failure", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.check-command", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.build-command", "code-injection", "generated"] + - ["danysk/build-check-deploy-gradle-action", "*", "inputs.pre-build-command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/datadog_dd-trace-dotnet.model.yml b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-dotnet.model.yml new file mode 100644 index 00000000000..97c75ae6f5c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-dotnet.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datadog/dd-trace-dotnet", "*", "inputs.command", "code-injection", "generated"] + - ["datadog/dd-trace-dotnet", "*", "inputs.baseImage", "code-injection", "generated"] + - ["datadog/dd-trace-dotnet", "*", "inputs.aas_github_token", "code-injection", "generated"] + - ["datadog/dd-trace-dotnet", "*", "inputs.artifacts_path", "code-injection", "generated"] + - ["datadog/dd-trace-dotnet", "*", "inputs.github_token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/datadog_dd-trace-go.model.yml b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-go.model.yml new file mode 100644 index 00000000000..fa98e84315d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-go.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datadog/dd-trace-go", "*", "inputs.files", "code-injection", "generated"] + - ["datadog/dd-trace-go", "*", "inputs.tags", "code-injection", "generated"] + - ["datadog/dd-trace-go", "*", "inputs.service", "code-injection", "generated"] + - ["datadog/dd-trace-go", "*", "inputs.dd-api-key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/datadog_dd-trace-js.model.yml b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-js.model.yml new file mode 100644 index 00000000000..3bc48b644d0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/datadog_dd-trace-js.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datadog/dd-trace-js", "*", "inputs.container-id", "code-injection", "generated"] + - ["datadog/dd-trace-js", "*", "inputs.init-image-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/datafuselabs_databend.model.yml b/ql/lib/ext/generated/composite-actions/datafuselabs_databend.model.yml new file mode 100644 index 00000000000..81e07943026 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/datafuselabs_databend.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datafuselabs/databend", "*", "inputs.dataset", "code-injection", "generated"] + - ["datafuselabs/databend", "*", "inputs.dirs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/davatorium_rofi.model.yml b/ql/lib/ext/generated/composite-actions/davatorium_rofi.model.yml new file mode 100644 index 00000000000..a1fdb476748 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/davatorium_rofi.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["davatorium/rofi", "*", "inputs.logfile", "code-injection", "generated"] + - ["davatorium/rofi", "*", "inputs.windowmode", "code-injection", "generated"] + - ["davatorium/rofi", "*", "inputs.cc", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/debezium_debezium.model.yml b/ql/lib/ext/generated/composite-actions/debezium_debezium.model.yml new file mode 100644 index 00000000000..5744f3e7495 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/debezium_debezium.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["debezium/debezium", "*", "inputs.path-core", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/defenseunicorns_zarf.model.yml b/ql/lib/ext/generated/composite-actions/defenseunicorns_zarf.model.yml new file mode 100644 index 00000000000..852e39799d9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/defenseunicorns_zarf.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["defenseunicorns/zarf", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/demarches-simplifiees_demarches-simplifiees.fr.model.yml b/ql/lib/ext/generated/composite-actions/demarches-simplifiees_demarches-simplifiees.fr.model.yml new file mode 100644 index 00000000000..a0d7eb51354 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/demarches-simplifiees_demarches-simplifiees.fr.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["demarches-simplifiees/demarches-simplifiees.fr", "*", "inputs.results_path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/department-of-veterans-affairs_vets-website.model.yml b/ql/lib/ext/generated/composite-actions/department-of-veterans-affairs_vets-website.model.yml new file mode 100644 index 00000000000..8d10d22cd5c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/department-of-veterans-affairs_vets-website.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["department-of-veterans-affairs/vets-website", "*", "inputs.delimiter", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/devexpress_devextreme.model.yml b/ql/lib/ext/generated/composite-actions/devexpress_devextreme.model.yml new file mode 100644 index 00000000000..c99c630853e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/devexpress_devextreme.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["devexpress/devextreme", "*", "inputs.name", "code-injection", "generated"] + - ["devexpress/devextreme", "*", "inputs.result", "code-injection", "generated"] + - ["devexpress/devextreme", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/diggerhq_digger.model.yml b/ql/lib/ext/generated/composite-actions/diggerhq_digger.model.yml new file mode 100644 index 00000000000..8554ebec65f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/diggerhq_digger.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["diggerhq/digger", "*", "inputs.checkov-version", "code-injection", "generated"] + - ["diggerhq/digger", "*", "inputs.google-auth-credentials", "code-injection", "generated"] + - ["diggerhq/digger", "*", "inputs.google-workload-identity-provider", "code-injection", "generated"] + - ["diggerhq/digger", "*", "inputs.google-service-account", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/diku-dk_futhark.model.yml b/ql/lib/ext/generated/composite-actions/diku-dk_futhark.model.yml new file mode 100644 index 00000000000..6f0878a77cb --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/diku-dk_futhark.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["diku-dk/futhark", "*", "inputs.script", "code-injection", "generated"] + - ["diku-dk/futhark", "*", "inputs.slurm-options", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/discourse_.github.model.yml b/ql/lib/ext/generated/composite-actions/discourse_.github.model.yml new file mode 100644 index 00000000000..198109f790c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/discourse_.github.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["discourse/.github", "*", "inputs.about_json_path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/dnsjava_dnsjava.model.yml b/ql/lib/ext/generated/composite-actions/dnsjava_dnsjava.model.yml new file mode 100644 index 00000000000..e634eaa38a2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/dnsjava_dnsjava.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dnsjava/dnsjava", "*", "inputs.name", "code-injection", "generated"] + - ["dnsjava/dnsjava", "*", "inputs.filename", "code-injection", "generated"] + - ["dnsjava/dnsjava", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/dotintent_react-native-ble-plx.model.yml b/ql/lib/ext/generated/composite-actions/dotintent_react-native-ble-plx.model.yml new file mode 100644 index 00000000000..e26ba9755d0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/dotintent_react-native-ble-plx.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dotintent/react-native-ble-plx", "*", "inputs.REACT_NATIVE_VERSION", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/dotnet_docs-tools.model.yml b/ql/lib/ext/generated/composite-actions/dotnet_docs-tools.model.yml new file mode 100644 index 00000000000..2cda1936f01 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/dotnet_docs-tools.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dotnet/docs-tools", "*", "inputs.support", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/dotnet_dotnet-monitor.model.yml b/ql/lib/ext/generated/composite-actions/dotnet_dotnet-monitor.model.yml new file mode 100644 index 00000000000..f83cf533944 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/dotnet_dotnet-monitor.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dotnet/dotnet-monitor", "*", "inputs.files_to_commit", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/dragonflydb_dragonfly.model.yml b/ql/lib/ext/generated/composite-actions/dragonflydb_dragonfly.model.yml new file mode 100644 index 00000000000..5af04ac6ac7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/dragonflydb_dragonfly.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dragonflydb/dragonfly", "*", "inputs.gspace-secret", "code-injection", "generated"] + - ["dragonflydb/dragonfly", "*", "inputs.filter", "code-injection", "generated"] + - ["dragonflydb/dragonfly", "*", "inputs.dfly-executable", "code-injection", "generated"] + - ["dragonflydb/dragonfly", "*", "inputs.build-folder-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/eksctl-io_eksctl.model.yml b/ql/lib/ext/generated/composite-actions/eksctl-io_eksctl.model.yml new file mode 100644 index 00000000000..0d0cae87e09 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/eksctl-io_eksctl.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["eksctl-io/eksctl", "*", "inputs.token", "code-injection", "generated"] + - ["eksctl-io/eksctl", "*", "inputs.email", "code-injection", "generated"] + - ["eksctl-io/eksctl", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/elastic_apm-agent-dotnet.model.yml b/ql/lib/ext/generated/composite-actions/elastic_apm-agent-dotnet.model.yml new file mode 100644 index 00000000000..070b502e188 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/elastic_apm-agent-dotnet.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["elastic/apm-agent-dotnet", "*", "inputs.project", "code-injection", "generated"] + - ["elastic/apm-agent-dotnet", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/elastic_apm-agent-java.model.yml b/ql/lib/ext/generated/composite-actions/elastic_apm-agent-java.model.yml new file mode 100644 index 00000000000..6c0cf90523a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/elastic_apm-agent-java.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["elastic/apm-agent-java", "*", "inputs.tag", "code-injection", "generated"] + - ["elastic/apm-agent-java", "*", "inputs.path", "code-injection", "generated"] + - ["elastic/apm-agent-java", "*", "inputs.name", "code-injection", "generated"] + - ["elastic/apm-agent-java", "*", "inputs.test-java-version", "code-injection", "generated"] + - ["elastic/apm-agent-java", "*", "inputs.command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/elementor_elementor.model.yml b/ql/lib/ext/generated/composite-actions/elementor_elementor.model.yml new file mode 100644 index 00000000000..ca6459221d4 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/elementor_elementor.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["elementor/elementor", "*", "inputs.README_TXT_PATH", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.CHANNEL", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.PACKAGE_VERSION", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.MESSAGE", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.SLACK_TOKEN", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.SLACK_CHANNELS", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.PRERELEASE", "code-injection", "generated"] + - ["elementor/elementor", "*", "inputs.TAG_NAME", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/emberjs_data.model.yml b/ql/lib/ext/generated/composite-actions/emberjs_data.model.yml new file mode 100644 index 00000000000..79d14b65bcc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/emberjs_data.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["emberjs/data", "*", "inputs.jobs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/emqx_emqx.model.yml b/ql/lib/ext/generated/composite-actions/emqx_emqx.model.yml new file mode 100644 index 00000000000..69771693787 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/emqx_emqx.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["emqx/emqx", "*", "inputs.profile", "code-injection", "generated"] + - ["emqx/emqx", "*", "inputs.otp", "code-injection", "generated"] + - ["emqx/emqx", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/eonasdan_tempus-dominus.model.yml b/ql/lib/ext/generated/composite-actions/eonasdan_tempus-dominus.model.yml new file mode 100644 index 00000000000..a5a3cfbb1c9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/eonasdan_tempus-dominus.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["eonasdan/tempus-dominus", "*", "inputs.VERSION", "code-injection", "generated"] + - ["eonasdan/tempus-dominus", "*", "inputs.NUGET_API_KEY", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/erlang_otp.model.yml b/ql/lib/ext/generated/composite-actions/erlang_otp.model.yml new file mode 100644 index 00000000000..2000f5d9d00 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/erlang_otp.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["erlang/otp", "*", "inputs.TYPE", "code-injection", "generated"] + - ["erlang/otp", "*", "inputs.BASE_BRANCH", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/esphome_esphome.model.yml b/ql/lib/ext/generated/composite-actions/esphome_esphome.model.yml new file mode 100644 index 00000000000..95164c659ed --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/esphome_esphome.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["esphome/esphome", "*", "inputs.target", "code-injection", "generated"] + - ["esphome/esphome", "*", "inputs.suffix", "code-injection", "generated"] + - ["esphome/esphome", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/expensify_app.model.yml b/ql/lib/ext/generated/composite-actions/expensify_app.model.yml new file mode 100644 index 00000000000..7e3b5e4caf6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/expensify_app.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["expensify/app", "*", "inputs.GPG_PASSPHRASE", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.PACKAGE_SCRIPT_NAME", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.EXPENSIFY_PARTNER_PASSWORD_EMAIL", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.EXPENSIFY_PARTNER_USER_SECRET", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.EXPENSIFY_PARTNER_USER_ID", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.EXPENSIFY_PARTNER_PASSWORD", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.PATH_ENV_FILE", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.EXPENSIFY_PARTNER_NAME", "code-injection", "generated"] + - ["expensify/app", "*", "inputs.MAPBOX_SDK_DOWNLOAD_TOKEN", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/expo_expo.model.yml b/ql/lib/ext/generated/composite-actions/expo_expo.model.yml new file mode 100644 index 00000000000..f335170dc85 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/expo_expo.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["expo/expo", "*", "inputs.ndk-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/expo_vscode-expo.model.yml b/ql/lib/ext/generated/composite-actions/expo_vscode-expo.model.yml new file mode 100644 index 00000000000..555fa42a79c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/expo_vscode-expo.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["expo/vscode-expo", "*", "inputs.command", "code-injection", "generated"] + - ["expo/vscode-expo", "*", "inputs.semver", "code-injection", "generated"] + - ["expo/vscode-expo", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/external-secrets_external-secrets.model.yml b/ql/lib/ext/generated/composite-actions/external-secrets_external-secrets.model.yml new file mode 100644 index 00000000000..8fd9440729f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/external-secrets_external-secrets.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["external-secrets/external-secrets", "*", "inputs.image-tag", "code-injection", "generated"] + - ["external-secrets/external-secrets", "*", "inputs.image-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/facebook_buck2.model.yml b/ql/lib/ext/generated/composite-actions/facebook_buck2.model.yml new file mode 100644 index 00000000000..f9479e11aab --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/facebook_buck2.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebook/buck2", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/facebook_flow.model.yml b/ql/lib/ext/generated/composite-actions/facebook_flow.model.yml new file mode 100644 index 00000000000..711eabc2bfa --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/facebook_flow.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebook/flow", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/facebook_yoga.model.yml b/ql/lib/ext/generated/composite-actions/facebook_yoga.model.yml new file mode 100644 index 00000000000..745f89d8677 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/facebook_yoga.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebook/yoga", "*", "inputs.version", "code-injection", "generated"] + - ["facebook/yoga", "*", "inputs.directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/facebookresearch_xformers.model.yml b/ql/lib/ext/generated/composite-actions/facebookresearch_xformers.model.yml new file mode 100644 index 00000000000..a732e2fac3f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/facebookresearch_xformers.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebookresearch/xformers", "*", "inputs.arch", "code-injection", "generated"] + - ["facebookresearch/xformers", "*", "inputs.pytorch_channel", "code-injection", "generated"] + - ["facebookresearch/xformers", "*", "inputs.pytorch_version", "code-injection", "generated"] + - ["facebookresearch/xformers", "*", "inputs.python", "code-injection", "generated"] + - ["facebookresearch/xformers", "*", "inputs.cuda", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/fastly_compute-actions.model.yml b/ql/lib/ext/generated/composite-actions/fastly_compute-actions.model.yml new file mode 100644 index 00000000000..1aebd1199a5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/fastly_compute-actions.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["fastly/compute-actions", "*", "inputs.fastly-api-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/felangel_bloc.model.yml b/ql/lib/ext/generated/composite-actions/felangel_bloc.model.yml new file mode 100644 index 00000000000..708adf528f2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/felangel_bloc.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["felangel/bloc", "*", "inputs.coverage_excludes", "code-injection", "generated"] + - ["felangel/bloc", "*", "inputs.analyze_directories", "code-injection", "generated"] + - ["felangel/bloc", "*", "inputs.report_on", "code-injection", "generated"] + - ["felangel/bloc", "*", "inputs.concurrency", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/firebase_firebase-ios-sdk.model.yml b/ql/lib/ext/generated/composite-actions/firebase_firebase-ios-sdk.model.yml new file mode 100644 index 00000000000..18c02da4443 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/firebase_firebase-ios-sdk.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["firebase/firebase-ios-sdk", "*", "inputs.min-ios-version", "code-injection", "generated"] + - ["firebase/firebase-ios-sdk", "*", "inputs.sources", "code-injection", "generated"] + - ["firebase/firebase-ios-sdk", "*", "inputs.pods", "code-injection", "generated"] + - ["firebase/firebase-ios-sdk", "*", "inputs.notices-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/flaxengine_flaxengine.model.yml b/ql/lib/ext/generated/composite-actions/flaxengine_flaxengine.model.yml new file mode 100644 index 00000000000..c0a44fae749 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/flaxengine_flaxengine.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["flaxengine/flaxengine", "*", "inputs.vulkan-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/flipperdevices_flipperzero-firmware.model.yml b/ql/lib/ext/generated/composite-actions/flipperdevices_flipperzero-firmware.model.yml new file mode 100644 index 00000000000..af0f474bfae --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/flipperdevices_flipperzero-firmware.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["flipperdevices/flipperzero-firmware", "*", "inputs.firmware-version", "code-injection", "generated"] + - ["flipperdevices/flipperzero-firmware", "*", "inputs.firmware-target", "code-injection", "generated"] + - ["flipperdevices/flipperzero-firmware", "*", "inputs.firmware-api", "code-injection", "generated"] + - ["flipperdevices/flipperzero-firmware", "*", "inputs.catalog-api-token", "code-injection", "generated"] + - ["flipperdevices/flipperzero-firmware", "*", "inputs.catalog-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/fluxcd_flux2.model.yml b/ql/lib/ext/generated/composite-actions/fluxcd_flux2.model.yml new file mode 100644 index 00000000000..731ecd5ab1b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/fluxcd_flux2.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["fluxcd/flux2", "*", "inputs.bindir", "code-injection", "generated"] + - ["fluxcd/flux2", "*", "inputs.token", "code-injection", "generated"] + - ["fluxcd/flux2", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/forcedotcom_salesforcedx-vscode.model.yml b/ql/lib/ext/generated/composite-actions/forcedotcom_salesforcedx-vscode.model.yml new file mode 100644 index 00000000000..ca4dc84bbfc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/forcedotcom_salesforcedx-vscode.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["forcedotcom/salesforcedx-vscode", "*", "inputs.email", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/fossasia_visdom.model.yml b/ql/lib/ext/generated/composite-actions/fossasia_visdom.model.yml new file mode 100644 index 00000000000..caa6432efa9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/fossasia_visdom.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["fossasia/visdom", "*", "inputs.loadprbuild", "code-injection", "generated"] + - ["fossasia/visdom", "*", "inputs.usebasebranch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/freckle_stack-action.model.yml b/ql/lib/ext/generated/composite-actions/freckle_stack-action.model.yml new file mode 100644 index 00000000000..a2e78841f69 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/freckle_stack-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["freckle/stack-action", "*", "inputs.find-options", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/freeradius_freeradius-server.model.yml b/ql/lib/ext/generated/composite-actions/freeradius_freeradius-server.model.yml new file mode 100644 index 00000000000..fbb76ae46e8 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/freeradius_freeradius-server.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["freeradius/freeradius-server", "*", "inputs.gcc_ver", "code-injection", "generated"] + - ["freeradius/freeradius-server", "*", "inputs.llvm_ver", "code-injection", "generated"] + - ["freeradius/freeradius-server", "*", "inputs.sql_mysql_test_server", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/gaphor_gaphor.model.yml b/ql/lib/ext/generated/composite-actions/gaphor_gaphor.model.yml new file mode 100644 index 00000000000..23d001db673 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/gaphor_gaphor.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gaphor/gaphor", "*", "inputs.version", "code-injection", "generated"] + - ["gaphor/gaphor", "*", "inputs.base64_encoded_pfx", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/getsentry_action-release.model.yml b/ql/lib/ext/generated/composite-actions/getsentry_action-release.model.yml new file mode 100644 index 00000000000..94c7adf250a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/getsentry_action-release.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["getsentry/action-release", "*", "inputs.working_directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/github_codeql-action.model.yml b/ql/lib/ext/generated/composite-actions/github_codeql-action.model.yml new file mode 100644 index 00000000000..85632a06a75 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/github_codeql-action.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["github/codeql-action", "*", "inputs.latest_tag", "code-injection", "generated"] + - ["github/codeql-action", "*", "inputs.major_version", "code-injection", "generated"] + - ["github/codeql-action", "*", "inputs.version", "code-injection", "generated"] + - ["github/codeql-action", "*", "inputs.use-all-platform-bundle", "code-injection", "generated"] + - ["github/codeql-action", "*", "inputs.expected-config-file-contents", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/github_ruby.model.yml b/ql/lib/ext/generated/composite-actions/github_ruby.model.yml new file mode 100644 index 00000000000..9f002168214 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/github_ruby.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["github/ruby", "*", "inputs.builddir", "code-injection", "generated"] + - ["github/ruby", "*", "inputs.srcdir", "code-injection", "generated"] + - ["github/ruby", "*", "inputs.test-opts", "code-injection", "generated"] + - ["github/ruby", "*", "inputs.report-path", "code-injection", "generated"] + - ["github/ruby", "*", "inputs.launchable-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/gittools_gitversion.model.yml b/ql/lib/ext/generated/composite-actions/gittools_gitversion.model.yml new file mode 100644 index 00000000000..f1191e5c1c6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/gittools_gitversion.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gittools/gitversion", "*", "inputs.distro", "code-injection", "generated"] + - ["gittools/gitversion", "*", "inputs.targetFramework", "code-injection", "generated"] + - ["gittools/gitversion", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/go-spatial_tegola.model.yml b/ql/lib/ext/generated/composite-actions/go-spatial_tegola.model.yml new file mode 100644 index 00000000000..b0e30669c2e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/go-spatial_tegola.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["go-spatial/tegola", "*", "inputs.artifact_name", "code-injection", "generated"] + - ["go-spatial/tegola", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/goauthentik_authentik.model.yml b/ql/lib/ext/generated/composite-actions/goauthentik_authentik.model.yml new file mode 100644 index 00000000000..e26f0a886d9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/goauthentik_authentik.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["goauthentik/authentik", "*", "inputs.postgresql_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/godotengine_godot.model.yml b/ql/lib/ext/generated/composite-actions/godotengine_godot.model.yml new file mode 100644 index 00000000000..4b40b2fda8a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/godotengine_godot.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["godotengine/godot", "*", "inputs.bin", "code-injection", "generated"] + - ["godotengine/godot", "*", "inputs.tests", "code-injection", "generated"] + - ["godotengine/godot", "*", "inputs.target", "code-injection", "generated"] + - ["godotengine/godot", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/google_dagger.model.yml b/ql/lib/ext/generated/composite-actions/google_dagger.model.yml new file mode 100644 index 00000000000..06b6e37ea1c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/google_dagger.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["google/dagger", "*", "inputs.agp", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/googleapis_java-cloud-bom.model.yml b/ql/lib/ext/generated/composite-actions/googleapis_java-cloud-bom.model.yml new file mode 100644 index 00000000000..dab53d9d5a3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/googleapis_java-cloud-bom.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["googleapis/java-cloud-bom", "*", "inputs.bom-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/googleapis_sdk-platform-java.model.yml b/ql/lib/ext/generated/composite-actions/googleapis_sdk-platform-java.model.yml new file mode 100644 index 00000000000..ce485e688f2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/googleapis_sdk-platform-java.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["googleapis/sdk-platform-java", "*", "inputs.bom-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/googlecloudplatform_magic-modules.model.yml b/ql/lib/ext/generated/composite-actions/googlecloudplatform_magic-modules.model.yml new file mode 100644 index 00000000000..82d69349e3a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/googlecloudplatform_magic-modules.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["googlecloudplatform/magic-modules", "*", "inputs.repo", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/gravitational_teleport.model.yml b/ql/lib/ext/generated/composite-actions/gravitational_teleport.model.yml new file mode 100644 index 00000000000..13a6bfe9233 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/gravitational_teleport.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gravitational/teleport", "*", "inputs.target", "code-injection", "generated"] + - ["gravitational/teleport", "*", "inputs.attempts", "code-injection", "generated"] + - ["gravitational/teleport", "*", "inputs.flags", "code-injection", "generated"] + - ["gravitational/teleport", "*", "inputs.path", "code-injection", "generated"] + - ["gravitational/teleport", "*", "inputs.bin", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/grote_transportr.model.yml b/ql/lib/ext/generated/composite-actions/grote_transportr.model.yml new file mode 100644 index 00000000000..163abb26185 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/grote_transportr.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["grote/transportr", "*", "inputs.api-level", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/hashicorp_nomad.model.yml b/ql/lib/ext/generated/composite-actions/hashicorp_nomad.model.yml new file mode 100644 index 00000000000..3be0de43329 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/hashicorp_nomad.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/nomad", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/hashicorp_terraform.model.yml b/ql/lib/ext/generated/composite-actions/hashicorp_terraform.model.yml new file mode 100644 index 00000000000..2b0b84e172b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/hashicorp_terraform.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/terraform", "*", "inputs.target-terraform-branch", "code-injection", "generated"] + - ["hashicorp/terraform", "*", "inputs.target-terraform-version", "code-injection", "generated"] + - ["hashicorp/terraform", "*", "inputs.target-arch", "code-injection", "generated"] + - ["hashicorp/terraform", "*", "inputs.target-os", "code-injection", "generated"] + - ["hashicorp/terraform", "*", "inputs.target-equivalence-test-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/hashicorp_vault.model.yml b/ql/lib/ext/generated/composite-actions/hashicorp_vault.model.yml new file mode 100644 index 00000000000..bcd6e0eda31 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/hashicorp_vault.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/vault", "*", "inputs.destination", "code-injection", "generated"] + - ["hashicorp/vault", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/home-assistant_android.model.yml b/ql/lib/ext/generated/composite-actions/home-assistant_android.model.yml new file mode 100644 index 00000000000..d93b946f3d7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/home-assistant_android.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["home-assistant/android", "*", "inputs.lokalise-token", "code-injection", "generated"] + - ["home-assistant/android", "*", "inputs.lokalise-project", "code-injection", "generated"] + - ["home-assistant/android", "*", "inputs.tag-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/homebrew_actions.model.yml b/ql/lib/ext/generated/composite-actions/homebrew_actions.model.yml new file mode 100644 index 00000000000..40adbe1fc29 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/homebrew_actions.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["homebrew/actions", "*", "inputs.casks", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.formulae", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.signing_key", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.workflow-name", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.collapse", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.step_name", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.result_path", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.workdir", "code-injection", "generated"] + - ["homebrew/actions", "*", "inputs.script", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/hyperledger_aries-cloudagent-python.model.yml b/ql/lib/ext/generated/composite-actions/hyperledger_aries-cloudagent-python.model.yml new file mode 100644 index 00000000000..293d8a832bd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/hyperledger_aries-cloudagent-python.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hyperledger/aries-cloudagent-python", "*", "inputs.TEST_SCOPE", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/hyperledger_fabric-samples.model.yml b/ql/lib/ext/generated/composite-actions/hyperledger_fabric-samples.model.yml new file mode 100644 index 00000000000..c72000641ce --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/hyperledger_fabric-samples.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hyperledger/fabric-samples", "*", "inputs.ca-version", "code-injection", "generated"] + - ["hyperledger/fabric-samples", "*", "inputs.fabric-version", "code-injection", "generated"] + - ["hyperledger/fabric-samples", "*", "inputs.k9s-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/igniterealtime_openfire.model.yml b/ql/lib/ext/generated/composite-actions/igniterealtime_openfire.model.yml new file mode 100644 index 00000000000..53929ab8ed1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/igniterealtime_openfire.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["igniterealtime/openfire", "*", "inputs.domain", "code-injection", "generated"] + - ["igniterealtime/openfire", "*", "inputs.ip", "code-injection", "generated"] + - ["igniterealtime/openfire", "*", "inputs.distBaseDir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/infracost_actions.model.yml b/ql/lib/ext/generated/composite-actions/infracost_actions.model.yml new file mode 100644 index 00000000000..1330f370747 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/infracost_actions.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["infracost/actions", "*", "inputs.behavior", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/inspektor-gadget_inspektor-gadget.model.yml b/ql/lib/ext/generated/composite-actions/inspektor-gadget_inspektor-gadget.model.yml new file mode 100644 index 00000000000..d9d9c6770bc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/inspektor-gadget_inspektor-gadget.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.runtime", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.registry", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.container-image", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.gadget_tag", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.gadget_repository", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.dnstester_image", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.image_tag", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.container_repo", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.kubernetes_architecture", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.kubernetes_distribution", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.test-step-conclusion", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.test-summary-suffix", "code-injection", "generated"] + - ["inspektor-gadget/inspektor-gadget", "*", "inputs.test-log-file", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/intel-analytics_ipex-llm.model.yml b/ql/lib/ext/generated/composite-actions/intel-analytics_ipex-llm.model.yml new file mode 100644 index 00000000000..faf1d7ed5c5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/intel-analytics_ipex-llm.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["intel-analytics/ipex-llm", "*", "inputs.extra-dependency", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ionic-team_ionic-framework.model.yml b/ql/lib/ext/generated/composite-actions/ionic-team_ionic-framework.model.yml new file mode 100644 index 00000000000..12ae92c149b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ionic-team_ionic-framework.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ionic-team/ionic-framework", "*", "inputs.totalShards", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.shard", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.component", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.paths", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.output", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.app", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.stencil-version", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.folder", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.tag", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.preid", "code-injection", "generated"] + - ["ionic-team/ionic-framework", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ionic-team_ionicons.model.yml b/ql/lib/ext/generated/composite-actions/ionic-team_ionicons.model.yml new file mode 100644 index 00000000000..61001620017 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ionic-team_ionicons.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ionic-team/ionicons", "*", "inputs.paths", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.output", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.totalShards", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.shard", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.folder", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.tag", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.version", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.filename", "code-injection", "generated"] + - ["ionic-team/ionicons", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ionic-team_stencil.model.yml b/ql/lib/ext/generated/composite-actions/ionic-team_stencil.model.yml new file mode 100644 index 00000000000..1d30610cfd1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ionic-team_stencil.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ionic-team/stencil", "*", "inputs.paths", "code-injection", "generated"] + - ["ionic-team/stencil", "*", "inputs.output", "code-injection", "generated"] + - ["ionic-team/stencil", "*", "inputs.tag", "code-injection", "generated"] + - ["ionic-team/stencil", "*", "inputs.version", "code-injection", "generated"] + - ["ionic-team/stencil", "*", "inputs.filename", "code-injection", "generated"] + - ["ionic-team/stencil", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ipfs_aegir.model.yml b/ql/lib/ext/generated/composite-actions/ipfs_aegir.model.yml new file mode 100644 index 00000000000..867dc33f432 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ipfs_aegir.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ipfs/aegir", "*", "inputs.browser", "code-injection", "generated"] + - ["ipfs/aegir", "*", "inputs.docker-username", "code-injection", "generated"] + - ["ipfs/aegir", "*", "inputs.docker-token", "code-injection", "generated"] + - ["ipfs/aegir", "*", "inputs.build", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/jetbrains_jetbrainsruntime.model.yml b/ql/lib/ext/generated/composite-actions/jetbrains_jetbrainsruntime.model.yml new file mode 100644 index 00000000000..87b014cbdd6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/jetbrains_jetbrainsruntime.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jetbrains/jetbrainsruntime", "*", "inputs.debug-suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/jhipster_generator-jhipster.model.yml b/ql/lib/ext/generated/composite-actions/jhipster_generator-jhipster.model.yml new file mode 100644 index 00000000000..6dd3ac94306 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/jhipster_generator-jhipster.model.yml @@ -0,0 +1,22 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jhipster/generator-jhipster", "*", "inputs.generator-path", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.application-packaging", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.application-environment", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.executable", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.jdl-entities-sample", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.entities-sample", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.application-sample", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.jdl-sample", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.generator-jhipster-branch", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.generator-jhipster-repository", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.jhipster-bom-directory", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.jhipster-bom-branch", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.jhipster-bom-repository", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.package-with-executable", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.generator-jhipster-directory", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.application-path", "code-injection", "generated"] + - ["jhipster/generator-jhipster", "*", "inputs.extra-args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/jsocol_django-ratelimit.model.yml b/ql/lib/ext/generated/composite-actions/jsocol_django-ratelimit.model.yml new file mode 100644 index 00000000000..f952bd1da93 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/jsocol_django-ratelimit.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jsocol/django-ratelimit", "*", "inputs.django-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/juicedata_juicefs.model.yml b/ql/lib/ext/generated/composite-actions/juicedata_juicefs.model.yml new file mode 100644 index 00000000000..977662bfa65 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/juicedata_juicefs.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["juicedata/juicefs", "*", "inputs.compress", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.storage", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.meta", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.name", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.mysql_password", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.file_test_mode", "code-injection", "generated"] + - ["juicedata/juicefs", "*", "inputs.file_total_size", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/jupyter_docker-stacks.model.yml b/ql/lib/ext/generated/composite-actions/jupyter_docker-stacks.model.yml new file mode 100644 index 00000000000..4c6c92fdefd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/jupyter_docker-stacks.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jupyter/docker-stacks", "*", "inputs.variant", "code-injection", "generated"] + - ["jupyter/docker-stacks", "*", "inputs.image", "code-injection", "generated"] + - ["jupyter/docker-stacks", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/keycloak_keycloak.model.yml b/ql/lib/ext/generated/composite-actions/keycloak_keycloak.model.yml new file mode 100644 index 00000000000..45c2c1d780a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/keycloak_keycloak.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["keycloak/keycloak", "*", "inputs.job-name", "code-injection", "generated"] + - ["keycloak/keycloak", "*", "inputs.jobs", "code-injection", "generated"] + - ["keycloak/keycloak", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kserve_kserve.model.yml b/ql/lib/ext/generated/composite-actions/kserve_kserve.model.yml new file mode 100644 index 00000000000..1edfbfc9432 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kserve_kserve.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kserve/kserve", "*", "inputs.directory", "code-injection", "generated"] + - ["kserve/kserve", "*", "inputs.deployment-mode", "code-injection", "generated"] + - ["kserve/kserve", "*", "inputs.network-layer", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubeflow_katib.model.yml b/ql/lib/ext/generated/composite-actions/kubeflow_katib.model.yml new file mode 100644 index 00000000000..658283336bd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubeflow_katib.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubeflow/katib", "*", "inputs.experiments", "code-injection", "generated"] + - ["kubeflow/katib", "*", "inputs.database-type", "code-injection", "generated"] + - ["kubeflow/katib", "*", "inputs.training-operator", "code-injection", "generated"] + - ["kubeflow/katib", "*", "inputs.katib-ui", "code-injection", "generated"] + - ["kubeflow/katib", "*", "inputs.trial-images", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubeflow_training-operator.model.yml b/ql/lib/ext/generated/composite-actions/kubeflow_training-operator.model.yml new file mode 100644 index 00000000000..d00b30874cc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubeflow_training-operator.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubeflow/training-operator", "*", "inputs.context", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubernetes-sigs_karpenter.model.yml b/ql/lib/ext/generated/composite-actions/kubernetes-sigs_karpenter.model.yml new file mode 100644 index 00000000000..94ece1a58a0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubernetes-sigs_karpenter.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubernetes-sigs/karpenter", "*", "inputs.k8sVersion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubernetes-sigs_kwok.model.yml b/ql/lib/ext/generated/composite-actions/kubernetes-sigs_kwok.model.yml new file mode 100644 index 00000000000..46d5a4383f4 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubernetes-sigs_kwok.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubernetes-sigs/kwok", "*", "inputs.command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubescape_kubescape.model.yml b/ql/lib/ext/generated/composite-actions/kubescape_kubescape.model.yml new file mode 100644 index 00000000000..5627a31bd90 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubescape_kubescape.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubescape/kubescape", "*", "inputs.ORIGINAL_TAG", "code-injection", "generated"] + - ["kubescape/kubescape", "*", "inputs.SUB_STRING", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kubeshop_botkube.model.yml b/ql/lib/ext/generated/composite-actions/kubeshop_botkube.model.yml new file mode 100644 index 00000000000..98d2d8bcbf7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kubeshop_botkube.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubeshop/botkube", "*", "inputs.username", "code-injection", "generated"] + - ["kubeshop/botkube", "*", "inputs.access_token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/kyverno_kyverno.model.yml b/ql/lib/ext/generated/composite-actions/kyverno_kyverno.model.yml new file mode 100644 index 00000000000..57fb2e71064 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/kyverno_kyverno.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kyverno/kyverno", "*", "inputs.version", "code-injection", "generated"] + - ["kyverno/kyverno", "*", "inputs.sbom-name", "code-injection", "generated"] + - ["kyverno/kyverno", "*", "inputs.makefile-target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/lancedb_lance.model.yml b/ql/lib/ext/generated/composite-actions/lancedb_lance.model.yml new file mode 100644 index 00000000000..8a216b97e1e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/lancedb_lance.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lancedb/lance", "*", "inputs.repo", "code-injection", "generated"] + - ["lancedb/lance", "*", "inputs.vcpkg_token", "code-injection", "generated"] + - ["lancedb/lance", "*", "inputs.part", "code-injection", "generated"] + - ["lancedb/lance", "*", "inputs.arm-build", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/launchdarkly_ios-client-sdk.model.yml b/ql/lib/ext/generated/composite-actions/launchdarkly_ios-client-sdk.model.yml new file mode 100644 index 00000000000..735413808ec --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/launchdarkly_ios-client-sdk.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["launchdarkly/ios-client-sdk", "*", "inputs.ios-sim", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/layer5labs_meshmap-snapshot.model.yml b/ql/lib/ext/generated/composite-actions/layer5labs_meshmap-snapshot.model.yml new file mode 100644 index 00000000000..54334359d0e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/layer5labs_meshmap-snapshot.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["layer5labs/meshmap-snapshot", "*", "inputs.assetLocation", "code-injection", "generated"] + - ["layer5labs/meshmap-snapshot", "*", "inputs.mesheryToken", "code-injection", "generated"] + - ["layer5labs/meshmap-snapshot", "*", "inputs.application_url", "code-injection", "generated"] + - ["layer5labs/meshmap-snapshot", "*", "inputs.prNumber", "code-injection", "generated"] + - ["layer5labs/meshmap-snapshot", "*", "inputs.designID", "code-injection", "generated"] + - ["layer5labs/meshmap-snapshot", "*", "inputs.application_type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ldc-developers_ldc.model.yml b/ql/lib/ext/generated/composite-actions/ldc-developers_ldc.model.yml new file mode 100644 index 00000000000..67826ea9c0f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ldc-developers_ldc.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ldc-developers/ldc", "*", "inputs.cmake_flags", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.build_targets", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.host_dc", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.llvm_dir", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.build_dir", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.arch", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.os", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.cross_target_triple", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.ios_deployment_target", "code-injection", "generated"] + - ["ldc-developers/ldc", "*", "inputs.cross_compiling", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ledgerhq_ledger-live.model.yml b/ql/lib/ext/generated/composite-actions/ledgerhq_ledger-live.model.yml new file mode 100644 index 00000000000..d0540414702 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ledgerhq_ledger-live.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ledgerhq/ledger-live", "*", "inputs.os", "code-injection", "generated"] + - ["ledgerhq/ledger-live", "*", "inputs.turborepo-server-port", "code-injection", "generated"] + - ["ledgerhq/ledger-live", "*", "inputs.turbo-server-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/lerna_lerna.model.yml b/ql/lib/ext/generated/composite-actions/lerna_lerna.model.yml new file mode 100644 index 00000000000..9020a979bbb --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/lerna_lerna.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lerna/lerna", "*", "inputs.install-command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/lf-edge_eve.model.yml b/ql/lib/ext/generated/composite-actions/lf-edge_eve.model.yml new file mode 100644 index 00000000000..91c84fda1d1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/lf-edge_eve.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lf-edge/eve", "*", "inputs.command", "code-injection", "generated"] + - ["lf-edge/eve", "*", "inputs.dockerhub-account", "code-injection", "generated"] + - ["lf-edge/eve", "*", "inputs.dockerhub-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/libgit2_libgit2.model.yml b/ql/lib/ext/generated/composite-actions/libgit2_libgit2.model.yml new file mode 100644 index 00000000000..5031ff1e4ca --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/libgit2_libgit2.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["libgit2/libgit2", "*", "inputs.command", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.container-version", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.container", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.base", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.config-path", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.registry", "code-injection", "generated"] + - ["libgit2/libgit2", "*", "inputs.dockerfile", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/lightning-ai_pytorch-lightning.model.yml b/ql/lib/ext/generated/composite-actions/lightning-ai_pytorch-lightning.model.yml new file mode 100644 index 00000000000..fc3a7ebe253 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/lightning-ai_pytorch-lightning.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lightning-ai/pytorch-lightning", "*", "inputs.name", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.pkg-folder", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.pip-flags", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.pkg-extra", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.pkg-name", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.nb-dirs", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.wheel-dir", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning", "*", "inputs.torch-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/lightning-ai_torchmetrics.model.yml b/ql/lib/ext/generated/composite-actions/lightning-ai_torchmetrics.model.yml new file mode 100644 index 00000000000..b7a664d512f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/lightning-ai_torchmetrics.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lightning-ai/torchmetrics", "*", "inputs.pypi-dir", "code-injection", "generated"] + - ["lightning-ai/torchmetrics", "*", "inputs.torch-url", "code-injection", "generated"] + - ["lightning-ai/torchmetrics", "*", "inputs.pytorch-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/linkerd_linkerd2.model.yml b/ql/lib/ext/generated/composite-actions/linkerd_linkerd2.model.yml new file mode 100644 index 00000000000..234f13b7387 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/linkerd_linkerd2.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["linkerd/linkerd2", "*", "inputs.component", "code-injection", "generated"] + - ["linkerd/linkerd2", "*", "inputs.docker-registry", "code-injection", "generated"] + - ["linkerd/linkerd2", "*", "inputs.docker-ghcr-username", "code-injection", "generated"] + - ["linkerd/linkerd2", "*", "inputs.docker-ghcr-pat", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/logseq_publish-spa.model.yml b/ql/lib/ext/generated/composite-actions/logseq_publish-spa.model.yml new file mode 100644 index 00000000000..164ba02c42b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/logseq_publish-spa.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["logseq/publish-spa", "*", "inputs.accent-color", "code-injection", "generated"] + - ["logseq/publish-spa", "*", "inputs.theme-mode", "code-injection", "generated"] + - ["logseq/publish-spa", "*", "inputs.graph-directory", "code-injection", "generated"] + - ["logseq/publish-spa", "*", "inputs.output-directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/macvim-dev_macvim.model.yml b/ql/lib/ext/generated/composite-actions/macvim-dev_macvim.model.yml new file mode 100644 index 00000000000..17fb61eeeb1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/macvim-dev_macvim.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["macvim-dev/macvim", "*", "inputs.contents", "code-injection", "generated"] + - ["macvim-dev/macvim", "*", "inputs.formula", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mamba-org_mamba.model.yml b/ql/lib/ext/generated/composite-actions/mamba-org_mamba.model.yml new file mode 100644 index 00000000000..8513c7da64d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mamba-org_mamba.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mamba-org/mamba", "*", "inputs.key_suffix", "code-injection", "generated"] + - ["mamba-org/mamba", "*", "inputs.key_base", "code-injection", "generated"] + - ["mamba-org/mamba", "*", "inputs.key_prefix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/maplibre_maplibre-native.model.yml b/ql/lib/ext/generated/composite-actions/maplibre_maplibre-native.model.yml new file mode 100644 index 00000000000..a4ab8f025d0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/maplibre_maplibre-native.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["maplibre/maplibre-native", "*", "inputs.artifact-name", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.externalData", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.testSpecArn", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.testFilter", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.testType", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.AWS_DEVICE_FARM_DEVICE_POOL_ARN", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.AWS_DEVICE_FARM_PROJECT_ARN", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.testFile", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.appFile", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.testPackageType", "code-injection", "generated"] + - ["maplibre/maplibre-native", "*", "inputs.appType", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mastodon_mastodon.model.yml b/ql/lib/ext/generated/composite-actions/mastodon_mastodon.model.yml new file mode 100644 index 00000000000..7d82b2d3e9e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mastodon_mastodon.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mastodon/mastodon", "*", "inputs.additional-system-dependencies", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mavlink_qgroundcontrol.model.yml b/ql/lib/ext/generated/composite-actions/mavlink_qgroundcontrol.model.yml new file mode 100644 index 00000000000..e466e17ddb4 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mavlink_qgroundcontrol.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mavlink/qgroundcontrol", "*", "inputs.aws_secret_access_key", "code-injection", "generated"] + - ["mavlink/qgroundcontrol", "*", "inputs.aws_key_id", "code-injection", "generated"] + - ["mavlink/qgroundcontrol", "*", "inputs.artifact_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mdanalysis_mdanalysis.model.yml b/ql/lib/ext/generated/composite-actions/mdanalysis_mdanalysis.model.yml new file mode 100644 index 00000000000..53881157a23 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mdanalysis_mdanalysis.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mdanalysis/mdanalysis", "*", "inputs.extra-pip-deps", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.full-deps", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.micromamba", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.mamba", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.extra-conda-deps", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.isolation", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.build-docs", "code-injection", "generated"] + - ["mdanalysis/mdanalysis", "*", "inputs.build-tests", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/medic_cht-core.model.yml b/ql/lib/ext/generated/composite-actions/medic_cht-core.model.yml new file mode 100644 index 00000000000..5ee6e863db6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/medic_cht-core.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["medic/cht-core", "*", "inputs.hostname", "code-injection", "generated"] + - ["medic/cht-core", "*", "inputs.password", "code-injection", "generated"] + - ["medic/cht-core", "*", "inputs.username", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/medusajs_medusa.model.yml b/ql/lib/ext/generated/composite-actions/medusajs_medusa.model.yml new file mode 100644 index 00000000000..3f5a3b658c3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/medusajs_medusa.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["medusajs/medusa", "*", "inputs.pathToSeedData", "code-injection", "generated"] + - ["medusajs/medusa", "*", "inputs.password", "code-injection", "generated"] + - ["medusajs/medusa", "*", "inputs.email", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/metabase_metabase.model.yml b/ql/lib/ext/generated/composite-actions/metabase_metabase.model.yml new file mode 100644 index 00000000000..f5c13431126 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/metabase_metabase.model.yml @@ -0,0 +1,17 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["metabase/metabase", "*", "inputs.organization_name", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.github_token", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.username", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.test-args", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.clojure-version", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.include-log", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.message", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.mysql", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.postgres", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.openldap", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.maildev", "code-injection", "generated"] + - ["metabase/metabase", "*", "inputs.edition", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/metamask_action-create-release-pr.model.yml b/ql/lib/ext/generated/composite-actions/metamask_action-create-release-pr.model.yml new file mode 100644 index 00000000000..4788f44e856 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/metamask_action-create-release-pr.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["metamask/action-create-release-pr", "*", "inputs.artifacts-path", "code-injection", "generated"] + - ["metamask/action-create-release-pr", "*", "inputs.created-pr-status", "code-injection", "generated"] + - ["metamask/action-create-release-pr", "*", "inputs.release-branch-prefix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/metamask_action-npm-publish.model.yml b/ql/lib/ext/generated/composite-actions/metamask_action-npm-publish.model.yml new file mode 100644 index 00000000000..7c66229c174 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/metamask_action-npm-publish.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["metamask/action-npm-publish", "*", "inputs.subteam", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/microsoft_fluentui.model.yml b/ql/lib/ext/generated/composite-actions/microsoft_fluentui.model.yml new file mode 100644 index 00000000000..9eb3bdcf5eb --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/microsoft_fluentui.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/fluentui", "*", "inputs.workspaces", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/microsoft_playwright.model.yml b/ql/lib/ext/generated/composite-actions/microsoft_playwright.model.yml new file mode 100644 index 00000000000..0db95acd5cd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/microsoft_playwright.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/playwright", "*", "inputs.report_dir", "code-injection", "generated"] + - ["microsoft/playwright", "*", "inputs.connection_string", "code-injection", "generated"] + - ["microsoft/playwright", "*", "inputs.blob_prefix", "code-injection", "generated"] + - ["microsoft/playwright", "*", "inputs.output_dir", "code-injection", "generated"] + - ["microsoft/playwright", "*", "inputs.path", "code-injection", "generated"] + - ["microsoft/playwright", "*", "inputs.namePrefix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/microsoft_wsl.model.yml b/ql/lib/ext/generated/composite-actions/microsoft_wsl.model.yml new file mode 100644 index 00000000000..785384aa207 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/microsoft_wsl.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/wsl", "*", "inputs.comment", "code-injection", "generated"] + - ["microsoft/wsl", "*", "inputs.similar_issues_text", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/milvus-io_milvus.model.yml b/ql/lib/ext/generated/composite-actions/milvus-io_milvus.model.yml new file mode 100644 index 00000000000..24c4fb4bc70 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/milvus-io_milvus.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["milvus-io/milvus", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mlflow_mlflow.model.yml b/ql/lib/ext/generated/composite-actions/mlflow_mlflow.model.yml new file mode 100644 index 00000000000..72575eb7368 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mlflow_mlflow.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mlflow/mlflow", "*", "inputs.python-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/modin-project_modin.model.yml b/ql/lib/ext/generated/composite-actions/modin-project_modin.model.yml new file mode 100644 index 00000000000..b2b49fbba09 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/modin-project_modin.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["modin-project/modin", "*", "inputs.parallel", "code-injection", "generated"] + - ["modin-project/modin", "*", "inputs.runner", "code-injection", "generated"] + - ["modin-project/modin", "*", "inputs.activate-environment", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mozilla_addons-server.model.yml b/ql/lib/ext/generated/composite-actions/mozilla_addons-server.model.yml new file mode 100644 index 00000000000..6755f0d773c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mozilla_addons-server.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mozilla/addons-server", "*", "inputs.run", "code-injection", "generated"] + - ["mozilla/addons-server", "*", "inputs.push", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mozilla_bedrock.model.yml b/ql/lib/ext/generated/composite-actions/mozilla_bedrock.model.yml new file mode 100644 index 00000000000..1b55ab2d549 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mozilla_bedrock.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mozilla/bedrock", "*", "inputs.", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mozilla_sccache.model.yml b/ql/lib/ext/generated/composite-actions/mozilla_sccache.model.yml new file mode 100644 index 00000000000..84401828721 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mozilla_sccache.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mozilla/sccache", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/msys2_setup-msys2.model.yml b/ql/lib/ext/generated/composite-actions/msys2_setup-msys2.model.yml new file mode 100644 index 00000000000..35804a87f05 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/msys2_setup-msys2.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["msys2/setup-msys2", "*", "inputs.systems", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/mumble-voip_mumble.model.yml b/ql/lib/ext/generated/composite-actions/mumble-voip_mumble.model.yml new file mode 100644 index 00000000000..981fe0fd348 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/mumble-voip_mumble.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mumble-voip/mumble", "*", "inputs.arch", "code-injection", "generated"] + - ["mumble-voip/mumble", "*", "inputs.type", "code-injection", "generated"] + - ["mumble-voip/mumble", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nasa_fprime.model.yml b/ql/lib/ext/generated/composite-actions/nasa_fprime.model.yml new file mode 100644 index 00000000000..6c984a676d0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nasa_fprime.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nasa/fprime", "*", "inputs.location", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nats-io_nats-server.model.yml b/ql/lib/ext/generated/composite-actions/nats-io_nats-server.model.yml new file mode 100644 index 00000000000..1138d37fb5f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nats-io_nats-server.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nats-io/nats-server", "*", "inputs.label", "code-injection", "generated"] + - ["nats-io/nats-server", "*", "inputs.hub_password", "code-injection", "generated"] + - ["nats-io/nats-server", "*", "inputs.hub_username", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nearform-actions_optic-release-automation-action.model.yml b/ql/lib/ext/generated/composite-actions/nearform-actions_optic-release-automation-action.model.yml new file mode 100644 index 00000000000..1418299b39a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nearform-actions_optic-release-automation-action.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nearform-actions/optic-release-automation-action", "*", "inputs.build-command", "code-injection", "generated"] + - ["nearform-actions/optic-release-automation-action", "*", "inputs.actor-name", "code-injection", "generated"] + - ["nearform-actions/optic-release-automation-action", "*", "inputs.actor-email", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nektos_act.model.yml b/ql/lib/ext/generated/composite-actions/nektos_act.model.yml new file mode 100644 index 00000000000..fb67f66ce62 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nektos_act.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nektos/act", "*", "inputs.test_input_optional", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.composite-input", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.some", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.test_input_required_with_default_overriden", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.test_input_required_with_default", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.test_input_optional_with_default_overriden", "code-injection", "generated"] + - ["nektos/act", "*", "inputs.test_input_required", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/neo4j-contrib_neo4j-apoc-procedures.model.yml b/ql/lib/ext/generated/composite-actions/neo4j-contrib_neo4j-apoc-procedures.model.yml new file mode 100644 index 00000000000..12aa48431db --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/neo4j-contrib_neo4j-apoc-procedures.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["neo4j-contrib/neo4j-apoc-procedures", "*", "inputs.project-name", "code-injection", "generated"] + - ["neo4j-contrib/neo4j-apoc-procedures", "*", "inputs.gradle-command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/neondatabase_neon.model.yml b/ql/lib/ext/generated/composite-actions/neondatabase_neon.model.yml new file mode 100644 index 00000000000..336af4b814b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/neondatabase_neon.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["neondatabase/neon", "*", "inputs.save_perf_report", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.real_s3_region", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.real_s3_bucket", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.run_with_real_s3", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.run_in_parallel", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.extra_params", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.test_selection", "code-injection", "generated"] + - ["neondatabase/neon", "*", "inputs.build_type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/neovim_neovim.model.yml b/ql/lib/ext/generated/composite-actions/neovim_neovim.model.yml new file mode 100644 index 00000000000..8d2170c47e2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/neovim_neovim.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["neovim/neovim", "*", "inputs.install_flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nhost_nhost.model.yml b/ql/lib/ext/generated/composite-actions/nhost_nhost.model.yml new file mode 100644 index 00000000000..854601e3dde --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nhost_nhost.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nhost/nhost", "*", "inputs.config", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nix-community_nixos-wsl.model.yml b/ql/lib/ext/generated/composite-actions/nix-community_nixos-wsl.model.yml new file mode 100644 index 00000000000..8a6074b8796 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nix-community_nixos-wsl.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nix-community/nixos-wsl", "*", "inputs.filename", "code-injection", "generated"] + - ["nix-community/nixos-wsl", "*", "inputs.expression", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/novuhq_novu.model.yml b/ql/lib/ext/generated/composite-actions/novuhq_novu.model.yml new file mode 100644 index 00000000000..f305e2a37b3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/novuhq_novu.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["novuhq/novu", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/nymtech_nym.model.yml b/ql/lib/ext/generated/composite-actions/nymtech_nym.model.yml new file mode 100644 index 00000000000..042ca09efa6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/nymtech_nym.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nymtech/nym", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/obsproject_obs-studio.model.yml b/ql/lib/ext/generated/composite-actions/obsproject_obs-studio.model.yml new file mode 100644 index 00000000000..51d4903fbb1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/obsproject_obs-studio.model.yml @@ -0,0 +1,19 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["obsproject/obs-studio", "*", "inputs.failCondition", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.checkGlob", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.playtestBranch", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.steamPassword", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.steamUser", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.preview", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.stableBranch", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.betaBranch", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.nightlyBranch", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.tagName", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.customLink", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.customTitle", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.urlPrefix", "code-injection", "generated"] + - ["obsproject/obs-studio", "*", "inputs.sparklePrivateKey", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ocaml_dune.model.yml b/ql/lib/ext/generated/composite-actions/ocaml_dune.model.yml new file mode 100644 index 00000000000..12dc3005260 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ocaml_dune.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ocaml/dune", "*", "inputs.OCAML_COMPILER", "code-injection", "generated"] + - ["ocaml/dune", "*", "inputs.DKML_COMPILER", "code-injection", "generated"] + - ["ocaml/dune", "*", "inputs.DISKUV_OPAM_REPOSITORY", "code-injection", "generated"] + - ["ocaml/dune", "*", "inputs.CONF_DKML_CROSS_TOOLCHAIN", "code-injection", "generated"] + - ["ocaml/dune", "*", "inputs.FDOPEN_OPAMEXE_BOOTSTRAP", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/oneflow-inc_oneflow.model.yml b/ql/lib/ext/generated/composite-actions/oneflow-inc_oneflow.model.yml new file mode 100644 index 00000000000..dfe3b7f4332 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/oneflow-inc_oneflow.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["oneflow-inc/oneflow", "*", "inputs.extra_flags", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.python_version", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.cuda_version", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.tmp_dir", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.dst_host", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.dst_path", "code-injection", "generated"] + - ["oneflow-inc/oneflow", "*", "inputs.src_path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby-contrib.model.yml b/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby-contrib.model.yml new file mode 100644 index 00000000000..663fada6df9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby-contrib.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-ruby-contrib", "*", "inputs.gem", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-ruby-contrib", "*", "inputs.latest", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-ruby-contrib", "*", "inputs.ruby", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby.model.yml b/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby.model.yml new file mode 100644 index 00000000000..4a53345e6e5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/open-telemetry_opentelemetry-ruby.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-ruby", "*", "inputs.gem", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-ruby", "*", "inputs.ruby", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/open-watcom_open-watcom-v2.model.yml b/ql/lib/ext/generated/composite-actions/open-watcom_open-watcom-v2.model.yml new file mode 100644 index 00000000000..0a18189242d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/open-watcom_open-watcom-v2.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-watcom/open-watcom-v2", "*", "inputs.fullname", "code-injection", "generated"] + - ["open-watcom/open-watcom-v2", "*", "inputs.buildcmd", "code-injection", "generated"] + - ["open-watcom/open-watcom-v2", "*", "inputs.artifact", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/openapitools_openapi-generator.model.yml b/ql/lib/ext/generated/composite-actions/openapitools_openapi-generator.model.yml new file mode 100644 index 00000000000..93ec3ea468d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/openapitools_openapi-generator.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openapitools/openapi-generator", "*", "inputs.args", "code-injection", "generated"] + - ["openapitools/openapi-generator", "*", "inputs.name", "code-injection", "generated"] + - ["openapitools/openapi-generator", "*", "inputs.goal", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/openjdk_jdk.model.yml b/ql/lib/ext/generated/composite-actions/openjdk_jdk.model.yml new file mode 100644 index 00000000000..27f5af98f89 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/openjdk_jdk.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openjdk/jdk", "*", "inputs.debug-suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/opensearch-project_opensearch-net.model.yml b/ql/lib/ext/generated/composite-actions/opensearch-project_opensearch-net.model.yml new file mode 100644 index 00000000000..125dd8324d2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/opensearch-project_opensearch-net.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["opensearch-project/opensearch-net", "*", "inputs.version", "code-injection", "generated"] + - ["opensearch-project/opensearch-net", "*", "inputs.build_script", "code-injection", "generated"] + - ["opensearch-project/opensearch-net", "*", "inputs.plugins_output_directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/opensearch-project_security.model.yml b/ql/lib/ext/generated/composite-actions/opensearch-project_security.model.yml new file mode 100644 index 00000000000..dfa24454444 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/opensearch-project_security.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["opensearch-project/security", "*", "inputs.plugin-branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/opentrons_opentrons.model.yml b/ql/lib/ext/generated/composite-actions/opentrons_opentrons.model.yml new file mode 100644 index 00000000000..9469e745ffc --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/opentrons_opentrons.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["opentrons/opentrons", "*", "inputs.destPrefix", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.domain", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.distPath", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.project", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.python-version", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.repository_url", "code-injection", "generated"] + - ["opentrons/opentrons", "*", "inputs.password", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/openvinotoolkit_openvino.model.yml b/ql/lib/ext/generated/composite-actions/openvinotoolkit_openvino.model.yml new file mode 100644 index 00000000000..6e34a2cf592 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/openvinotoolkit_openvino.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openvinotoolkit/openvino", "*", "inputs.skip_when_only_listed_files_changed", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.skip_when_only_listed_labels_set", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.labeler_config", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.components_config_schema", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.components_config", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.component_pattern", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.ref_name", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.repository", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.commit_sha", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.pr", "code-injection", "generated"] + - ["openvinotoolkit/openvino", "*", "inputs.pip-cache-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts-upgradeable.model.yml b/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts-upgradeable.model.yml new file mode 100644 index 00000000000..4ea72b28476 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts-upgradeable.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.out_layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.ref_layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.buildinfo", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.report", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.out_report", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts-upgradeable", "*", "inputs.ref_report", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts.model.yml b/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts.model.yml new file mode 100644 index 00000000000..a0b7bca54ad --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/openzeppelin_openzeppelin-contracts.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.out_layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.ref_layout", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.buildinfo", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.report", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.out_report", "code-injection", "generated"] + - ["openzeppelin/openzeppelin-contracts", "*", "inputs.ref_report", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/oppia_oppia.model.yml b/ql/lib/ext/generated/composite-actions/oppia_oppia.model.yml new file mode 100644 index 00000000000..816a18fe73b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/oppia_oppia.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["oppia/oppia", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/oracle_graal.model.yml b/ql/lib/ext/generated/composite-actions/oracle_graal.model.yml new file mode 100644 index 00000000000..bf8cbfc01e0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/oracle_graal.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["oracle/graal", "*", "inputs.components", "code-injection", "generated"] + - ["oracle/graal", "*", "inputs.native-images", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/oracle_truffleruby.model.yml b/ql/lib/ext/generated/composite-actions/oracle_truffleruby.model.yml new file mode 100644 index 00000000000..bf88ed5c0a1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/oracle_truffleruby.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["oracle/truffleruby", "*", "inputs.archive", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/orhun_git-cliff.model.yml b/ql/lib/ext/generated/composite-actions/orhun_git-cliff.model.yml new file mode 100644 index 00000000000..05c2a1cfaf6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/orhun_git-cliff.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["orhun/git-cliff", "*", "inputs.command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/oven-sh_bun.model.yml b/ql/lib/ext/generated/composite-actions/oven-sh_bun.model.yml new file mode 100644 index 00000000000..46a8fd4fb8b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/oven-sh_bun.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["oven-sh/bun", "*", "inputs.download-url", "code-injection", "generated"] + - ["oven-sh/bun", "*", "inputs.bun-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/owntracks_android.model.yml b/ql/lib/ext/generated/composite-actions/owntracks_android.model.yml new file mode 100644 index 00000000000..32467f8c3f2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/owntracks_android.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["owntracks/android", "*", "inputs.name", "code-injection", "generated"] + - ["owntracks/android", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pandas-dev_pandas.model.yml b/ql/lib/ext/generated/composite-actions/pandas-dev_pandas.model.yml new file mode 100644 index 00000000000..3f4cc69ba75 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pandas-dev_pandas.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pandas-dev/pandas", "*", "inputs.meson_args", "code-injection", "generated"] + - ["pandas-dev/pandas", "*", "inputs.editable", "code-injection", "generated"] + - ["pandas-dev/pandas", "*", "inputs.cflags_adds", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pardeike_harmony.model.yml b/ql/lib/ext/generated/composite-actions/pardeike_harmony.model.yml new file mode 100644 index 00000000000..8b8ebf88b46 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pardeike_harmony.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pardeike/harmony", "*", "inputs.architecture", "code-injection", "generated"] + - ["pardeike/harmony", "*", "inputs.build_configuration", "code-injection", "generated"] + - ["pardeike/harmony", "*", "inputs.target_framework_array", "code-injection", "generated"] + - ["pardeike/harmony", "*", "inputs.target_framework", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pennylaneai_pennylane.model.yml b/ql/lib/ext/generated/composite-actions/pennylaneai_pennylane.model.yml new file mode 100644 index 00000000000..4bc0d5f660d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pennylaneai_pennylane.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pennylaneai/pennylane", "*", "inputs.requirements_file", "code-injection", "generated"] + - ["pennylaneai/pennylane", "*", "inputs.additional_pip_packages", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/phalcon_cphalcon.model.yml b/ql/lib/ext/generated/composite-actions/phalcon_cphalcon.model.yml new file mode 100644 index 00000000000..5f38860c86d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/phalcon_cphalcon.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["phalcon/cphalcon", "*", "inputs.target-name", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.ext-path", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.pecl", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.arch", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.msvc", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.ts", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.php_version", "code-injection", "generated"] + - ["phalcon/cphalcon", "*", "inputs.php-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/philosowaffle_peloton-to-garmin.model.yml b/ql/lib/ext/generated/composite-actions/philosowaffle_peloton-to-garmin.model.yml new file mode 100644 index 00000000000..8b45d92a5e0 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/philosowaffle_peloton-to-garmin.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["philosowaffle/peloton-to-garmin", "*", "inputs.framework", "code-injection", "generated"] + - ["philosowaffle/peloton-to-garmin", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/php_php-src.model.yml b/ql/lib/ext/generated/composite-actions/php_php-src.model.yml new file mode 100644 index 00000000000..7767c649780 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/php_php-src.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["php/php-src", "*", "inputs.jitType", "code-injection", "generated"] + - ["php/php-src", "*", "inputs.runTestsParameters", "code-injection", "generated"] + - ["php/php-src", "*", "inputs.token", "code-injection", "generated"] + - ["php/php-src", "*", "inputs.configurationParameters", "code-injection", "generated"] + - ["php/php-src", "*", "inputs.libmysql", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/phpdocumentor_phpdocumentor.model.yml b/ql/lib/ext/generated/composite-actions/phpdocumentor_phpdocumentor.model.yml new file mode 100644 index 00000000000..419909764b7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/phpdocumentor_phpdocumentor.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["phpdocumentor/phpdocumentor", "*", "inputs.passphrase", "code-injection", "generated"] + - ["phpdocumentor/phpdocumentor", "*", "inputs.secret-key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pinecone-io_pinecone-python-client.model.yml b/ql/lib/ext/generated/composite-actions/pinecone-io_pinecone-python-client.model.yml new file mode 100644 index 00000000000..6e2b5247f29 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pinecone-io_pinecone-python-client.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pinecone-io/pinecone-python-client", "*", "inputs.googleapis_common_protos_version", "code-injection", "generated"] + - ["pinecone-io/pinecone-python-client", "*", "inputs.protobuf_version", "code-injection", "generated"] + - ["pinecone-io/pinecone-python-client", "*", "inputs.lz4_version", "code-injection", "generated"] + - ["pinecone-io/pinecone-python-client", "*", "inputs.grpcio_version", "code-injection", "generated"] + - ["pinecone-io/pinecone-python-client", "*", "inputs.pinecone_client_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pixijs_pixijs.model.yml b/ql/lib/ext/generated/composite-actions/pixijs_pixijs.model.yml new file mode 100644 index 00000000000..d012a6f2fbb --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pixijs_pixijs.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pixijs/pixijs", "*", "inputs.npm-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/posthog_posthog.model.yml b/ql/lib/ext/generated/composite-actions/posthog_posthog.model.yml new file mode 100644 index 00000000000..aead619b40b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/posthog_posthog.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["posthog/posthog", "*", "inputs.group", "code-injection", "generated"] + - ["posthog/posthog", "*", "inputs.concurrency", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/primer_react.model.yml b/ql/lib/ext/generated/composite-actions/primer_react.model.yml new file mode 100644 index 00000000000..b82360205f7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/primer_react.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["primer/react", "*", "inputs.token", "code-injection", "generated"] + - ["primer/react", "*", "inputs.schedule-id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/project-chip_connectedhomeip.model.yml b/ql/lib/ext/generated/composite-actions/project-chip_connectedhomeip.model.yml new file mode 100644 index 00000000000..e5fad4e5256 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/project-chip_connectedhomeip.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["project-chip/connectedhomeip", "*", "inputs.with", "code-injection", "generated"] + - ["project-chip/connectedhomeip", "*", "inputs.action", "code-injection", "generated"] + - ["project-chip/connectedhomeip", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/projectnessie_nessie.model.yml b/ql/lib/ext/generated/composite-actions/projectnessie_nessie.model.yml new file mode 100644 index 00000000000..71f90682b1b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/projectnessie_nessie.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["projectnessie/nessie", "*", "inputs.job-name", "code-injection", "generated"] + - ["projectnessie/nessie", "*", "inputs.java-version", "code-injection", "generated"] + - ["projectnessie/nessie", "*", "inputs.job-instance", "code-injection", "generated"] + - ["projectnessie/nessie", "*", "inputs.job-id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/psf_black.model.yml b/ql/lib/ext/generated/composite-actions/psf_black.model.yml new file mode 100644 index 00000000000..07421b98859 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/psf_black.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["psf/black", "*", "inputs.summary", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pyca_cryptography.model.yml b/ql/lib/ext/generated/composite-actions/pyca_cryptography.model.yml new file mode 100644 index 00000000000..81fbb3ae9e4 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pyca_cryptography.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pyca/cryptography", "*", "inputs.key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/pyg-team_pytorch_geometric.model.yml b/ql/lib/ext/generated/composite-actions/pyg-team_pytorch_geometric.model.yml new file mode 100644 index 00000000000..9587351ce1d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/pyg-team_pytorch_geometric.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pyg-team/pytorch/geometric", "*", "inputs.torchvision-version", "code-injection", "generated"] + - ["pyg-team/pytorch/geometric", "*", "inputs.cuda-version", "code-injection", "generated"] + - ["pyg-team/pytorch/geometric", "*", "inputs.torch-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/python-poetry_poetry.model.yml b/ql/lib/ext/generated/composite-actions/python-poetry_poetry.model.yml new file mode 100644 index 00000000000..080835504a6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/python-poetry_poetry.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["python-poetry/poetry", "*", "inputs.args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/python_mypy.model.yml b/ql/lib/ext/generated/composite-actions/python_mypy.model.yml new file mode 100644 index 00000000000..86ce393fbc5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/python_mypy.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["python/mypy", "*", "inputs.install_project_dependencies", "code-injection", "generated"] + - ["python/mypy", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/quarto-dev_quarto-cli.model.yml b/ql/lib/ext/generated/composite-actions/quarto-dev_quarto-cli.model.yml new file mode 100644 index 00000000000..182558589d7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/quarto-dev_quarto-cli.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["quarto-dev/quarto-cli", "*", "inputs.keychain-pw", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.keychain", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.certificate-file", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.certificate-value", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.working-dir", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.bucket", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.base-url", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.files", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.binary-name", "code-injection", "generated"] + - ["quarto-dev/quarto-cli", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/quay_clair.model.yml b/ql/lib/ext/generated/composite-actions/quay_clair.model.yml new file mode 100644 index 00000000000..1839670baa2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/quay_clair.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["quay/clair", "*", "inputs.tag", "code-injection", "generated"] + - ["quay/clair", "*", "inputs.repo", "code-injection", "generated"] + - ["quay/clair", "*", "inputs.quay", "code-injection", "generated"] + - ["quay/clair", "*", "inputs.duration", "code-injection", "generated"] + - ["quay/clair", "*", "inputs.token", "code-injection", "generated"] + - ["quay/clair", "*", "inputs.dir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/quickwit-oss_quickwit.model.yml b/ql/lib/ext/generated/composite-actions/quickwit-oss_quickwit.model.yml new file mode 100644 index 00000000000..203dabaa3b9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/quickwit-oss_quickwit.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["quickwit-oss/quickwit", "*", "inputs.target", "code-injection", "generated"] + - ["quickwit-oss/quickwit", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/r-lib_actions.model.yml b/ql/lib/ext/generated/composite-actions/r-lib_actions.model.yml new file mode 100644 index 00000000000..7247d125324 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/r-lib_actions.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["r-lib/actions", "*", "inputs.lockfile-create-lib", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.dependencies", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.upgrade", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.pak-version", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.profile", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.install-pandoc", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.extra-packages", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.packages", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.needs", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.error-on", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.build_args", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.args", "code-injection", "generated"] + - ["r-lib/actions", "*", "inputs.check-dir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/randombit_botan.model.yml b/ql/lib/ext/generated/composite-actions/randombit_botan.model.yml new file mode 100644 index 00000000000..22c8a56deac --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/randombit_botan.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["randombit/botan", "*", "inputs.target", "code-injection", "generated"] + - ["randombit/botan", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/raspberrypi_documentation.model.yml b/ql/lib/ext/generated/composite-actions/raspberrypi_documentation.model.yml new file mode 100644 index 00000000000..7476425a35f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/raspberrypi_documentation.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["raspberrypi/documentation", "*", "inputs.secondary_host", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.destination", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.source", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.bastion_host", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.primary_host", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.public_bastion_host_keys", "code-injection", "generated"] + - ["raspberrypi/documentation", "*", "inputs.private_ssh_key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ray-project_kuberay.model.yml b/ql/lib/ext/generated/composite-actions/ray-project_kuberay.model.yml new file mode 100644 index 00000000000..3c96c1b159d --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ray-project_kuberay.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ray-project/kuberay", "*", "inputs.ray_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/readthedocs_actions.model.yml b/ql/lib/ext/generated/composite-actions/readthedocs_actions.model.yml new file mode 100644 index 00000000000..da9def79964 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/readthedocs_actions.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["readthedocs/actions", "*", "inputs.single-version", "code-injection", "generated"] + - ["readthedocs/actions", "*", "inputs.platform", "code-injection", "generated"] + - ["readthedocs/actions", "*", "inputs.message-template", "code-injection", "generated"] + - ["readthedocs/actions", "*", "inputs.project-language", "code-injection", "generated"] + - ["readthedocs/actions", "*", "inputs.project-slug", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/reflex-dev_reflex.model.yml b/ql/lib/ext/generated/composite-actions/reflex-dev_reflex.model.yml new file mode 100644 index 00000000000..80c91739684 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/reflex-dev_reflex.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["reflex-dev/reflex", "*", "inputs.create-venv-at-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/renovatebot_renovate.model.yml b/ql/lib/ext/generated/composite-actions/renovatebot_renovate.model.yml new file mode 100644 index 00000000000..2121bb23710 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/renovatebot_renovate.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["renovatebot/renovate", "*", "inputs.node-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/rethinkdb_rethinkdb.model.yml b/ql/lib/ext/generated/composite-actions/rethinkdb_rethinkdb.model.yml new file mode 100644 index 00000000000..f0acc305672 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/rethinkdb_rethinkdb.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rethinkdb/rethinkdb", "*", "inputs.command", "code-injection", "generated"] + - ["rethinkdb/rethinkdb", "*", "inputs.install_command", "code-injection", "generated"] + - ["rethinkdb/rethinkdb", "*", "inputs.env_activate", "code-injection", "generated"] + - ["rethinkdb/rethinkdb", "*", "inputs.default_python_driver_commit_hash", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/risc0_risc0.model.yml b/ql/lib/ext/generated/composite-actions/risc0_risc0.model.yml new file mode 100644 index 00000000000..f099314b16e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/risc0_risc0.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["risc0/risc0", "*", "inputs.key", "code-injection", "generated"] + - ["risc0/risc0", "*", "inputs.components", "code-injection", "generated"] + - ["risc0/risc0", "*", "inputs.targets", "code-injection", "generated"] + - ["risc0/risc0", "*", "inputs.toolchain", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/rocketchat_rocket.chat.model.yml b/ql/lib/ext/generated/composite-actions/rocketchat_rocket.chat.model.yml new file mode 100644 index 00000000000..971cd92e3cd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/rocketchat_rocket.chat.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rocketchat/rocket.chat", "*", "inputs.build-containers", "code-injection", "generated"] + - ["rocketchat/rocket.chat", "*", "inputs.release", "code-injection", "generated"] + - ["rocketchat/rocket.chat", "*", "inputs.docker-tag", "code-injection", "generated"] + - ["rocketchat/rocket.chat", "*", "inputs.root-dir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/rook_rook.model.yml b/ql/lib/ext/generated/composite-actions/rook_rook.model.yml new file mode 100644 index 00000000000..42aba6b02dd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/rook_rook.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rook/rook", "*", "inputs.use-tmate", "code-injection", "generated"] + - ["rook/rook", "*", "inputs.kubernetes-version", "code-injection", "generated"] + - ["rook/rook", "*", "inputs.additional-namespace", "code-injection", "generated"] + - ["rook/rook", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/roots_trellis.model.yml b/ql/lib/ext/generated/composite-actions/roots_trellis.model.yml new file mode 100644 index 00000000000..71d71f6cb21 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/roots_trellis.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["roots/trellis", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ruby_debug.model.yml b/ql/lib/ext/generated/composite-actions/ruby_debug.model.yml new file mode 100644 index 00000000000..60a29d3edf7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ruby_debug.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ruby/debug", "*", "inputs.report-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/ruby_ruby.model.yml b/ql/lib/ext/generated/composite-actions/ruby_ruby.model.yml new file mode 100644 index 00000000000..84d174e5a05 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/ruby_ruby.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ruby/ruby", "*", "inputs.builddir", "code-injection", "generated"] + - ["ruby/ruby", "*", "inputs.srcdir", "code-injection", "generated"] + - ["ruby/ruby", "*", "inputs.test-opts", "code-injection", "generated"] + - ["ruby/ruby", "*", "inputs.report-path", "code-injection", "generated"] + - ["ruby/ruby", "*", "inputs.launchable-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/rusefi_rusefi.model.yml b/ql/lib/ext/generated/composite-actions/rusefi_rusefi.model.yml new file mode 100644 index 00000000000..5cc3a3a7475 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/rusefi_rusefi.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rusefi/rusefi", "*", "inputs.RUSEFI_OBFUSCATED_PUBLIC_SSH_SERVER", "code-injection", "generated"] + - ["rusefi/rusefi", "*", "inputs.RUSEFI_OBFUSCATED_PUBLIC_SSH_PASS", "code-injection", "generated"] + - ["rusefi/rusefi", "*", "inputs.RUSEFI_OBFUSCATED_PUBLIC_SSH_USER", "code-injection", "generated"] + - ["rusefi/rusefi", "*", "inputs.sim_output", "code-injection", "generated"] + - ["rusefi/rusefi", "*", "inputs.RUSEFI_SSH_PASS", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/saltstack_salt.model.yml b/ql/lib/ext/generated/composite-actions/saltstack_salt.model.yml new file mode 100644 index 00000000000..cee842ae1c6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/saltstack_salt.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["saltstack/salt", "*", "inputs.version", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.upload-chunk-size", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.restore-keys", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.save-always", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.lookup-only", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.fail-on-cache-miss", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.enableCrossOsArchive", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.key", "code-injection", "generated"] + - ["saltstack/salt", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/sap_sapmachine.model.yml b/ql/lib/ext/generated/composite-actions/sap_sapmachine.model.yml new file mode 100644 index 00000000000..535e832c1c3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/sap_sapmachine.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sap/sapmachine", "*", "inputs.debug-suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/scala-native_scala-native.model.yml b/ql/lib/ext/generated/composite-actions/scala-native_scala-native.model.yml new file mode 100644 index 00000000000..e1902fb488f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/scala-native_scala-native.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["scala-native/scala-native", "*", "inputs.llvm-version", "code-injection", "generated"] + - ["scala-native/scala-native", "*", "inputs.scala-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/scitools_iris.model.yml b/ql/lib/ext/generated/composite-actions/scitools_iris.model.yml new file mode 100644 index 00000000000..2ede3df9864 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/scitools_iris.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["scitools/iris", "*", "inputs.version", "code-injection", "generated"] + - ["scitools/iris", "*", "inputs.install_packages", "code-injection", "generated"] + - ["scitools/iris", "*", "inputs.env_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/scylladb_scylla-operator.model.yml b/ql/lib/ext/generated/composite-actions/scylladb_scylla-operator.model.yml new file mode 100644 index 00000000000..1bea0aef935 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/scylladb_scylla-operator.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["scylladb/scylla-operator", "*", "inputs.containerImageName", "code-injection", "generated"] + - ["scylladb/scylla-operator", "*", "inputs.githubToken", "code-injection", "generated"] + - ["scylladb/scylla-operator", "*", "inputs.githubRef", "code-injection", "generated"] + - ["scylladb/scylla-operator", "*", "inputs.githubRepository", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/shader-slang_slang.model.yml b/ql/lib/ext/generated/composite-actions/shader-slang_slang.model.yml new file mode 100644 index 00000000000..4a8bae9d2a1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/shader-slang_slang.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shader-slang/slang", "*", "inputs.platform", "code-injection", "generated"] + - ["shader-slang/slang", "*", "inputs.os", "code-injection", "generated"] + - ["shader-slang/slang", "*", "inputs.runs-on", "code-injection", "generated"] + - ["shader-slang/slang", "*", "inputs.config", "code-injection", "generated"] + - ["shader-slang/slang", "*", "inputs.compiler", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/shaka-project_shaka-player.model.yml b/ql/lib/ext/generated/composite-actions/shaka-project_shaka-player.model.yml new file mode 100644 index 00000000000..c63ed017ae1 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/shaka-project_shaka-player.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shaka-project/shaka-player", "*", "inputs.state", "code-injection", "generated"] + - ["shaka-project/shaka-player", "*", "inputs.context", "code-injection", "generated"] + - ["shaka-project/shaka-player", "*", "inputs.job_name", "code-injection", "generated"] + - ["shaka-project/shaka-player", "*", "inputs.token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/shakacode_react-webpack-rails-tutorial.model.yml b/ql/lib/ext/generated/composite-actions/shakacode_react-webpack-rails-tutorial.model.yml new file mode 100644 index 00000000000..544fc4b9951 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/shakacode_react-webpack-rails-tutorial.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shakacode/react-webpack-rails-tutorial", "*", "inputs.org", "code-injection", "generated"] + - ["shakacode/react-webpack-rails-tutorial", "*", "inputs.app_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/simple-icons_simple-icons.model.yml b/ql/lib/ext/generated/composite-actions/simple-icons_simple-icons.model.yml new file mode 100644 index 00000000000..2d3871a2231 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/simple-icons_simple-icons.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["simple-icons/simple-icons", "*", "inputs.issue_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/slint-ui_slint.model.yml b/ql/lib/ext/generated/composite-actions/slint-ui_slint.model.yml new file mode 100644 index 00000000000..4f18723df38 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/slint-ui_slint.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["slint-ui/slint", "*", "inputs.extra-packages", "code-injection", "generated"] + - ["slint-ui/slint", "*", "inputs.binary", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/solidusio_solidus.model.yml b/ql/lib/ext/generated/composite-actions/solidusio_solidus.model.yml new file mode 100644 index 00000000000..a96d86c7b5c --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/solidusio_solidus.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["solidusio/solidus", "*", "inputs.last_minor", "code-injection", "generated"] + - ["solidusio/solidus", "*", "inputs.labels", "code-injection", "generated"] + - ["solidusio/solidus", "*", "inputs.base", "code-injection", "generated"] + - ["solidusio/solidus", "*", "inputs.message", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/solo-io_gloo.model.yml b/ql/lib/ext/generated/composite-actions/solo-io_gloo.model.yml new file mode 100644 index 00000000000..ff1b101be4a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/solo-io_gloo.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["solo-io/gloo", "*", "inputs.base-ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/sonarr_sonarr.model.yml b/ql/lib/ext/generated/composite-actions/sonarr_sonarr.model.yml new file mode 100644 index 00000000000..fb7bdd0950e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/sonarr_sonarr.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sonarr/sonarr", "*", "inputs.filter", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.binary_path", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.artifact", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.version", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.major_version", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.branch", "code-injection", "generated"] + - ["sonarr/sonarr", "*", "inputs.framework", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/sonic-pi-net_sonic-pi.model.yml b/ql/lib/ext/generated/composite-actions/sonic-pi-net_sonic-pi.model.yml new file mode 100644 index 00000000000..9b263d03357 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/sonic-pi-net_sonic-pi.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sonic-pi-net/sonic-pi", "*", "inputs.command", "code-injection", "generated"] + - ["sonic-pi-net/sonic-pi", "*", "inputs.container-version", "code-injection", "generated"] + - ["sonic-pi-net/sonic-pi", "*", "inputs.container", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spacedriveapp_spacedrive.model.yml b/ql/lib/ext/generated/composite-actions/spacedriveapp_spacedrive.model.yml new file mode 100644 index 00000000000..5e6e66c4be4 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spacedriveapp_spacedrive.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spacedriveapp/spacedrive", "*", "inputs.setup-arg", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spockframework_spock.model.yml b/ql/lib/ext/generated/composite-actions/spockframework_spock.model.yml new file mode 100644 index 00000000000..cf545a95592 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spockframework_spock.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spockframework/spock", "*", "inputs.additional-java-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spring-io_initializr.model.yml b/ql/lib/ext/generated/composite-actions/spring-io_initializr.model.yml new file mode 100644 index 00000000000..0484e903515 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spring-io_initializr.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-io/initializr", "*", "inputs.run-name", "code-injection", "generated"] + - ["spring-io/initializr", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spring-io_start.spring.io.model.yml b/ql/lib/ext/generated/composite-actions/spring-io_start.spring.io.model.yml new file mode 100644 index 00000000000..756a1a0371a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spring-io_start.spring.io.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-io/start.spring.io", "*", "inputs.run-name", "code-injection", "generated"] + - ["spring-io/start.spring.io", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spring-projects_spring-boot.model.yml b/ql/lib/ext/generated/composite-actions/spring-projects_spring-boot.model.yml new file mode 100644 index 00000000000..ed954bf6f97 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spring-projects_spring-boot.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-projects/spring-boot", "*", "inputs.run-name", "code-injection", "generated"] + - ["spring-projects/spring-boot", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spring-projects_spring-framework.model.yml b/ql/lib/ext/generated/composite-actions/spring-projects_spring-framework.model.yml new file mode 100644 index 00000000000..47aebb45825 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spring-projects_spring-framework.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-projects/spring-framework", "*", "inputs.run-name", "code-injection", "generated"] + - ["spring-projects/spring-framework", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/spring-projects_spring-graphql.model.yml b/ql/lib/ext/generated/composite-actions/spring-projects_spring-graphql.model.yml new file mode 100644 index 00000000000..28935d7a98b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/spring-projects_spring-graphql.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-projects/spring-graphql", "*", "inputs.run-name", "code-injection", "generated"] + - ["spring-projects/spring-graphql", "*", "inputs.webhook-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/square_workflow-kotlin.model.yml b/ql/lib/ext/generated/composite-actions/square_workflow-kotlin.model.yml new file mode 100644 index 00000000000..2ba9ff355e2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/square_workflow-kotlin.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["square/workflow-kotlin", "*", "inputs.commit-message", "code-injection", "generated"] + - ["square/workflow-kotlin", "*", "inputs.fix-task", "code-injection", "generated"] + - ["square/workflow-kotlin", "*", "inputs.personal-access-token", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/stefanprodan_podinfo.model.yml b/ql/lib/ext/generated/composite-actions/stefanprodan_podinfo.model.yml new file mode 100644 index 00000000000..530cc68ca4b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/stefanprodan_podinfo.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["stefanprodan/podinfo", "*", "inputs.version", "code-injection", "generated"] + - ["stefanprodan/podinfo", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/stellar_go.model.yml b/ql/lib/ext/generated/composite-actions/stellar_go.model.yml new file mode 100644 index 00000000000..e75197656f5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/stellar_go.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["stellar/go", "*", "inputs.go-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/streetsidesoftware_cspell.model.yml b/ql/lib/ext/generated/composite-actions/streetsidesoftware_cspell.model.yml new file mode 100644 index 00000000000..b56944cd0ff --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/streetsidesoftware_cspell.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["streetsidesoftware/cspell", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/subquery_subql.model.yml b/ql/lib/ext/generated/composite-actions/subquery_subql.model.yml new file mode 100644 index 00000000000..e6d2a79b847 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/subquery_subql.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["subquery/subql", "*", "inputs.package-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/swagger-api_swagger-codegen.model.yml b/ql/lib/ext/generated/composite-actions/swagger-api_swagger-codegen.model.yml new file mode 100644 index 00000000000..ffd74df05e2 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/swagger-api_swagger-codegen.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["swagger-api/swagger-codegen", "*", "inputs.options", "code-injection", "generated"] + - ["swagger-api/swagger-codegen", "*", "inputs.spec-url", "code-injection", "generated"] + - ["swagger-api/swagger-codegen", "*", "inputs.language", "code-injection", "generated"] + - ["swagger-api/swagger-codegen", "*", "inputs.job-name", "code-injection", "generated"] + - ["swagger-api/swagger-codegen", "*", "inputs.build-commands", "code-injection", "generated"] + - ["swagger-api/swagger-codegen", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/swagger-api_swagger-parser.model.yml b/ql/lib/ext/generated/composite-actions/swagger-api_swagger-parser.model.yml new file mode 100644 index 00000000000..f476d7160f6 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/swagger-api_swagger-parser.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["swagger-api/swagger-parser", "*", "inputs.logsPath", "code-injection", "generated"] + - ["swagger-api/swagger-parser", "*", "inputs.parserSpecPath", "code-injection", "generated"] + - ["swagger-api/swagger-parser", "*", "inputs.serializationType", "code-injection", "generated"] + - ["swagger-api/swagger-parser", "*", "inputs.options", "code-injection", "generated"] + - ["swagger-api/swagger-parser", "*", "inputs.inputSpec", "code-injection", "generated"] + - ["swagger-api/swagger-parser", "*", "inputs.parserVersion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/tarantool_tarantool.model.yml b/ql/lib/ext/generated/composite-actions/tarantool_tarantool.model.yml new file mode 100644 index 00000000000..e95dacb65a9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/tarantool_tarantool.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tarantool/tarantool", "*", "inputs.source", "code-injection", "generated"] + - ["tarantool/tarantool", "*", "inputs.chat-id", "code-injection", "generated"] + - ["tarantool/tarantool", "*", "inputs.revision", "code-injection", "generated"] + - ["tarantool/tarantool", "*", "inputs.submodule", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/telepresenceio_telepresence.model.yml b/ql/lib/ext/generated/composite-actions/telepresenceio_telepresence.model.yml new file mode 100644 index 00000000000..42a9859aa23 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/telepresenceio_telepresence.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["telepresenceio/telepresence", "*", "inputs.release_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/tensorflow_datasets.model.yml b/ql/lib/ext/generated/composite-actions/tensorflow_datasets.model.yml new file mode 100644 index 00000000000..029e4f95a2a --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/tensorflow_datasets.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tensorflow/datasets", "*", "inputs.extras", "code-injection", "generated"] + - ["tensorflow/datasets", "*", "inputs.tf-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/texstudio-org_texstudio.model.yml b/ql/lib/ext/generated/composite-actions/texstudio-org_texstudio.model.yml new file mode 100644 index 00000000000..3223e185c7b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/texstudio-org_texstudio.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["texstudio-org/texstudio", "*", "inputs.file", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/toeverything_affine.model.yml b/ql/lib/ext/generated/composite-actions/toeverything_affine.model.yml new file mode 100644 index 00000000000..26fa1ce22b7 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/toeverything_affine.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["toeverything/affine", "*", "inputs.extra-flags", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.nmHoistingLimits", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.path", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.cluster-location", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.cluster-name", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.gcp-project-id", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.package", "code-injection", "generated"] + - ["toeverything/affine", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/treeverse_lakefs.model.yml b/ql/lib/ext/generated/composite-actions/treeverse_lakefs.model.yml new file mode 100644 index 00000000000..a68a3372089 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/treeverse_lakefs.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["treeverse/lakefs", "*", "inputs.compose-flags", "code-injection", "generated"] + - ["treeverse/lakefs", "*", "inputs.compose-directory", "code-injection", "generated"] + - ["treeverse/lakefs", "*", "inputs.compose-file", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/trezor_trezor-firmware.model.yml b/ql/lib/ext/generated/composite-actions/trezor_trezor-firmware.model.yml new file mode 100644 index 00000000000..6c874d64655 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/trezor_trezor-firmware.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["trezor/trezor-firmware", "*", "inputs.lang", "code-injection", "generated"] + - ["trezor/trezor-firmware", "*", "inputs.model", "code-injection", "generated"] + - ["trezor/trezor-firmware", "*", "inputs.status", "code-injection", "generated"] + - ["trezor/trezor-firmware", "*", "inputs.full-deps", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/tribler_tribler.model.yml b/ql/lib/ext/generated/composite-actions/tribler_tribler.model.yml new file mode 100644 index 00000000000..8d339364cf3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/tribler_tribler.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tribler/tribler", "*", "inputs.libsodium-version", "code-injection", "generated"] + - ["tribler/tribler", "*", "inputs.command", "code-injection", "generated"] + - ["tribler/tribler", "*", "inputs.duration", "code-injection", "generated"] + - ["tribler/tribler", "*", "inputs.requirements", "code-injection", "generated"] + - ["tribler/tribler", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/trunk-io_trunk-action.model.yml b/ql/lib/ext/generated/composite-actions/trunk-io_trunk-action.model.yml new file mode 100644 index 00000000000..db6751f8ef5 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/trunk-io_trunk-action.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["trunk-io/trunk-action", "*", "inputs.tools", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.post-init", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.setup-deps", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.label", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.debug", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.check-run-id", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.check-all-mode", "code-injection", "generated"] + - ["trunk-io/trunk-action", "*", "inputs.cache-key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/unidata_metpy.model.yml b/ql/lib/ext/generated/composite-actions/unidata_metpy.model.yml new file mode 100644 index 00000000000..68959bf2102 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/unidata_metpy.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["unidata/metpy", "*", "inputs.key", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/unstructured-io_unstructured.model.yml b/ql/lib/ext/generated/composite-actions/unstructured-io_unstructured.model.yml new file mode 100644 index 00000000000..f8aa8480088 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/unstructured-io_unstructured.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["unstructured-io/unstructured", "*", "inputs.python-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/vercel_turbo.model.yml b/ql/lib/ext/generated/composite-actions/vercel_turbo.model.yml new file mode 100644 index 00000000000..0f78fddcd96 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/vercel_turbo.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vercel/turbo", "*", "inputs.extra-flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/vesoft-inc_nebula.model.yml b/ql/lib/ext/generated/composite-actions/vesoft-inc_nebula.model.yml new file mode 100644 index 00000000000..9eb860b13d9 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/vesoft-inc_nebula.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vesoft-inc/nebula", "*", "inputs.target-path", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.bucket", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.key-secret", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.key-id", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.endpoint", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.asset-path", "code-injection", "generated"] + - ["vesoft-inc/nebula", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/vkcom_vkui.model.yml b/ql/lib/ext/generated/composite-actions/vkcom_vkui.model.yml new file mode 100644 index 00000000000..573b256121f --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/vkcom_vkui.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vkcom/vkui", "*", "inputs.next_version", "code-injection", "generated"] + - ["vkcom/vkui", "*", "inputs.package_name", "code-injection", "generated"] + - ["vkcom/vkui", "*", "inputs.npm_tag", "code-injection", "generated"] + - ["vkcom/vkui", "*", "inputs.prev_version", "code-injection", "generated"] + - ["vkcom/vkui", "*", "inputs.new_version", "code-injection", "generated"] + - ["vkcom/vkui", "*", "inputs.pre_id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/vuetifyjs_vuetify.model.yml b/ql/lib/ext/generated/composite-actions/vuetifyjs_vuetify.model.yml new file mode 100644 index 00000000000..c5278340c0b --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/vuetifyjs_vuetify.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vuetifyjs/vuetify", "*", "inputs.name", "code-injection", "generated"] + - ["vuetifyjs/vuetify", "*", "inputs.path", "code-injection", "generated"] + - ["vuetifyjs/vuetify", "*", "inputs.npm-tag", "code-injection", "generated"] + - ["vuetifyjs/vuetify", "*", "inputs.release-id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/wagoodman_dive.model.yml b/ql/lib/ext/generated/composite-actions/wagoodman_dive.model.yml new file mode 100644 index 00000000000..b11973cfa00 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/wagoodman_dive.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["wagoodman/dive", "*", "inputs.bootstrap-apt-packages", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/walletconnect_walletconnectswiftv2.model.yml b/ql/lib/ext/generated/composite-actions/walletconnect_walletconnectswiftv2.model.yml new file mode 100644 index 00000000000..1fd3ca1f005 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/walletconnect_walletconnectswiftv2.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["walletconnect/walletconnectswiftv2", "*", "inputs.js-client-api-host", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.project-id", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.relay-endpoint", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.gm-dapp-host", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.gm-dapp-project-secret", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.gm-dapp-project-id", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.explorer-endpoint", "code-injection", "generated"] + - ["walletconnect/walletconnectswiftv2", "*", "inputs.notify-endpoint", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/wazuh_wazuh.model.yml b/ql/lib/ext/generated/composite-actions/wazuh_wazuh.model.yml new file mode 100644 index 00000000000..727a21ac960 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/wazuh_wazuh.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["wazuh/wazuh", "*", "inputs.target", "code-injection", "generated"] + - ["wazuh/wazuh", "*", "inputs.doxygen_config", "code-injection", "generated"] + - ["wazuh/wazuh", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/web-infra-dev_rspack.model.yml b/ql/lib/ext/generated/composite-actions/web-infra-dev_rspack.model.yml new file mode 100644 index 00000000000..fff6557dd41 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/web-infra-dev_rspack.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["web-infra-dev/rspack", "*", "inputs.post", "code-injection", "generated"] + - ["web-infra-dev/rspack", "*", "inputs.profile", "code-injection", "generated"] + - ["web-infra-dev/rspack", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/webassembly_wabt.model.yml b/ql/lib/ext/generated/composite-actions/webassembly_wabt.model.yml new file mode 100644 index 00000000000..e87c7cf5c06 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/webassembly_wabt.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["webassembly/wabt", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/wntrblm_nox.model.yml b/ql/lib/ext/generated/composite-actions/wntrblm_nox.model.yml new file mode 100644 index 00000000000..9c556053d66 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/wntrblm_nox.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["wntrblm/nox", "*", "inputs.python-versions", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/xrplf_rippled.model.yml b/ql/lib/ext/generated/composite-actions/xrplf_rippled.model.yml new file mode 100644 index 00000000000..6121c00ccfd --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/xrplf_rippled.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["xrplf/rippled", "*", "inputs.configuration", "code-injection", "generated"] + - ["xrplf/rippled", "*", "inputs.cmake-target", "code-injection", "generated"] + - ["xrplf/rippled", "*", "inputs.cmake-args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/zcash_zcash.model.yml b/ql/lib/ext/generated/composite-actions/zcash_zcash.model.yml new file mode 100644 index 00000000000..789bdb53aed --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/zcash_zcash.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zcash/zcash", "*", "inputs.destination", "code-injection", "generated"] + - ["zcash/zcash", "*", "inputs.remove-first-if-exists", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/zenml-io_zenml.model.yml b/ql/lib/ext/generated/composite-actions/zenml-io_zenml.model.yml new file mode 100644 index 00000000000..58389ad753e --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/zenml-io_zenml.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zenml-io/zenml", "*", "inputs.install_integrations", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/composite-actions/zeroc-ice_ice.model.yml b/ql/lib/ext/generated/composite-actions/zeroc-ice_ice.model.yml new file mode 100644 index 00000000000..853948c5ec3 --- /dev/null +++ b/ql/lib/ext/generated/composite-actions/zeroc-ice_ice.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zeroc-ice/ice", "*", "inputs.flags", "code-injection", "generated"] + - ["zeroc-ice/ice", "*", "inputs.make_flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/0xpolygon_polygon-edge.model.yml b/ql/lib/ext/generated/reusable-workflows/0xpolygon_polygon-edge.model.yml new file mode 100644 index 00000000000..2e8a6683a57 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/0xpolygon_polygon-edge.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["0xpolygon/polygon-edge/.github/workflows/loadtest.yml", "*", "inputs.scenario", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/8vim_8vim.model.yml b/ql/lib/ext/generated/reusable-workflows/8vim_8vim.model.yml new file mode 100644 index 00000000000..55533f12312 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/8vim_8vim.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["8vim/8vim/.github/workflows/publish.yaml", "*", "inputs.version_code", "code-injection", "generated"] + - ["8vim/8vim/.github/workflows/publish.yaml", "*", "inputs.version_name", "code-injection", "generated"] + - ["8vim/8vim/.github/workflows/bump-version.yaml", "*", "inputs.message", "code-injection", "generated"] + - ["8vim/8vim/.github/workflows/build.yaml", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/actions_reusable-workflows.model.yml b/ql/lib/ext/generated/reusable-workflows/actions_reusable-workflows.model.yml new file mode 100644 index 00000000000..a14d41a15b9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/actions_reusable-workflows.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.base-pr-branch", "code-injection", "generated"] + - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.head-pr-branch", "code-injection", "generated"] + - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.reference-files", "code-injection", "generated"] + - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.target-folder", "code-injection", "generated"] + - ["actions/reusable-workflows/.github/workflows/codeql-analysis.yml", "*", "inputs.build-command", "code-injection", "generated"] + - ["actions/reusable-workflows/.github/workflows/check-dist.yml", "*", "inputs.dist-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/adap_flower.model.yml b/ql/lib/ext/generated/reusable-workflows/adap_flower.model.yml new file mode 100644 index 00000000000..0888318ad93 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/adap_flower.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.namespace-repository", "code-injection", "generated"] + - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.file-dir", "code-injection", "generated"] + - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.build-args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/aio-libs_multidict.model.yml b/ql/lib/ext/generated/reusable-workflows/aio-libs_multidict.model.yml new file mode 100644 index 00000000000..6ea6dcdab70 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/aio-libs_multidict.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aio-libs/multidict/.github/workflows/reusable-build-wheel.yml", "*", "inputs.wheel-tags-to-skip", "code-injection", "generated"] + - ["aio-libs/multidict/.github/workflows/reusable-build-wheel.yml", "*", "inputs.qemu", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/aio-libs_yarl.model.yml b/ql/lib/ext/generated/reusable-workflows/aio-libs_yarl.model.yml new file mode 100644 index 00000000000..2c18a166cc1 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/aio-libs_yarl.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aio-libs/yarl/.github/workflows/reusable-build-wheel.yml", "*", "inputs.wheel-tags-to-skip", "code-injection", "generated"] + - ["aio-libs/yarl/.github/workflows/reusable-build-wheel.yml", "*", "inputs.qemu", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/airbytehq_airbyte.model.yml b/ql/lib/ext/generated/reusable-workflows/airbytehq_airbyte.model.yml new file mode 100644 index 00000000000..f065947dbdc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/airbytehq_airbyte.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["airbytehq/airbyte/.github/workflows/connector-performance-command.yml", "*", "inputs.connector", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/alphagov_collections.model.yml b/ql/lib/ext/generated/reusable-workflows/alphagov_collections.model.yml new file mode 100644 index 00000000000..438525e77e2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/alphagov_collections.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["alphagov/collections/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/alphagov_frontend.model.yml b/ql/lib/ext/generated/reusable-workflows/alphagov_frontend.model.yml new file mode 100644 index 00000000000..ca3111ad03a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/alphagov_frontend.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["alphagov/frontend/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/alphagov_publishing-api.model.yml b/ql/lib/ext/generated/reusable-workflows/alphagov_publishing-api.model.yml new file mode 100644 index 00000000000..1e09e05e8b6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/alphagov_publishing-api.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["alphagov/publishing-api/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/apache_druid.model.yml b/ql/lib/ext/generated/reusable-workflows/apache_druid.model.yml new file mode 100644 index 00000000000..ad061ca714d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/apache_druid.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.module", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.jdk", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.sql_compatibility", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.override_config_path", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.testing_groups", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.use_indexer", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.runtime_jdk", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.it", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.script", "code-injection", "generated"] + - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.build_jdk", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/apache_flink.model.yml b/ql/lib/ext/generated/reusable-workflows/apache_flink.model.yml new file mode 100644 index 00000000000..3a721a0f2cf --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/apache_flink.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/flink/.github/workflows/template.flink-ci.yml", "*", "inputs.environment", "code-injection", "generated"] + - ["apache/flink/.github/workflows/template.flink-ci.yml", "*", "inputs.workflow-caller-id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/apache_spark.model.yml b/ql/lib/ext/generated/reusable-workflows/apache_spark.model.yml new file mode 100644 index 00000000000..bdabbb9ab60 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/apache_spark.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["apache/spark/.github/workflows/build_and_test.yml", "*", "inputs.branch", "code-injection", "generated"] + - ["apache/spark/.github/workflows/build_and_test.yml", "*", "inputs.jobs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/argilla-io_argilla.model.yml b/ql/lib/ext/generated/reusable-workflows/argilla-io_argilla.model.yml new file mode 100644 index 00000000000..6d8438462a8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/argilla-io_argilla.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["argilla-io/argilla/.github/workflows/run-python-tests.yml", "*", "inputs.pytestArgs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/argoproj_argo-cd.model.yml b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-cd.model.yml new file mode 100644 index 00000000000..6d7bf7af0c2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-cd.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.docker_image_name", "code-injection", "generated"] + - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.ghcr_image_name", "code-injection", "generated"] + - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.quay_image_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/argoproj_argo-rollouts.model.yml b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-rollouts.model.yml new file mode 100644 index 00000000000..b3b198fbf65 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-rollouts.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.docker_image_name", "code-injection", "generated"] + - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.ghcr_image_name", "code-injection", "generated"] + - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.quay_image_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/aws-amplify_amplify-ui.model.yml b/ql/lib/ext/generated/reusable-workflows/aws-amplify_amplify-ui.model.yml new file mode 100644 index 00000000000..9c3ae9bf194 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/aws-amplify_amplify-ui.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["aws-amplify/amplify-ui/.github/workflows/reusable-tagged-publish.yml", "*", "inputs.dist-tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/azure_apiops.model.yml b/ql/lib/ext/generated/reusable-workflows/azure_apiops.model.yml new file mode 100644 index 00000000000..68a85006c6c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/azure_apiops.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["azure/apiops/tools/github_workflows/run-publisher-with-env.yaml", "*", "inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/azure_mlops-templates.model.yml b/ql/lib/ext/generated/reusable-workflows/azure_mlops-templates.model.yml new file mode 100644 index 00000000000..ee336ee076c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/azure_mlops-templates.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["azure/mlops-templates/.github/workflows/tf-gha-install-terraform.yml", "*", "inputs.terraform_workingdir", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.parameters-file", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.workspace_name", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.resource_group", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.dockerfile-location", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.environment_file", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.workspace_name", "code-injection", "generated"] + - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.resource_group", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bbq-beets_avocaddo-cmw.model.yml b/ql/lib/ext/generated/reusable-workflows/bbq-beets_avocaddo-cmw.model.yml new file mode 100644 index 00000000000..3d3f727923a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_avocaddo-cmw.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-email", "code-injection", "generated"] + - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-name", "code-injection", "generated"] + - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.track", "code-injection", "generated"] + - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.package-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bbq-beets_mobile-ci-cd.model.yml b/ql/lib/ext/generated/reusable-workflows/bbq-beets_mobile-ci-cd.model.yml new file mode 100644 index 00000000000..f18d1e4c50a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_mobile-ci-cd.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-email", "code-injection", "generated"] + - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-name", "code-injection", "generated"] + - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.track", "code-injection", "generated"] + - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.package-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bbq-beets_yujincat-action.model.yml b/ql/lib/ext/generated/reusable-workflows/bbq-beets_yujincat-action.model.yml new file mode 100644 index 00000000000..21db2585a5e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_yujincat-action.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bbq-beets/yujincat-action/.github/workflows/test-referInputs.yml", "*", "inputs.shell", "code-injection", "generated"] + - ["bbq-beets/yujincat-action/.github/workflows/test-referInputs.yml", "*", "inputs.environment", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bdunderscore_modular-avatar.model.yml b/ql/lib/ext/generated/reusable-workflows/bdunderscore_modular-avatar.model.yml new file mode 100644 index 00000000000..3f263608c21 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bdunderscore_modular-avatar.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bdunderscore/modular-avatar/.github/workflows/build-test-docs.yml", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/benc-uk_workflow-dispatch.model.yml b/ql/lib/ext/generated/reusable-workflows/benc-uk_workflow-dispatch.model.yml new file mode 100644 index 00000000000..017d0bc89f5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/benc-uk_workflow-dispatch.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["benc-uk/workflow-dispatch/.github/workflows/echo-3.yaml", "*", "inputs.message", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bridgecrewio_checkov.model.yml b/ql/lib/ext/generated/reusable-workflows/bridgecrewio_checkov.model.yml new file mode 100644 index 00000000000..1a38d6b35ad --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bridgecrewio_checkov.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.REGISTRY", "code-injection", "generated"] + - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.IMAGE_NAME", "code-injection", "generated"] + - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.IMAGE_TAG", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bugsnag_bugsnag-ruby.model.yml b/ql/lib/ext/generated/reusable-workflows/bugsnag_bugsnag-ruby.model.yml new file mode 100644 index 00000000000..339d7b1dd0a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bugsnag_bugsnag-ruby.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bugsnag/bugsnag-ruby/.github/workflows/run-maze-runner.yml", "*", "inputs.features", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/bytecodealliance_wasm-micro-runtime.model.yml b/ql/lib/ext/generated/reusable-workflows/bytecodealliance_wasm-micro-runtime.model.yml new file mode 100644 index 00000000000..ff0f83454c2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/bytecodealliance_wasm-micro-runtime.model.yml @@ -0,0 +1,22 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.the_path", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.last_commit", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.binary_name_stem", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamrc.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamrc.yml", "*", "inputs.runner", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_vscode_ext.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.runner", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.config_file", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.wasi_sdk_url", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.wamr_app_framework_url", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.runner", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.wasi_sdk_url", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_llvm_libraries.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_llvm_libraries.yml", "*", "inputs.os", "code-injection", "generated"] + - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_iwasm_release.yml", "*", "inputs.ver_num", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/celo-org_celo-blockchain.model.yml b/ql/lib/ext/generated/reusable-workflows/celo-org_celo-blockchain.model.yml new file mode 100644 index 00000000000..c07d2aba0b6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/celo-org_celo-blockchain.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["celo-org/celo-blockchain/.github/workflows/add-docker-tag.yaml", "*", "inputs.destination-tag", "code-injection", "generated"] + - ["celo-org/celo-blockchain/.github/workflows/add-docker-tag.yaml", "*", "inputs.origin-tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cemu-project_cemu.model.yml b/ql/lib/ext/generated/reusable-workflows/cemu-project_cemu.model.yml new file mode 100644 index 00000000000..77a7eaae309 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cemu-project_cemu.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cemu-project/cemu/.github/workflows/build.yml", "*", "inputs.experimentalversion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cesiumgs_cesium-unreal.model.yml b/ql/lib/ext/generated/reusable-workflows/cesiumgs_cesium-unreal.model.yml new file mode 100644 index 00000000000..09299774b6a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cesiumgs_cesium-unreal.model.yml @@ -0,0 +1,29 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cesiumgs/cesium-unreal/.github/workflows/testWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testWindows.yml", "*", "inputs.test-package-base-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.unreal-engine-association", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.test-package-base-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.visual-studio-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.visual-studio-components", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-generator", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-platform", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-toolchain", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.extra-choco-packages", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.visual-studio-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.visual-studio-components", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildLinux.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"] + - ["cesiumgs/cesium-unreal/.github/workflows/buildLinux.yml", "*", "inputs.clang-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cgal_cgal.model.yml b/ql/lib/ext/generated/reusable-workflows/cgal_cgal.model.yml new file mode 100644 index 00000000000..028210d4eac --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cgal_cgal.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cgal/cgal/.github/workflows/send_email.yml", "*", "inputs.message", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/checkstyle_checkstyle.model.yml b/ql/lib/ext/generated/reusable-workflows/checkstyle_checkstyle.model.yml new file mode 100644 index 00000000000..2ea83d9d94b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/checkstyle_checkstyle.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["checkstyle/checkstyle/.github/workflows/release-upload-all-jar.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-update-xdoc-with-releasenotes.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-update-github-page.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-update-github-io.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-publish-releasenotes-twitter.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-new-milestone-and-issues-in-other-repos.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-maven-prepare.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-maven-perform.yml", "*", "inputs.version", "code-injection", "generated"] + - ["checkstyle/checkstyle/.github/workflows/release-copy-github-io-to-sourceforge.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/chia-network_actions.model.yml b/ql/lib/ext/generated/reusable-workflows/chia-network_actions.model.yml new file mode 100644 index 00000000000..69f1b740c96 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/chia-network_actions.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chia-network/actions/.github/workflows/docker-build.yaml", "*", "inputs.docker-context", "code-injection", "generated"] + - ["chia-network/actions/.github/workflows/docker-build.yaml", "*", "inputs.image_subpath", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/chipsalliance_chisel.model.yml b/ql/lib/ext/generated/reusable-workflows/chipsalliance_chisel.model.yml new file mode 100644 index 00000000000..61af1d32441 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/chipsalliance_chisel.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["chipsalliance/chisel/.github/workflows/test.yml", "*", "inputs.scala", "code-injection", "generated"] + - ["chipsalliance/chisel/.github/workflows/test.yml", "*", "inputs.circt", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/clickhouse_clickhouse.model.yml b/ql/lib/ext/generated/reusable-workflows/clickhouse_clickhouse.model.yml new file mode 100644 index 00000000000..1532fc723aa --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/clickhouse_clickhouse.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.test_name", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.run_command", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.working-directory", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.additional_envs", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.test_name", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.run_command", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.working-directory", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.additional_envs", "code-injection", "generated"] + - ["clickhouse/clickhouse/.github/workflows/reusable_docker.yml", "*", "inputs.set_latest", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cloudfoundry_cli.model.yml b/ql/lib/ext/generated/reusable-workflows/cloudfoundry_cli.model.yml new file mode 100644 index 00000000000..f4a7cd26183 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cloudfoundry_cli.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cloudfoundry/cli/.github/workflows/tests-integration-reusable.yml", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cocotb_cocotb.model.yml b/ql/lib/ext/generated/reusable-workflows/cocotb_cocotb.model.yml new file mode 100644 index 00000000000..119bfeaa796 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cocotb_cocotb.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.nox_session_test_sim", "code-injection", "generated"] + - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.nox_session_test_nosim", "code-injection", "generated"] + - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.group", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/codeigniter4_codeigniter4.model.yml b/ql/lib/ext/generated/reusable-workflows/codeigniter4_codeigniter4.model.yml new file mode 100644 index 00000000000..10ea343b7aa --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/codeigniter4_codeigniter4.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["codeigniter4/codeigniter4/.github/workflows/reusable-serviceless-phpunit-test.yml", "*", "inputs.extra-composer-options", "code-injection", "generated"] + - ["codeigniter4/codeigniter4/.github/workflows/reusable-serviceless-phpunit-test.yml", "*", "inputs.php-version", "code-injection", "generated"] + - ["codeigniter4/codeigniter4/.github/workflows/reusable-phpunit-test.yml", "*", "inputs.extra-composer-options", "code-injection", "generated"] + - ["codeigniter4/codeigniter4/.github/workflows/reusable-phpunit-test.yml", "*", "inputs.php-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/com-lihaoyi_mill.model.yml b/ql/lib/ext/generated/reusable-workflows/com-lihaoyi_mill.model.yml new file mode 100644 index 00000000000..6310b7155d3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/com-lihaoyi_mill.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["com-lihaoyi/mill/.github/workflows/run-mill-action.yml", "*", "inputs.millargs", "code-injection", "generated"] + - ["com-lihaoyi/mill/.github/workflows/run-mill-action.yml", "*", "inputs.buildcmd", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cosmos_ibc-go.model.yml b/ql/lib/ext/generated/reusable-workflows/cosmos_ibc-go.model.yml new file mode 100644 index 00000000000..a1de7e9a8f9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cosmos_ibc-go.model.yml @@ -0,0 +1,17 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.upgrade-plan-name", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-upgrade-tag", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-type", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-tag", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-image", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-b-tag", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-a-tag", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-image", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.test", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.test-entry-point", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-compatibility-workflow-call.yaml", "*", "inputs.test-suite", "code-injection", "generated"] + - ["cosmos/ibc-go/.github/workflows/e2e-compatibility-workflow-call.yaml", "*", "inputs.test-file-directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/crowdsecurity_crowdsec.model.yml b/ql/lib/ext/generated/reusable-workflows/crowdsecurity_crowdsec.model.yml new file mode 100644 index 00000000000..d6e334573e4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/crowdsecurity_crowdsec.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["crowdsecurity/crowdsec/.github/workflows/publish-docker.yml", "*", "inputs.latest", "code-injection", "generated"] + - ["crowdsecurity/crowdsec/.github/workflows/publish-docker.yml", "*", "inputs.image_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/cryptomator_cryptomator.model.yml b/ql/lib/ext/generated/reusable-workflows/cryptomator_cryptomator.model.yml new file mode 100644 index 00000000000..eeff97a8aea --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/cryptomator_cryptomator.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["cryptomator/cryptomator/.github/workflows/get-version.yml", "*", "inputs.version", "code-injection", "generated"] + - ["cryptomator/cryptomator/.github/workflows/av-whitelist.yml", "*", "inputs.url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/daeuniverse_dae.model.yml b/ql/lib/ext/generated/reusable-workflows/daeuniverse_dae.model.yml new file mode 100644 index 00000000000..34ffd6788b1 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/daeuniverse_dae.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["daeuniverse/dae/.github/workflows/seed-build.yml", "*", "inputs.pr-number", "code-injection", "generated"] + - ["daeuniverse/dae/.github/workflows/seed-build.yml", "*", "inputs.build-type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dafny-lang_dafny.model.yml b/ql/lib/ext/generated/reusable-workflows/dafny-lang_dafny.model.yml new file mode 100644 index 00000000000..8ee00d47f79 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dafny-lang_dafny.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dafny-lang/dafny/.github/workflows/publish-release-reusable.yml", "*", "inputs.name", "code-injection", "generated"] + - ["dafny-lang/dafny/.github/workflows/publish-release-reusable.yml", "*", "inputs.tag_name", "code-injection", "generated"] + - ["dafny-lang/dafny/.github/workflows/integration-tests-reusable.yml", "*", "inputs.all_platforms", "code-injection", "generated"] + - ["dafny-lang/dafny/.github/workflows/integration-tests-reusable.yml", "*", "inputs.num_shards", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dagger_dagger.model.yml b/ql/lib/ext/generated/reusable-workflows/dagger_dagger.model.yml new file mode 100644 index 00000000000..40b35b5c873 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dagger_dagger.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dagger/dagger/.github/workflows/_hack_make.yml", "*", "inputs.mage-targets", "code-injection", "generated"] + - ["dagger/dagger/.github/workflows/_hack_make.yml", "*", "inputs.dev-engine", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dash-industry-forum_dash.js.model.yml b/ql/lib/ext/generated/reusable-workflows/dash-industry-forum_dash.js.model.yml new file mode 100644 index 00000000000..c02368b5d51 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dash-industry-forum_dash.js.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dash-industry-forum/dash.js/.github/workflows/deploy.yml", "*", "inputs.deploy_path", "code-injection", "generated"] + - ["dash-industry-forum/dash.js/.github/workflows/deploy.yml", "*", "inputs.envname", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-go.model.yml b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-go.model.yml new file mode 100644 index 00000000000..61b3e84b29e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-go.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datadog/dd-trace-go/.github/workflows/smoke-tests.yml", "*", "inputs.go-libddwaf-ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-py.model.yml b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-py.model.yml new file mode 100644 index 00000000000..72e4a3eec65 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-py.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datadog/dd-trace-py/.github/workflows/lib-inject-publish.yml", "*", "inputs.ddtrace-version", "code-injection", "generated"] + - ["datadog/dd-trace-py/.github/workflows/build-and-publish-image.yml", "*", "inputs.context", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/datafuselabs_databend.model.yml b/ql/lib/ext/generated/reusable-workflows/datafuselabs_databend.model.yml new file mode 100644 index 00000000000..5e875442771 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/datafuselabs_databend.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["datafuselabs/databend/.github/workflows/reuse.benchmark.yml", "*", "inputs.run_id", "code-injection", "generated"] + - ["datafuselabs/databend/.github/workflows/reuse.benchmark.yml", "*", "inputs.source_id", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-bigquery.model.yml b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-bigquery.model.yml new file mode 100644 index 00000000000..991743df7d2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-bigquery.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.s3_bucket_name", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.build_script_path", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.env_setup_script_path", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.sha", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.package_test_command", "code-injection", "generated"] + - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-core.model.yml b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-core.model.yml new file mode 100644 index 00000000000..780d95fab47 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-core.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"] + - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"] + - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"] + - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-snowflake.model.yml b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-snowflake.model.yml new file mode 100644 index 00000000000..cf69379583d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-snowflake.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.s3_bucket_name", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.build_script_path", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.env_setup_script_path", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.sha", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.package_test_command", "code-injection", "generated"] + - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/decidim_decidim.model.yml b/ql/lib/ext/generated/reusable-workflows/decidim_decidim.model.yml new file mode 100644 index 00000000000..211fe546e28 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/decidim_decidim.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["decidim/decidim/.github/workflows/test_app.yml", "*", "inputs.test_command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/defectdojo_django-defectdojo.model.yml b/ql/lib/ext/generated/reusable-workflows/defectdojo_django-defectdojo.model.yml new file mode 100644 index 00000000000..d59258ce992 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/defectdojo_django-defectdojo.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["defectdojo/django-defectdojo/.github/workflows/release-x-manual-helm-chart.yml", "*", "inputs.release_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dependencytrack_dependency-track.model.yml b/ql/lib/ext/generated/reusable-workflows/dependencytrack_dependency-track.model.yml new file mode 100644 index 00000000000..43f5349bf3c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dependencytrack_dependency-track.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dependencytrack/dependency-track/.github/workflows/_meta-build.yaml", "*", "inputs.app-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/devexpress_testcafe.model.yml b/ql/lib/ext/generated/reusable-workflows/devexpress_testcafe.model.yml new file mode 100644 index 00000000000..d6ef60a9698 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/devexpress_testcafe.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["devexpress/testcafe/.github/workflows/test-server.yml", "*", "inputs.test-script", "code-injection", "generated"] + - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.test-script", "code-injection", "generated"] + - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.display", "code-injection", "generated"] + - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.matrix-jobs-count", "code-injection", "generated"] + - ["devexpress/testcafe/.github/workflows/test-client.yml", "*", "inputs.test-script", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dfhack_dfhack.model.yml b/ql/lib/ext/generated/reusable-workflows/dfhack_dfhack.model.yml new file mode 100644 index 00000000000..1d41854bf71 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dfhack_dfhack.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dfhack/dfhack/.github/workflows/build-windows.yml", "*", "inputs.artifact-name", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-windows.yml", "*", "inputs.append-date-and-hash", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.artifact-name", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.append-date-and-hash", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.common-files", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.xml-dump-type-sizes", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.tests", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.docs", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.extras", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.stonesense", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.platform-files", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.launchdf", "code-injection", "generated"] + - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.gcc-ver", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/docker_build-push-action.model.yml b/ql/lib/ext/generated/reusable-workflows/docker_build-push-action.model.yml new file mode 100644 index 00000000000..9f64a59aead --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/docker_build-push-action.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["docker/build-push-action/.github/workflows/.e2e-run.yml", "*", "inputs.id", "code-injection", "generated"] + - ["docker/build-push-action/.github/workflows/.e2e-run.yml", "*", "inputs.type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/dragonwell-project_dragonwell11.model.yml b/ql/lib/ext/generated/reusable-workflows/dragonwell-project_dragonwell11.model.yml new file mode 100644 index 00000000000..69cb39e5e55 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/dragonwell-project_dragonwell11.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["dragonwell-project/dragonwell11/.github/workflows/test.yml", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/earthly_earthly.model.yml b/ql/lib/ext/generated/reusable-workflows/earthly_earthly.model.yml new file mode 100644 index 00000000000..a66e2a2cca5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/earthly_earthly.model.yml @@ -0,0 +1,22 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.BINARY", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.SUDO", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.TARGET_NAME", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.EXTRA_ARGS", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-main.yml", "*", "inputs.BINARY", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-wait-block-main.yml", "*", "inputs.SUDO", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.BINARY", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.SUDO", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.EXTRA_ARGS", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.TEST_TARGET", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BINARY", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.SUDO", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BINARY_COMPOSE", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.RUN_EARTHLY_TEST_ARGS", "code-injection", "generated"] + - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vert.x.model.yml b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vert.x.model.yml new file mode 100644 index 00000000000..ca3eeca8df7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vert.x.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["eclipse-vertx/vert.x/.github/workflows/ci.yml", "*", "inputs.profile", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vertx-sql-client.model.yml b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vertx-sql-client.model.yml new file mode 100644 index 00000000000..b95ce03ed3a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vertx-sql-client.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["eclipse-vertx/vertx-sql-client/.github/workflows/ci.yml", "*", "inputs.profile", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/elastic_elasticsearch-net.model.yml b/ql/lib/ext/generated/reusable-workflows/elastic_elasticsearch-net.model.yml new file mode 100644 index 00000000000..326d4391ecb --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/elastic_elasticsearch-net.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["elastic/elasticsearch-net/.github/workflows/release.yml", "*", "inputs.solution", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/element-hq_element-desktop.model.yml b/ql/lib/ext/generated/reusable-workflows/element-hq_element-desktop.model.yml new file mode 100644 index 00000000000..849a531cd7b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/element-hq_element-desktop.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["element-hq/element-desktop/.github/workflows/build_windows.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["element-hq/element-desktop/.github/workflows/build_prepare.yaml", "*", "inputs.config", "code-injection", "generated"] + - ["element-hq/element-desktop/.github/workflows/build_prepare.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["element-hq/element-desktop/.github/workflows/build_macos.yaml", "*", "inputs.base-url", "code-injection", "generated"] + - ["element-hq/element-desktop/.github/workflows/build_macos.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["element-hq/element-desktop/.github/workflows/build_linux.yaml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/etcd-io_bbolt.model.yml b/ql/lib/ext/generated/reusable-workflows/etcd-io_bbolt.model.yml new file mode 100644 index 00000000000..835bbf4cf89 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/etcd-io_bbolt.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["etcd-io/bbolt/.github/workflows/robustness_template.yaml", "*", "inputs.testTimeout", "code-injection", "generated"] + - ["etcd-io/bbolt/.github/workflows/robustness_template.yaml", "*", "inputs.count", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/etcd-io_etcd.model.yml b/ql/lib/ext/generated/reusable-workflows/etcd-io_etcd.model.yml new file mode 100644 index 00000000000..453c3cd06f3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/etcd-io_etcd.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["etcd-io/etcd/.github/workflows/tests-template.yaml", "*", "inputs.arch", "code-injection", "generated"] + - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.scenario", "code-injection", "generated"] + - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.testTimeout", "code-injection", "generated"] + - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.count", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/eventstore_eventstore.model.yml b/ql/lib/ext/generated/reusable-workflows/eventstore_eventstore.model.yml new file mode 100644 index 00000000000..32e6124c06e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/eventstore_eventstore.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["eventstore/eventstore/.github/workflows/build-reusable.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["eventstore/eventstore/.github/workflows/build-container-reusable.yml", "*", "inputs.container-runtime", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/expensify_app.model.yml b/ql/lib/ext/generated/reusable-workflows/expensify_app.model.yml new file mode 100644 index 00000000000..09177714b08 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/expensify_app.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["expensify/app/.github/workflows/e2ePerformanceTests.yml", "*", "inputs.PR_NUMBER", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/external-secrets_external-secrets.model.yml b/ql/lib/ext/generated/reusable-workflows/external-secrets_external-secrets.model.yml new file mode 100644 index 00000000000..78243b4c6d7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/external-secrets_external-secrets.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["external-secrets/external-secrets/.github/workflows/publish.yml", "*", "inputs.image-tag", "code-injection", "generated"] + - ["external-secrets/external-secrets/.github/workflows/publish.yml", "*", "inputs.tag-suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/facebook_create-react-app.model.yml b/ql/lib/ext/generated/reusable-workflows/facebook_create-react-app.model.yml new file mode 100644 index 00000000000..6e69fb89fc8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/facebook_create-react-app.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebook/create-react-app/.github/workflows/e2e-base.yml", "*", "inputs.testScript", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/facebookresearch_xformers.model.yml b/ql/lib/ext/generated/reusable-workflows/facebookresearch_xformers.model.yml new file mode 100644 index 00000000000..fee19d65a09 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/facebookresearch_xformers.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.aws_s3_cp_extra_args", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.s3_path", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.filter", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.artifact_tag", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.filter", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.artifact_tag", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.pypirc", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_build.yml", "*", "inputs.cuda_short_version", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/wheels_build.yml", "*", "inputs.torch_version", "code-injection", "generated"] + - ["facebookresearch/xformers/.github/workflows/linters_reusable.yml", "*", "inputs.pre-script", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/falcosecurity_falco.model.yml b/ql/lib/ext/generated/reusable-workflows/falcosecurity_falco.model.yml new file mode 100644 index 00000000000..51b58ab74f5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/falcosecurity_falco.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["falcosecurity/falco/.github/workflows/reusable_build_packages.yaml", "*", "inputs.build_type", "code-injection", "generated"] + - ["falcosecurity/falco/.github/workflows/reusable_build_packages.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["falcosecurity/falco/.github/workflows/reusable_test_packages.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["falcosecurity/falco/.github/workflows/reusable_test_packages.yaml", "*", "inputs.arch", "code-injection", "generated"] + - ["falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml", "*", "inputs.bucket_suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/fastify_fastify.model.yml b/ql/lib/ext/generated/reusable-workflows/fastify_fastify.model.yml new file mode 100644 index 00000000000..5a53b788312 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/fastify_fastify.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["fastify/fastify/.github/workflows/citgm-package.yml", "*", "inputs.package", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/ferretdb_ferretdb.model.yml b/ql/lib/ext/generated/reusable-workflows/ferretdb_ferretdb.model.yml new file mode 100644 index 00000000000..579e295213b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/ferretdb_ferretdb.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ferretdb/ferretdb/.github/workflows/_integration.yml", "*", "inputs.task", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/filecoin-project_venus.model.yml b/ql/lib/ext/generated/reusable-workflows/filecoin-project_venus.model.yml new file mode 100644 index 00000000000..bc8133b907c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/filecoin-project_venus.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["filecoin-project/venus/.github/workflows/common_go.yml", "*", "inputs.test_timeout", "code-injection", "generated"] + - ["filecoin-project/venus/.github/workflows/common_go.yml", "*", "inputs.log_level", "code-injection", "generated"] + - ["filecoin-project/venus/.github/workflows/common_build_upload.yml", "*", "inputs.bin_name", "code-injection", "generated"] + - ["filecoin-project/venus/.github/workflows/common_build_upload.yml", "*", "inputs.has_ffi", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/firebase_firebase-unity-sdk.model.yml b/ql/lib/ext/generated/reusable-workflows/firebase_firebase-unity-sdk.model.yml new file mode 100644 index 00000000000..232c6abb3f3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/firebase_firebase-unity-sdk.model.yml @@ -0,0 +1,19 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.triggered_by_callable", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.package_version_number", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.base_branch", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.cpp_release_version", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.platforms", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.runIntegrationTests", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.apis", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.working_branch", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.release_label", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.create_new_branch", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/build_windows.yml", "*", "inputs.apis", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/build_tvos.yml", "*", "inputs.apis", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/build_macos.yml", "*", "inputs.apis", "code-injection", "generated"] + - ["firebase/firebase-unity-sdk/.github/workflows/build_linux.yml", "*", "inputs.apis", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/flarum_framework.model.yml b/ql/lib/ext/generated/reusable-workflows/flarum_framework.model.yml new file mode 100644 index 00000000000..8a7d3c60c45 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/flarum_framework.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["flarum/framework/.github/workflows/REUSABLE_backend.yml", "*", "inputs.monorepo_tests", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/fluent_fluent-bit.model.yml b/ql/lib/ext/generated/reusable-workflows/fluent_fluent-bit.model.yml new file mode 100644 index 00000000000..a1e523d92ce --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/fluent_fluent-bit.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["fluent/fluent-bit/.github/workflows/call-windows-unit-tests.yaml", "*", "inputs.unstable", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.the_path", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.last_commit", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.binary_name_stem", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamrc.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamrc.yml", "*", "inputs.runner", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamr_vscode_ext.yml", "*", "inputs.ver_num", "code-injection", "generated"] + - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamr_sdk.yml", "*", "inputs.ver_num", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/flux-iac_tofu-controller.model.yml b/ql/lib/ext/generated/reusable-workflows/flux-iac_tofu-controller.model.yml new file mode 100644 index 00000000000..22729c980de --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/flux-iac_tofu-controller.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["flux-iac/tofu-controller/.github/workflows/targeted-test.yaml", "*", "inputs.pattern", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/flyteorg_flyte.model.yml b/ql/lib/ext/generated/reusable-workflows/flyteorg_flyte.model.yml new file mode 100644 index 00000000000..e242d38bdbe --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/flyteorg_flyte.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["flyteorg/flyte/.github/workflows/publish.yml", "*", "inputs.before-build", "code-injection", "generated"] + - ["flyteorg/flyte/.github/workflows/integration.yml", "*", "inputs.component", "code-injection", "generated"] + - ["flyteorg/flyte/.github/workflows/component_docker_build.yml", "*", "inputs.component", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/foundatiofx_foundatio.model.yml b/ql/lib/ext/generated/reusable-workflows/foundatiofx_foundatio.model.yml new file mode 100644 index 00000000000..f9c6658f5b8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/foundatiofx_foundatio.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.org", "code-injection", "generated"] + - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.solution", "code-injection", "generated"] + - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.compose-command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/freecad_freecad.model.yml b/ql/lib/ext/generated/reusable-workflows/freecad_freecad.model.yml new file mode 100644 index 00000000000..798c6bcc37a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/freecad_freecad.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["freecad/freecad/.github/workflows/sub_wrapup.yml", "*", "inputs.previousSteps", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/getpelican_pelican.model.yml b/ql/lib/ext/generated/reusable-workflows/getpelican_pelican.model.yml new file mode 100644 index 00000000000..687db46824a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/getpelican_pelican.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.output-path", "code-injection", "generated"] + - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.settings", "code-injection", "generated"] + - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.requirements", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/getporter_porter.model.yml b/ql/lib/ext/generated/reusable-workflows/getporter_porter.model.yml new file mode 100644 index 00000000000..8a13569af7c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/getporter_porter.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["getporter/porter/.github/workflows/build_pipelinesrelease_template.yml", "*", "inputs.registry", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-dart.model.yml b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-dart.model.yml new file mode 100644 index 00000000000..453eb862b94 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-dart.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["getsentry/sentry-dart/.github/workflows/analyze.yml", "*", "inputs.panaThreshold", "code-injection", "generated"] + - ["getsentry/sentry-dart/.github/workflows/analyze.yml", "*", "inputs.sdk", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-unity.model.yml b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-unity.model.yml new file mode 100644 index 00000000000..37074688f17 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-unity.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["getsentry/sentry-unity/.github/workflows/sdk.yml", "*", "inputs.target", "code-injection", "generated"] + - ["getsentry/sentry-unity/.github/workflows/android-smoke-test.yml", "*", "inputs.api-level", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/gitpod-io_gitpod.model.yml b/ql/lib/ext/generated/reusable-workflows/gitpod-io_gitpod.model.yml new file mode 100644 index 00000000000..2e1835cadca --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/gitpod-io_gitpod.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gitpod-io/gitpod/.github/workflows/jetbrains-auto-update-template.yml", "*", "inputs.productId", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/gittools_gitversion.model.yml b/ql/lib/ext/generated/reusable-workflows/gittools_gitversion.model.yml new file mode 100644 index 00000000000..924f5eb157c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/gittools_gitversion.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gittools/gitversion/.github/workflows/_artifacts_linux.yml", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_magic-modules.model.yml b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_magic-modules.model.yml new file mode 100644 index 00000000000..1244f76cbf1 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_magic-modules.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["googlecloudplatform/magic-modules/.github/workflows/build-downstream.yml", "*", "inputs.repo", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_nodejs-docs-samples.model.yml b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_nodejs-docs-samples.model.yml new file mode 100644 index 00000000000..94c6c81d33e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_nodejs-docs-samples.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["googlecloudplatform/nodejs-docs-samples/.github/workflows/test.yaml", "*", "inputs.path", "code-injection", "generated"] + - ["googlecloudplatform/nodejs-docs-samples/.github/workflows/test.yaml", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/gravitational_teleport.model.yml b/ql/lib/ext/generated/reusable-workflows/gravitational_teleport.model.yml new file mode 100644 index 00000000000..c5f5fc4b29d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/gravitational_teleport.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gravitational/teleport/.github/workflows/update-ami-ids.yaml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/gravitl_netmaker.model.yml b/ql/lib/ext/generated/reusable-workflows/gravitl_netmaker.model.yml new file mode 100644 index 00000000000..506dd2b9fee --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/gravitl_netmaker.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["gravitl/netmaker/.github/workflows/publish-docker.yml", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/h2oai_wave.model.yml b/ql/lib/ext/generated/reusable-workflows/h2oai_wave.model.yml new file mode 100644 index 00000000000..4a81c585259 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/h2oai_wave.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.build-version", "code-injection", "generated"] + - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.wave-app-name", "code-injection", "generated"] + - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.working-directory", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hadashia_vcontainer.model.yml b/ql/lib/ext/generated/reusable-workflows/hadashia_vcontainer.model.yml new file mode 100644 index 00000000000..d62c86e1129 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hadashia_vcontainer.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hadashia/vcontainer/.github/workflows/update-version-number.yaml", "*", "inputs.dry-run", "code-injection", "generated"] + - ["hadashia/vcontainer/.github/workflows/update-version-number.yaml", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_boundary.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_boundary.model.yml new file mode 100644 index 00000000000..8aedf9000a0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_boundary.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/boundary/.github/workflows/test-cli-ui_oss.yml", "*", "inputs.artifact-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_consul.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_consul.model.yml new file mode 100644 index 00000000000..b14f14538b8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_consul.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/consul/.github/workflows/reusable-unit.yml", "*", "inputs.package-names-command", "code-injection", "generated"] + - ["hashicorp/consul/.github/workflows/reusable-unit.yml", "*", "inputs.go-test-flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-cdk.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-cdk.model.yml new file mode 100644 index 00000000000..3129cac8979 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-cdk.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/terraform-cdk/.github/workflows/unit.yml", "*", "inputs.package", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.gitUser", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.gitEmail", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.providerFqn", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.parallelConversionsPerDocument", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.parallelFileConversions", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.languages", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.cdktfRegistryDocsVersion", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.files", "code-injection", "generated"] + - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.maxRunners", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-provider-tfe.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-provider-tfe.model.yml new file mode 100644 index 00000000000..a23f69909c7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-provider-tfe.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/terraform-provider-tfe/.github/workflows/jira-issue-sync.yml", "*", "inputs.issue-extra-fields", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform.model.yml new file mode 100644 index 00000000000..cd91f58c7ec --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.product-version", "code-injection", "generated"] + - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.package-name", "code-injection", "generated"] + - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.goarch", "code-injection", "generated"] + - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.goos", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hashicorp_vault.model.yml b/ql/lib/ext/generated/reusable-workflows/hashicorp_vault.model.yml new file mode 100644 index 00000000000..f9b7785cab9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_vault.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.sample-max", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.sample-name", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.vault-edition", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.vault-version", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.name", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.path", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.name", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.go-arch", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.binary-tests", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.total-runners", "code-injection", "generated"] + - ["hashicorp/vault/.github/workflows/test-enos-scenario-ui.yml", "*", "inputs.storage_backend", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/heroku_cli.model.yml b/ql/lib/ext/generated/reusable-workflows/heroku_cli.model.yml new file mode 100644 index 00000000000..ad0943c3040 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/heroku_cli.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["heroku/cli/.github/workflows/publish-npm.yml", "*", "inputs.isStableRelease", "code-injection", "generated"] + - ["heroku/cli/.github/workflows/promote.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hitobito_hitobito.model.yml b/ql/lib/ext/generated/reusable-workflows/hitobito_hitobito.model.yml new file mode 100644 index 00000000000..e263590260f --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hitobito_hitobito.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hitobito/hitobito/.github/workflows/sbom.yml", "*", "inputs.project_name", "code-injection", "generated"] + - ["hitobito/hitobito/.github/workflows/sbom.yml", "*", "inputs.dependency_track_url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/home-assistant_operating-system.model.yml b/ql/lib/ext/generated/reusable-workflows/home-assistant_operating-system.model.yml new file mode 100644 index 00000000000..00b45b50f88 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/home-assistant_operating-system.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["home-assistant/operating-system/.github/workflows/test.yaml", "*", "inputs.version", "code-injection", "generated"] + - ["home-assistant/operating-system/.github/workflows/artifacts-index.yaml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/homuler_mediapipeunityplugin.model.yml b/ql/lib/ext/generated/reusable-workflows/homuler_mediapipeunityplugin.model.yml new file mode 100644 index 00000000000..a5f35f3b737 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/homuler_mediapipeunityplugin.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.windowsBuildArgs", "code-injection", "generated"] + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.bazelBuildArgs", "code-injection", "generated"] + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.iosBuildArgs", "code-injection", "generated"] + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.macosBuildArgs", "code-injection", "generated"] + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.androidBuildArgs", "code-injection", "generated"] + - ["homuler/mediapipeunityplugin/.github/workflows/package.yml", "*", "inputs.linuxBuildArgs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/huggingface_doc-builder.model.yml b/ql/lib/ext/generated/reusable-workflows/huggingface_doc-builder.model.yml new file mode 100644 index 00000000000..d0559519627 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/huggingface_doc-builder.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml", "*", "inputs.package_name", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml", "*", "inputs.repo_owner", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/upload_pr_documentation.yml", "*", "inputs.hub_base_path", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.pr_number", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.commit_sha", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.languages", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.version_tag_suffix", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.additional_args", "code-injection", "generated"] + - ["huggingface/doc-builder/.github/workflows/build_pr_documentation.yml", "*", "inputs.repo_owner", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/huggingface_transformers.model.yml b/ql/lib/ext/generated/reusable-workflows/huggingface_transformers.model.yml new file mode 100644 index 00000000000..ec7b51abd8e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/huggingface_transformers.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["huggingface/transformers/.github/workflows/slack-report.yml", "*", "inputs.folder_slices", "code-injection", "generated"] + - ["huggingface/transformers/.github/workflows/slack-report.yml", "*", "inputs.setup_status", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/hyperion-project_hyperion.ng.model.yml b/ql/lib/ext/generated/reusable-workflows/hyperion-project_hyperion.ng.model.yml new file mode 100644 index 00000000000..92fd43bda75 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/hyperion-project_hyperion.ng.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["hyperion-project/hyperion.ng/.github/workflows/qt5_6.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] + - ["hyperion-project/hyperion.ng/.github/workflows/qt5_6.yml", "*", "inputs.qt_version", "code-injection", "generated"] + - ["hyperion-project/hyperion.ng/.github/workflows/qt5_6.yml", "*", "inputs.event_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/ibm_sarama.model.yml b/ql/lib/ext/generated/reusable-workflows/ibm_sarama.model.yml new file mode 100644 index 00000000000..ca550e4ddd7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/ibm_sarama.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ibm/sarama/.github/workflows/fvt.yml", "*", "inputs.kafka-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/icloud-photos-downloader_icloud_photos_downloader.model.yml b/ql/lib/ext/generated/reusable-workflows/icloud-photos-downloader_icloud_photos_downloader.model.yml new file mode 100644 index 00000000000..580ac8bef0b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/icloud-photos-downloader_icloud_photos_downloader.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["icloud-photos-downloader/icloud_photos_downloader/.github/workflows/build-package.yml", "*", "inputs.icloudpd_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/immich-app_immich.model.yml b/ql/lib/ext/generated/reusable-workflows/immich-app_immich.model.yml new file mode 100644 index 00000000000..463536e9693 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/immich-app_immich.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["immich-app/immich/.github/workflows/build-mobile.yml", "*", "inputs.ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/inria_spoon.model.yml b/ql/lib/ext/generated/reusable-workflows/inria_spoon.model.yml new file mode 100644 index 00000000000..57bf30dc0cc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/inria_spoon.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["inria/spoon/.github/workflows/jreleaser.yml", "*", "inputs.release-script-to-run", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/intel_intel-device-plugins-for-kubernetes.model.yml b/ql/lib/ext/generated/reusable-workflows/intel_intel-device-plugins-for-kubernetes.model.yml new file mode 100644 index 00000000000..b7e49d46e1c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/intel_intel-device-plugins-for-kubernetes.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["intel/intel-device-plugins-for-kubernetes/.github/workflows/lib-publish.yaml", "*", "inputs.image_tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/inverse-inc_packetfence.model.yml b/ql/lib/ext/generated/reusable-workflows/inverse-inc_packetfence.model.yml new file mode 100644 index 00000000000..89257a02fcd --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/inverse-inc_packetfence.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["inverse-inc/packetfence/.github/workflows/reusable_upload_packages.yml", "*", "inputs._PACKAGE_NAME", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/ispc_ispc.model.yml b/ql/lib/ext/generated/reusable-workflows/ispc_ispc.model.yml new file mode 100644 index 00000000000..a645511766b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/ispc_ispc.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ispc/ispc/.github/workflows/reusable.rebuild.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/jetbrains_intellij-platform-gradle-plugin.model.yml b/ql/lib/ext/generated/reusable-workflows/jetbrains_intellij-platform-gradle-plugin.model.yml new file mode 100644 index 00000000000..1a7784c9f01 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/jetbrains_intellij-platform-gradle-plugin.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jetbrains/intellij-platform-gradle-plugin/.github/workflows/reusable-single-unitTest.yml", "*", "inputs.gradleVersion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/jupyter_docker-stacks.model.yml b/ql/lib/ext/generated/reusable-workflows/jupyter_docker-stacks.model.yml new file mode 100644 index 00000000000..ffb7a7d7d10 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/jupyter_docker-stacks.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["jupyter/docker-stacks/.github/workflows/docker-tag-push.yml", "*", "inputs.image", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-tag-push.yml", "*", "inputs.variant", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-tag-push.yml", "*", "inputs.platform", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-merge-tags.yml", "*", "inputs.variant", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-merge-tags.yml", "*", "inputs.image", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-build-test-upload.yml", "*", "inputs.variant", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-build-test-upload.yml", "*", "inputs.image", "code-injection", "generated"] + - ["jupyter/docker-stacks/.github/workflows/docker-build-test-upload.yml", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kairos-io_kairos.model.yml b/ql/lib/ext/generated/reusable-workflows/kairos-io_kairos.model.yml new file mode 100644 index 00000000000..4ae93a83cd8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kairos-io_kairos.model.yml @@ -0,0 +1,23 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kairos-io/kairos/.github/workflows/reusable-zfs-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-upgrade-with-cli-test.yaml", "*", "inputs.flavor_release", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-upgrade-with-cli-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-upgrade-latest-test.yaml", "*", "inputs.family", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-upgrade-latest-test.yaml", "*", "inputs.flavor_release", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-upgrade-latest-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-reset-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.base_image", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.family", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.model", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.flavor_release", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.variant", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-netboot-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-bundles-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-acceptance-test.yaml", "*", "inputs.port", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-qemu-acceptance-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-provider-upgrade-latest-test.yaml", "*", "inputs.flavor_release", "code-injection", "generated"] + - ["kairos-io/kairos/.github/workflows/reusable-provider-upgrade-latest-test.yaml", "*", "inputs.flavor", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kanidm_kanidm.model.yml b/ql/lib/ext/generated/reusable-workflows/kanidm_kanidm.model.yml new file mode 100644 index 00000000000..a63ddd5da67 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kanidm_kanidm.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kanidm/kanidm/.github/workflows/kanidm_individual_book.yml", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kata-containers_kata-containers.model.yml b/ql/lib/ext/generated/reusable-workflows/kata-containers_kata-containers.model.yml new file mode 100644 index 00000000000..e73d0d81875 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kata-containers_kata-containers.model.yml @@ -0,0 +1,20 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kata-containers/kata-containers/.github/workflows/release-s390x.yaml", "*", "inputs.target-arch", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/release-ppc64le.yaml", "*", "inputs.target-arch", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/release-arm64.yaml", "*", "inputs.target-arch", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/release-amd64.yaml", "*", "inputs.target-arch", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-s390x.yaml", "*", "inputs.tag", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-s390x.yaml", "*", "inputs.repo", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-s390x.yaml", "*", "inputs.registry", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml", "*", "inputs.tag", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml", "*", "inputs.repo", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml", "*", "inputs.registry", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-arm64.yaml", "*", "inputs.tag", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-arm64.yaml", "*", "inputs.repo", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-arm64.yaml", "*", "inputs.registry", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-amd64.yaml", "*", "inputs.tag", "code-injection", "generated"] + - ["kata-containers/kata-containers/.github/workflows/publish-kata-deploy-payload-amd64.yaml", "*", "inputs.repo", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kiali_kiali.model.yml b/ql/lib/ext/generated/reusable-workflows/kiali_kiali.model.yml new file mode 100644 index 00000000000..3a911989874 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kiali_kiali.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kiali/kiali/.github/workflows/test-images-creator.yml", "*", "inputs.build_mode", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/test-images-creator.yml", "*", "inputs.release_branch", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/test-images-creator.yml", "*", "inputs.images_tag", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/test-images-creator.yml", "*", "inputs.quay_org", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-frontend.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-frontend-tempo.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-frontend-multicluster-primary-remote.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-frontend-multicluster-multi-primary.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-backend.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/integration-tests-backend-multicluster-external-controlplane.yml", "*", "inputs.istio_version", "code-injection", "generated"] + - ["kiali/kiali/.github/workflows/build-frontend.yml", "*", "inputs.target_branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kotest_kotest.model.yml b/ql/lib/ext/generated/reusable-workflows/kotest_kotest.model.yml new file mode 100644 index 00000000000..3c525970ecc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kotest_kotest.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kotest/kotest/.github/workflows/run-gradle.yml", "*", "inputs.task", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kubernetes_ingress-nginx.model.yml b/ql/lib/ext/generated/reusable-workflows/kubernetes_ingress-nginx.model.yml new file mode 100644 index 00000000000..187b3d2fd0a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kubernetes_ingress-nginx.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubernetes/ingress-nginx/.github/workflows/zz-tmpl-k8s-e2e.yaml", "*", "inputs.k8s-version", "code-injection", "generated"] + - ["kubernetes/ingress-nginx/.github/workflows/zz-tmpl-images.yaml", "*", "inputs.name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kubescape_kubescape.model.yml b/ql/lib/ext/generated/reusable-workflows/kubescape_kubescape.model.yml new file mode 100644 index 00000000000..3e11359c6b3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kubescape_kubescape.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubescape/kubescape/.github/workflows/d-publish-image.yaml", "*", "inputs.image_tag", "code-injection", "generated"] + - ["kubescape/kubescape/.github/workflows/d-publish-image.yaml", "*", "inputs.image_name", "code-injection", "generated"] + - ["kubescape/kubescape/.github/workflows/d-publish-image.yaml", "*", "inputs.client", "code-injection", "generated"] + - ["kubescape/kubescape/.github/workflows/a-pr-scanner.yaml", "*", "inputs.UNIT_TESTS_PATH", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kubeshop_botkube.model.yml b/ql/lib/ext/generated/reusable-workflows/kubeshop_botkube.model.yml new file mode 100644 index 00000000000..50bbdaf8153 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kubeshop_botkube.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kubeshop/botkube/.github/workflows/process-chart.yml", "*", "inputs.next-version", "code-injection", "generated"] + - ["kubeshop/botkube/.github/workflows/process-chart.yml", "*", "inputs.release-branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/kumahq_kuma.model.yml b/ql/lib/ext/generated/reusable-workflows/kumahq_kuma.model.yml new file mode 100644 index 00000000000..9f30976bbad --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/kumahq_kuma.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["kumahq/kuma/.github/workflows/_build_publish.yaml", "*", "inputs.VERSION_NAME", "code-injection", "generated"] + - ["kumahq/kuma/.github/workflows/_build_publish.yaml", "*", "inputs.REGISTRY", "code-injection", "generated"] + - ["kumahq/kuma/.github/workflows/_test.yaml", "*", "inputs.FULL_MATRIX", "code-injection", "generated"] + - ["kumahq/kuma/.github/workflows/_e2e.yaml", "*", "inputs.matrix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/labring_sealos.model.yml b/ql/lib/ext/generated/reusable-workflows/labring_sealos.model.yml new file mode 100644 index 00000000000..81a419fec0d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/labring_sealos.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["labring/sealos/.github/workflows/services.yml", "*", "inputs.push_image_tag", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/services.yml", "*", "inputs.push_image", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/objectstorage.yaml", "*", "inputs.build_from", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/objectstorage.yaml", "*", "inputs.push_image_tag", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/objectstorage.yaml", "*", "inputs.push_image", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/import-patch-image.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/frontend.yml", "*", "inputs.push_image_tag", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/frontend.yml", "*", "inputs.push_image", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/controllers.yml", "*", "inputs.push_image_tag", "code-injection", "generated"] + - ["labring/sealos/.github/workflows/controllers.yml", "*", "inputs.push_image", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/laion-ai_open-assistant.model.yml b/ql/lib/ext/generated/reusable-workflows/laion-ai_open-assistant.model.yml new file mode 100644 index 00000000000..35fd748afbe --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/laion-ai_open-assistant.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["laion-ai/open-assistant/.github/workflows/docker-build.yaml", "*", "inputs.context", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/learningequality_kolibri.model.yml b/ql/lib/ext/generated/reusable-workflows/learningequality_kolibri.model.yml new file mode 100644 index 00000000000..192b1b60843 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/learningequality_kolibri.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["learningequality/kolibri/.github/workflows/upload_github_release_asset.yml", "*", "inputs.release_id", "code-injection", "generated"] + - ["learningequality/kolibri/.github/workflows/upload_github_release_asset.yml", "*", "inputs.filename", "code-injection", "generated"] + - ["learningequality/kolibri/.github/workflows/pypi_upload.yml", "*", "inputs.tar-file-name", "code-injection", "generated"] + - ["learningequality/kolibri/.github/workflows/pypi_upload.yml", "*", "inputs.whl-file-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/lensesio_stream-reactor.model.yml b/ql/lib/ext/generated/reusable-workflows/lensesio_stream-reactor.model.yml new file mode 100644 index 00000000000..5a397f743a3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/lensesio_stream-reactor.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lensesio/stream-reactor/.github/workflows/build.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/leptos-rs_leptos.model.yml b/ql/lib/ext/generated/reusable-workflows/leptos-rs_leptos.model.yml new file mode 100644 index 00000000000..97f40ee7c07 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/leptos-rs_leptos.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["leptos-rs/leptos/.github/workflows/run-cargo-make-task.yml", "*", "inputs.directory", "code-injection", "generated"] + - ["leptos-rs/leptos/.github/workflows/run-cargo-make-task.yml", "*", "inputs.cargo_make_task", "code-injection", "generated"] + - ["leptos-rs/leptos/.github/workflows/get-changed-examples-matrix.yml", "*", "inputs.example_changed", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/lightning-ai_pytorch-lightning.model.yml b/ql/lib/ext/generated/reusable-workflows/lightning-ai_pytorch-lightning.model.yml new file mode 100644 index 00000000000..293939322e2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/lightning-ai_pytorch-lightning.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lightning-ai/pytorch-lightning/.github/workflows/_legacy-checkpoints.yml", "*", "inputs.push_to_s3", "code-injection", "generated"] + - ["lightning-ai/pytorch-lightning/.github/workflows/_legacy-checkpoints.yml", "*", "inputs.pl_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/liquibase_liquibase.model.yml b/ql/lib/ext/generated/reusable-workflows/liquibase_liquibase.model.yml new file mode 100644 index 00000000000..c3aa198743d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/liquibase_liquibase.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["liquibase/liquibase/.github/workflows/build-azure-uber-jar.yml", "*", "inputs.liquibase-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/litestar-org_litestar.model.yml b/ql/lib/ext/generated/reusable-workflows/litestar-org_litestar.model.yml new file mode 100644 index 00000000000..1ea78b01cd6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/litestar-org_litestar.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["litestar-org/litestar/.github/workflows/test.yml", "*", "inputs.python-version", "code-injection", "generated"] + - ["litestar-org/litestar/.github/workflows/notify-released-issues.yml", "*", "inputs.release_tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/llvm_circt.model.yml b/ql/lib/ext/generated/reusable-workflows/llvm_circt.model.yml new file mode 100644 index 00000000000..23bd3adc5a4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/llvm_circt.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.package_name_prefix", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.install", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.llvm_force_enable_stats", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.llvm_enable_assertions", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.build_shared_libs", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.cmake_build_type", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.cmake_cxx_compiler", "code-injection", "generated"] + - ["llvm/circt/.github/workflows/unifiedBuildTestAndInstall.yml", "*", "inputs.cmake_c_compiler", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/lnbits_lnbits.model.yml b/ql/lib/ext/generated/reusable-workflows/lnbits_lnbits.model.yml new file mode 100644 index 00000000000..77c7570ec0e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/lnbits_lnbits.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lnbits/lnbits/.github/workflows/make.yml", "*", "inputs.make", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/lutris_lutris.model.yml b/ql/lib/ext/generated/reusable-workflows/lutris_lutris.model.yml new file mode 100644 index 00000000000..46cc5092355 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/lutris_lutris.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["lutris/lutris/.github/workflows/publish-ppa.yml", "*", "inputs.PPA_URI", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mailu_mailu.model.yml b/ql/lib/ext/generated/reusable-workflows/mailu_mailu.model.yml new file mode 100644 index 00000000000..78a5584d04b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mailu_mailu.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mailu/mailu/.github/workflows/build_test_deploy.yml", "*", "inputs.pinned_mailu_version", "code-injection", "generated"] + - ["mailu/mailu/.github/workflows/build_test_deploy.yml", "*", "inputs.mailu_version", "code-injection", "generated"] + - ["mailu/mailu/.github/workflows/build_test_deploy.yml", "*", "inputs.docker_org", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mamba-org_mamba.model.yml b/ql/lib/ext/generated/reusable-workflows/mamba-org_mamba.model.yml new file mode 100644 index 00000000000..1c3e5b565be --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mamba-org_mamba.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mamba-org/mamba/.github/workflows/windows_impl.yml", "*", "inputs.build_type", "code-injection", "generated"] + - ["mamba-org/mamba/.github/workflows/unix_impl.yml", "*", "inputs.build_type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/manticoresoftware_manticoresearch.model.yml b/ql/lib/ext/generated/reusable-workflows/manticoresoftware_manticoresearch.model.yml new file mode 100644 index 00000000000..7e8d8061fc5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/manticoresoftware_manticoresearch.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["manticoresoftware/manticoresearch/.github/workflows/win_test_template.yml", "*", "inputs.CTEST_END", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/win_test_template.yml", "*", "inputs.CTEST_START", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/test_template.yml", "*", "inputs.xml_command", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/test_template.yml", "*", "inputs.artifact_name", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/build_template.yml", "*", "inputs.cmake_command", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/build_template.yml", "*", "inputs.artifact_name", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/build_template.yml", "*", "inputs.CTEST_CONFIGURATION_TYPE", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/build_template.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["manticoresoftware/manticoresearch/.github/workflows/build_template.yml", "*", "inputs.DISTR", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/marcelotduarte_cx_freeze.model.yml b/ql/lib/ext/generated/reusable-workflows/marcelotduarte_cx_freeze.model.yml new file mode 100644 index 00000000000..21e3fdb8874 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/marcelotduarte_cx_freeze.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["marcelotduarte/cx_freeze/.github/workflows/build-wheel.yml", "*", "inputs.branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/materialdesigninxaml_materialdesigninxamltoolkit.model.yml b/ql/lib/ext/generated/reusable-workflows/materialdesigninxaml_materialdesigninxamltoolkit.model.yml new file mode 100644 index 00000000000..67e49a5716c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/materialdesigninxaml_materialdesigninxamltoolkit.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["materialdesigninxaml/materialdesigninxamltoolkit/.github/workflows/build_artifacts.yml", "*", "inputs.mdix-mahapps-version", "code-injection", "generated"] + - ["materialdesigninxaml/materialdesigninxamltoolkit/.github/workflows/build_artifacts.yml", "*", "inputs.mdix-colors-version", "code-injection", "generated"] + - ["materialdesigninxaml/materialdesigninxamltoolkit/.github/workflows/build_artifacts.yml", "*", "inputs.mdix-version", "code-injection", "generated"] + - ["materialdesigninxaml/materialdesigninxamltoolkit/.github/workflows/build_artifacts.yml", "*", "inputs.build-configuration", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/matter-labs_zksync-era.model.yml b/ql/lib/ext/generated/reusable-workflows/matter-labs_zksync-era.model.yml new file mode 100644 index 00000000000..2f30003359c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/matter-labs_zksync-era.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["matter-labs/zksync-era/.github/workflows/ci-core-reusable.yml", "*", "inputs.compilers", "code-injection", "generated"] + - ["matter-labs/zksync-era/.github/workflows/build-prover-template.yml", "*", "inputs.image_tag_suffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mattermost_desktop.model.yml b/ql/lib/ext/generated/reusable-workflows/mattermost_desktop.model.yml new file mode 100644 index 00000000000..ed9091f37ae --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mattermost_desktop.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mattermost/desktop/.github/workflows/e2e-functional-template.yml", "*", "inputs.nightly", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mattermost_mattermost.model.yml b/ql/lib/ext/generated/reusable-workflows/mattermost_mattermost.model.yml new file mode 100644 index 00000000000..d940c6a98b0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mattermost_mattermost.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mattermost/mattermost/.github/workflows/server-test-template.yml", "*", "inputs.name", "code-injection", "generated"] + - ["mattermost/mattermost/.github/workflows/server-test-template.yml", "*", "inputs.drivername", "code-injection", "generated"] + - ["mattermost/mattermost/.github/workflows/server-test-template.yml", "*", "inputs.datasource", "code-injection", "generated"] + - ["mattermost/mattermost/.github/workflows/mmctl-test-template.yml", "*", "inputs.datasource", "code-injection", "generated"] + - ["mattermost/mattermost/.github/workflows/esrupgrade-common.yml", "*", "inputs.db-dump-url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mealie-recipes_mealie.model.yml b/ql/lib/ext/generated/reusable-workflows/mealie-recipes_mealie.model.yml new file mode 100644 index 00000000000..57b56667fbe --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mealie-recipes_mealie.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mealie-recipes/mealie/.github/workflows/partial-builder.yml", "*", "inputs.tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/meshery_meshery.model.yml b/ql/lib/ext/generated/reusable-workflows/meshery_meshery.model.yml new file mode 100644 index 00000000000..4ffee539cd4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/meshery_meshery.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.adapter_version", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.sm_version", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.expected_resources_namespaces", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.expected_resources_types", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.expected_resources", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.adapter_name", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.patternfile_name", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.service_url", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.deployment_url", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adaptersv2.yaml", "*", "inputs.provider", "code-injection", "generated"] + - ["meshery/meshery/.github/workflows/test_adapters.yaml", "*", "inputs.adapter_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/meshtastic_firmware.model.yml b/ql/lib/ext/generated/reusable-workflows/meshtastic_firmware.model.yml new file mode 100644 index 00000000000..bfe525b2c0e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/meshtastic_firmware.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["meshtastic/firmware/.github/workflows/build_rpi2040.yml", "*", "inputs.board", "code-injection", "generated"] + - ["meshtastic/firmware/.github/workflows/build_nrf52.yml", "*", "inputs.board", "code-injection", "generated"] + - ["meshtastic/firmware/.github/workflows/build_esp32_s3.yml", "*", "inputs.board", "code-injection", "generated"] + - ["meshtastic/firmware/.github/workflows/build_esp32_c3.yml", "*", "inputs.board", "code-injection", "generated"] + - ["meshtastic/firmware/.github/workflows/build_esp32.yml", "*", "inputs.board", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microcks_microcks.model.yml b/ql/lib/ext/generated/reusable-workflows/microcks_microcks.model.yml new file mode 100644 index 00000000000..647bd0ae193 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microcks_microcks.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microcks/microcks/.github/workflows/package-native.yml", "*", "inputs.image-tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_applicationinsights-java.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_applicationinsights-java.model.yml new file mode 100644 index 00000000000..b09fcb7f102 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_applicationinsights-java.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/applicationinsights-java/.github/workflows/reusable-scheduled-job-notification.yml", "*", "inputs.success", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_chat-copilot.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_chat-copilot.model.yml new file mode 100644 index 00000000000..f83101f511c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_chat-copilot.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/chat-copilot/.github/workflows/copilot-run-integration-tests.yml", "*", "inputs.BACKEND_HOST", "code-injection", "generated"] + - ["microsoft/chat-copilot/.github/workflows/copilot-deploy-plugins.yml", "*", "inputs.DEPLOYMENT_NAME", "code-injection", "generated"] + - ["microsoft/chat-copilot/.github/workflows/copilot-deploy-plugins.yml", "*", "inputs.ARTIFACT_NAME", "code-injection", "generated"] + - ["microsoft/chat-copilot/.github/workflows/copilot-deploy-memorypipeline.yml", "*", "inputs.DEPLOYMENT_NAME", "code-injection", "generated"] + - ["microsoft/chat-copilot/.github/workflows/copilot-deploy-backend.yml", "*", "inputs.DEPLOYMENT_NAME", "code-injection", "generated"] + - ["microsoft/chat-copilot/.github/workflows/copilot-deploy-backend.yml", "*", "inputs.ARTIFACT_NAME", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_msquic.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_msquic.model.yml new file mode 100644 index 00000000000..7a60c93516d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_msquic.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/msquic/.github/workflows/build-reuse-winkernel.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-winkernel.yml", "*", "inputs.tls", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-winkernel.yml", "*", "inputs.config", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.sanitize", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.plat", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.static", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.tls", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-win.yml", "*", "inputs.config", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-unix.yml", "*", "inputs.sanitize", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-unix.yml", "*", "inputs.codecheck", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-unix.yml", "*", "inputs.systemcrypto", "code-injection", "generated"] + - ["microsoft/msquic/.github/workflows/build-reuse-unix.yml", "*", "inputs.plat", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_oryx.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_oryx.model.yml new file mode 100644 index 00000000000..14d7e741dac --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_oryx.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/oryx/.github/workflows/automationTemplate.yaml", "*", "inputs.platformName", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_pr-metrics.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_pr-metrics.model.yml new file mode 100644 index 00000000000..bb0e3a6a2b6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_pr-metrics.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/pr-metrics/.github/workflows/release-phase-1-internal.yml", "*", "inputs.patch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_react-native-windows-samples.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_react-native-windows-samples.model.yml new file mode 100644 index 00000000000..aa8f4e6b518 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_react-native-windows-samples.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/react-native-windows-samples/.github/workflows/template-upgradesample.yml", "*", "inputs.extraRunWindowsArgs", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-upgradesample.yml", "*", "inputs.platform", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-upgradesample.yml", "*", "inputs.extraInitWindowsArgs", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-upgradesample.yml", "*", "inputs.reactNativeWindowsVersion", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-upgradesample.yml", "*", "inputs.sampleName", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-buildsample.yml", "*", "inputs.extraRunWindowsArgs", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-buildsample.yml", "*", "inputs.platform", "code-injection", "generated"] + - ["microsoft/react-native-windows-samples/.github/workflows/template-buildsample.yml", "*", "inputs.sampleName", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/microsoft_vscode-cpptools.model.yml b/ql/lib/ext/generated/reusable-workflows/microsoft_vscode-cpptools.model.yml new file mode 100644 index 00000000000..c9af1a40ddc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/microsoft_vscode-cpptools.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["microsoft/vscode-cpptools/.github/workflows/job-compile-and-test.yml", "*", "inputs.yarn-args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/moby_buildkit.model.yml b/ql/lib/ext/generated/reusable-workflows/moby_buildkit.model.yml new file mode 100644 index 00000000000..863bc645d98 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/moby_buildkit.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["moby/buildkit/.github/workflows/.test.yml", "*", "inputs.env", "code-injection", "generated"] + - ["moby/buildkit/.github/workflows/.test.yml", "*", "inputs.includes", "code-injection", "generated"] + - ["moby/buildkit/.github/workflows/.test.yml", "*", "inputs.tags", "code-injection", "generated"] + - ["moby/buildkit/.github/workflows/.test.yml", "*", "inputs.kinds", "code-injection", "generated"] + - ["moby/buildkit/.github/workflows/.test.yml", "*", "inputs.pkgs", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/moby_moby.model.yml b/ql/lib/ext/generated/reusable-workflows/moby_moby.model.yml new file mode 100644 index 00000000000..6e898a4e452 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/moby_moby.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["moby/moby/.github/workflows/.windows.yml", "*", "inputs.storage", "code-injection", "generated"] + - ["moby/moby/.github/workflows/.windows.yml", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mosaicml_composer.model.yml b/ql/lib/ext/generated/reusable-workflows/mosaicml_composer.model.yml new file mode 100644 index 00000000000..a08a96a897e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mosaicml_composer.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.context", "code-injection", "generated"] + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.tags", "code-injection", "generated"] + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.image-name", "code-injection", "generated"] + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.image-uuid", "code-injection", "generated"] + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.staging-repo", "code-injection", "generated"] + - ["mosaicml/composer/.github/workflows/docker-configure-build-push.yaml", "*", "inputs.staging", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/msys2_setup-msys2.model.yml b/ql/lib/ext/generated/reusable-workflows/msys2_setup-msys2.model.yml new file mode 100644 index 00000000000..f7aafb13455 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/msys2_setup-msys2.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["msys2/setup-msys2/.github/workflows/PKGBUILD.yml", "*", "inputs.test", "code-injection", "generated"] + - ["msys2/setup-msys2/.github/workflows/PKGBUILD.yml", "*", "inputs.path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mudler_localai.model.yml b/ql/lib/ext/generated/reusable-workflows/mudler_localai.model.yml new file mode 100644 index 00000000000..6107ae0e57c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mudler_localai.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mudler/localai/.github/workflows/image_build.yml", "*", "inputs.latest-image-aio", "code-injection", "generated"] + - ["mudler/localai/.github/workflows/image_build.yml", "*", "inputs.latest-image", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/mustardchef_wsabuilds.model.yml b/ql/lib/ext/generated/reusable-workflows/mustardchef_wsabuilds.model.yml new file mode 100644 index 00000000000..74e0182cc4f --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/mustardchef_wsabuilds.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["mustardchef/wsabuilds/.github/workflows/buildarm64.yml", "*", "inputs.amazonflag", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/buildarm64.yml", "*", "inputs.magiskver", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/buildarm64.yml", "*", "inputs.root", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/buildarm64.yml", "*", "inputs.gapps", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/buildarm64.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/build.yml", "*", "inputs.amazonflag", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/build.yml", "*", "inputs.magiskver", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/build.yml", "*", "inputs.root", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/build.yml", "*", "inputs.gapps", "code-injection", "generated"] + - ["mustardchef/wsabuilds/.github/workflows/build.yml", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/n8n-io_n8n.model.yml b/ql/lib/ext/generated/reusable-workflows/n8n-io_n8n.model.yml new file mode 100644 index 00000000000..4bbd06a86f5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/n8n-io_n8n.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["n8n-io/n8n/.github/workflows/e2e-reusable.yml", "*", "inputs.pr_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/napari_napari.model.yml b/ql/lib/ext/generated/reusable-workflows/napari_napari.model.yml new file mode 100644 index 00000000000..59bdab8f39b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/napari_napari.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["napari/napari/.github/workflows/reusable_run_tox_test.yml", "*", "inputs.qt_backend", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nasa_fprime.model.yml b/ql/lib/ext/generated/reusable-workflows/nasa_fprime.model.yml new file mode 100644 index 00000000000..6988e25d41c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nasa_fprime.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nasa/fprime/.github/workflows/reusable-project-builder.yml", "*", "inputs.target_platform", "code-injection", "generated"] + - ["nasa/fprime/.github/workflows/reusable-project-builder.yml", "*", "inputs.fprime_location", "code-injection", "generated"] + - ["nasa/fprime/.github/workflows/reusable-get-pr-branch.yml", "*", "inputs.default_target_ref", "code-injection", "generated"] + - ["nasa/fprime/.github/workflows/reusable-get-pr-branch.yml", "*", "inputs.target_repository", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nautobot_nautobot.model.yml b/ql/lib/ext/generated/reusable-workflows/nautobot_nautobot.model.yml new file mode 100644 index 00000000000..3c025f59b78 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nautobot_nautobot.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nautobot/nautobot/.github/workflows/plugin_upstream_testing_base.yml", "*", "inputs.invoke_context_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nektos_act.model.yml b/ql/lib/ext/generated/reusable-workflows/nektos_act.model.yml new file mode 100644 index 00000000000..5de0d170d40 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nektos_act.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nektos/act/pkg/runner/testdata/workflow_call_inputs/workflow_call_inputs.yml", "*", "inputs.with_default", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/workflow_call_inputs/workflow_call_inputs.yml", "*", "inputs.required", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.string_required", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.number_optional", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.number_required", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.bool_optional", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.bool_required", "code-injection", "generated"] + - ["nektos/act/pkg/runner/testdata/.github/workflows/local-reusable-workflow.yml", "*", "inputs.string_optional", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/neovim_neovim.model.yml b/ql/lib/ext/generated/reusable-workflows/neovim_neovim.model.yml new file mode 100644 index 00000000000..19d38d1241d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/neovim_neovim.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["neovim/neovim/.github/workflows/test_windows.yml", "*", "inputs.build_flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nethermindeth_nethermind.model.yml b/ql/lib/ext/generated/reusable-workflows/nethermindeth_nethermind.model.yml new file mode 100644 index 00000000000..b1c787677a6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nethermindeth_nethermind.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.custom_run_id", "code-injection", "generated"] + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.non_validator_mode", "code-injection", "generated"] + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.additional_optimism_options", "code-injection", "generated"] + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.network", "code-injection", "generated"] + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.additional_options", "code-injection", "generated"] + - ["nethermindeth/nethermind/.github/workflows/run-a-single-node-from-branch.yml", "*", "inputs.cl_client", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-dotnet-agent.model.yml b/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-dotnet-agent.model.yml new file mode 100644 index 00000000000..249c734f55b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-dotnet-agent.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["newrelic/newrelic-dotnet-agent/.github/workflows/publish_release_notes.yml", "*", "inputs.agent_version", "code-injection", "generated"] + - ["newrelic/newrelic-dotnet-agent/.github/workflows/post_deploy_agent.yml", "*", "inputs.test_mode", "code-injection", "generated"] + - ["newrelic/newrelic-dotnet-agent/.github/workflows/multiverse_run.yml", "*", "inputs.agentVersion", "code-injection", "generated"] + - ["newrelic/newrelic-dotnet-agent/.github/workflows/build_download_site_index_files.yml", "*", "inputs.dry-run", "code-injection", "generated"] + - ["newrelic/newrelic-dotnet-agent/.github/workflows/build_download_site_index_files.yml", "*", "inputs.prefix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-java-agent.model.yml b/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-java-agent.model.yml new file mode 100644 index 00000000000..46951b5436d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/newrelic_newrelic-java-agent.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["newrelic/newrelic-java-agent/.github/workflows/X-Reusable-VerifyInstrumentation.yml", "*", "inputs.page", "code-injection", "generated"] + - ["newrelic/newrelic-java-agent/.github/workflows/GHA-Unit-Tests.yaml", "*", "inputs.agent-ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/newrelic_node-newrelic.model.yml b/ql/lib/ext/generated/reusable-workflows/newrelic_node-newrelic.model.yml new file mode 100644 index 00000000000..cd1d0f318ef --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/newrelic_node-newrelic.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["newrelic/node-newrelic/.github/workflows/release-creation.yml", "*", "inputs.changelog_file", "code-injection", "generated"] + - ["newrelic/node-newrelic/.github/workflows/release-creation.yml", "*", "inputs.workflows", "code-injection", "generated"] + - ["newrelic/node-newrelic/.github/workflows/prep-release.yml", "*", "inputs.changelog_file", "code-injection", "generated"] + - ["newrelic/node-newrelic/.github/workflows/prep-release.yml", "*", "inputs.release_type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nexus-mods_nexusmods.app.model.yml b/ql/lib/ext/generated/reusable-workflows/nexus-mods_nexusmods.app.model.yml new file mode 100644 index 00000000000..4055874a790 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nexus-mods_nexusmods.app.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nexus-mods/nexusmods.app/.github/workflows/build-windows-pupnet.yaml", "*", "inputs.AppVersion", "code-injection", "generated"] + - ["nexus-mods/nexusmods.app/.github/workflows/build-windows-pupnet.yaml", "*", "inputs.PupNetVersion", "code-injection", "generated"] + - ["nexus-mods/nexusmods.app/.github/workflows/build-linux-pupnet.yaml", "*", "inputs.AppVersion", "code-injection", "generated"] + - ["nexus-mods/nexusmods.app/.github/workflows/build-linux-pupnet.yaml", "*", "inputs.PupNetVersion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nginxinc_kubernetes-ingress.model.yml b/ql/lib/ext/generated/reusable-workflows/nginxinc_kubernetes-ingress.model.yml new file mode 100644 index 00000000000..bccd7271b08 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nginxinc_kubernetes-ingress.model.yml @@ -0,0 +1,16 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nginxinc/kubernetes-ingress/.github/workflows/retag-images.yml", "*", "inputs.target_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/retag-images.yml", "*", "inputs.source_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/retag-images.yml", "*", "inputs.dry_run", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/plus-release.yml", "*", "inputs.target_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/plus-release.yml", "*", "inputs.source_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/plus-release.yml", "*", "inputs.dry_run", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/plus-release.yml", "*", "inputs.short_target_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/oss-release.yml", "*", "inputs.short_target_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/oss-release.yml", "*", "inputs.target_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/oss-release.yml", "*", "inputs.source_tag", "code-injection", "generated"] + - ["nginxinc/kubernetes-ingress/.github/workflows/oss-release.yml", "*", "inputs.dry_run", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/nocodb_nocodb.model.yml b/ql/lib/ext/generated/reusable-workflows/nocodb_nocodb.model.yml new file mode 100644 index 00000000000..56528159143 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/nocodb_nocodb.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["nocodb/nocodb/.github/workflows/playwright-test-workflow.yml", "*", "inputs.shard", "code-injection", "generated"] + - ["nocodb/nocodb/.github/workflows/playwright-test-workflow.yml", "*", "inputs.db", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/novuhq_novu.model.yml b/ql/lib/ext/generated/reusable-workflows/novuhq_novu.model.yml new file mode 100644 index 00000000000..c4a9b07ed99 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/novuhq_novu.model.yml @@ -0,0 +1,20 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["novuhq/novu/.github/workflows/reusable-workers-service-deploy.yml", "*", "inputs.docker_image", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-workers-service-deploy.yml", "*", "inputs.terraform_workspace", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-widget-deploy.yml", "*", "inputs.react_app_environment", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-widget-deploy.yml", "*", "inputs.react_app_sentry_dsn", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-widget-deploy.yml", "*", "inputs.react_app_webhook_url", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-widget-deploy.yml", "*", "inputs.react_app_ws_url", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-widget-deploy.yml", "*", "inputs.react_app_api_url", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_hubspot_embed", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_mail_server_domain", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_environment", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_sentry_dsn", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_widget_embed_path", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_webhook_url", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_ws_url", "code-injection", "generated"] + - ["novuhq/novu/.github/workflows/reusable-web-deploy.yml", "*", "inputs.react_app_api_url", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_abbrev-js.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_abbrev-js.model.yml new file mode 100644 index 00000000000..db4f26083a0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_abbrev-js.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/abbrev-js/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_cli.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_cli.model.yml new file mode 100644 index 00000000000..c12a079e2e2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_cli.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/cli/.github/workflows/node-integration.yml", "*", "inputs.npmVersion", "code-injection", "generated"] + - ["npm/cli/.github/workflows/node-integration.yml", "*", "inputs.nodeVersion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_fs-minipass.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_fs-minipass.model.yml new file mode 100644 index 00000000000..3b7122a7a13 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_fs-minipass.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/fs-minipass/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_hosted-git-info.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_hosted-git-info.model.yml new file mode 100644 index 00000000000..3e80edaaaff --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_hosted-git-info.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/hosted-git-info/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_ini.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_ini.model.yml new file mode 100644 index 00000000000..99717acf024 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_ini.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/ini/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_json-parse-even-better-errors.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_json-parse-even-better-errors.model.yml new file mode 100644 index 00000000000..d9a066c2b22 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_json-parse-even-better-errors.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/json-parse-even-better-errors/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_minify-registry-metadata.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_minify-registry-metadata.model.yml new file mode 100644 index 00000000000..83e68740ac0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_minify-registry-metadata.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/minify-registry-metadata/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_mute-stream.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_mute-stream.model.yml new file mode 100644 index 00000000000..45f05ea8826 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_mute-stream.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/mute-stream/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_node-semver.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_node-semver.model.yml new file mode 100644 index 00000000000..1cd25da918f --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_node-semver.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/node-semver/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_node-which.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_node-which.model.yml new file mode 100644 index 00000000000..2d5a077f1f4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_node-which.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/node-which/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_nopt.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_nopt.model.yml new file mode 100644 index 00000000000..98571dfc5d9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_nopt.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/nopt/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_normalize-package-data.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_normalize-package-data.model.yml new file mode 100644 index 00000000000..8cbd1927fe0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_normalize-package-data.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/normalize-package-data/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/npm_write-file-atomic.model.yml b/ql/lib/ext/generated/reusable-workflows/npm_write-file-atomic.model.yml new file mode 100644 index 00000000000..6d3466f0927 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/npm_write-file-atomic.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["npm/write-file-atomic/.github/workflows/release-integration.yml", "*", "inputs.releases", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/onflow_cadence.model.yml b/ql/lib/ext/generated/reusable-workflows/onflow_cadence.model.yml new file mode 100644 index 00000000000..c7178a298ef --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/onflow_cadence.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["onflow/cadence/.github/workflows/compatibility-check-template.yml", "*", "inputs.base-branch", "code-injection", "generated"] + - ["onflow/cadence/.github/workflows/compatibility-check-template.yml", "*", "inputs.repo", "code-injection", "generated"] + - ["onflow/cadence/.github/workflows/compatibility-check-template.yml", "*", "inputs.current-branch", "code-injection", "generated"] + - ["onflow/cadence/.github/workflows/compatibility-check-template.yml", "*", "inputs.chain", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-goal_jak-project.model.yml b/ql/lib/ext/generated/reusable-workflows/open-goal_jak-project.model.yml new file mode 100644 index 00000000000..08feb2033ff --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-goal_jak-project.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-goal/jak-project/.github/workflows/windows-build-msvc.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] + - ["open-goal/jak-project/.github/workflows/windows-build-clang.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] + - ["open-goal/jak-project/.github/workflows/macos-build.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] + - ["open-goal/jak-project/.github/workflows/macos-build-arm.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] + - ["open-goal/jak-project/.github/workflows/linux-build-gcc.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] + - ["open-goal/jak-project/.github/workflows/linux-build-clang.yaml", "*", "inputs.cmakePreset", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-demo.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-demo.model.yml new file mode 100644 index 00000000000..3483cc13b9e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-demo.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-demo/.github/workflows/build-images.yml", "*", "inputs.push", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet-contrib.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet-contrib.model.yml new file mode 100644 index 00000000000..45350e121a0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet-contrib.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-dotnet-contrib/.github/workflows/Component.Package.yml", "*", "inputs.project-name", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-dotnet-contrib/.github/workflows/Component.BuildTest.yml", "*", "inputs.project-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet.model.yml new file mode 100644 index 00000000000..9665157b3ad --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-dotnet.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-dotnet/.github/workflows/Component.BuildTest.yml", "*", "inputs.project-name", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-dotnet/.github/workflows/Component.BuildTest.yml", "*", "inputs.project-build-commands", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-java-instrumentation.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-java-instrumentation.model.yml new file mode 100644 index 00000000000..9ef65a67c03 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-java-instrumentation.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-java-instrumentation/.github/workflows/reusable-workflow-notification.yml", "*", "inputs.success", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-java-instrumentation/.github/workflows/reusable-smoke-test-images.yml", "*", "inputs.project", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-js-contrib.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-js-contrib.model.yml new file mode 100644 index 00000000000..eade5ecdae1 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-js-contrib.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-js-contrib/.github/workflows/test-all-versions.yml", "*", "inputs.npm-workspace-args", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-operator.model.yml b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-operator.model.yml new file mode 100644 index 00000000000..1478244cc9c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/open-telemetry_opentelemetry-operator.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["open-telemetry/opentelemetry-operator/.github/workflows/reusable-publish-autoinstrumentation-e2e-images.yaml", "*", "inputs.language", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-operator/.github/workflows/reusable-operator-hub-release.yaml", "*", "inputs.org", "code-injection", "generated"] + - ["open-telemetry/opentelemetry-operator/.github/workflows/reusable-operator-hub-release.yaml", "*", "inputs.repo", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openbao_openbao.model.yml b/ql/lib/ext/generated/reusable-workflows/openbao_openbao.model.yml new file mode 100644 index 00000000000..8bb0915294c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openbao_openbao.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openbao/openbao/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.path", "code-injection", "generated"] + - ["openbao/openbao/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.name", "code-injection", "generated"] + - ["openbao/openbao/.github/workflows/test-go.yml", "*", "inputs.name", "code-injection", "generated"] + - ["openbao/openbao/.github/workflows/test-go.yml", "*", "inputs.go-arch", "code-injection", "generated"] + - ["openbao/openbao/.github/workflows/test-go.yml", "*", "inputs.binary-tests", "code-injection", "generated"] + - ["openbao/openbao/.github/workflows/test-go.yml", "*", "inputs.total-runners", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openhab_openhab-docs.model.yml b/ql/lib/ext/generated/reusable-workflows/openhab_openhab-docs.model.yml new file mode 100644 index 00000000000..cba6c4fbe5a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openhab_openhab-docs.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openhab/openhab-docs/.github/workflows/fetch_external_docs_reusable.yml", "*", "inputs.doc_base_name", "code-injection", "generated"] + - ["openhab/openhab-docs/.github/workflows/fetch_external_docs_reusable.yml", "*", "inputs.base_file", "code-injection", "generated"] + - ["openhab/openhab-docs/.github/workflows/fetch_external_docs_reusable.yml", "*", "inputs.doc_base_file", "code-injection", "generated"] + - ["openhab/openhab-docs/.github/workflows/fetch_external_docs_reusable.yml", "*", "inputs.base_folder", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openmined_pysyft.model.yml b/ql/lib/ext/generated/reusable-workflows/openmined_pysyft.model.yml new file mode 100644 index 00000000000..448d48f661d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openmined_pysyft.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openmined/pysyft/.github/workflows/cd-post-release-tests.yml", "*", "inputs.release_platform", "code-injection", "generated"] + - ["openmined/pysyft/.github/workflows/cd-post-release-tests.yml", "*", "inputs.syft_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/opentofu_opentofu.model.yml b/ql/lib/ext/generated/reusable-workflows/opentofu_opentofu.model.yml new file mode 100644 index 00000000000..50eb3b1af36 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/opentofu_opentofu.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["opentofu/opentofu/.github/workflows/build-opentofu-oss.yml", "*", "inputs.package-name", "code-injection", "generated"] + - ["opentofu/opentofu/.github/workflows/build-opentofu-oss.yml", "*", "inputs.product-version", "code-injection", "generated"] + - ["opentofu/opentofu/.github/workflows/build-opentofu-oss.yml", "*", "inputs.goarch", "code-injection", "generated"] + - ["opentofu/opentofu/.github/workflows/build-opentofu-oss.yml", "*", "inputs.goos", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openttd_openttd.model.yml b/ql/lib/ext/generated/reusable-workflows/openttd_openttd.model.yml new file mode 100644 index 00000000000..780fa92d20c --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openttd_openttd.model.yml @@ -0,0 +1,17 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openttd/openttd/.github/workflows/release-windows.yml", "*", "inputs.survey_key", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/upload-steam.yml", "*", "inputs.trigger_type", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/upload-cdn.yml", "*", "inputs.version", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/release-macos.yml", "*", "inputs.survey_key", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/release-linux.yml", "*", "inputs.survey_key", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/release-docs.yml", "*", "inputs.version", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-windows.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-macos.yml", "*", "inputs.full_arch", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-macos.yml", "*", "inputs.extra-cmake-parameters", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-macos.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-linux.yml", "*", "inputs.extra-cmake-parameters", "code-injection", "generated"] + - ["openttd/openttd/.github/workflows/ci-linux.yml", "*", "inputs.libraries", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openvinotoolkit_openvino.model.yml b/ql/lib/ext/generated/reusable-workflows/openvinotoolkit_openvino.model.yml new file mode 100644 index 00000000000..275d46772a2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openvinotoolkit_openvino.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openvinotoolkit/openvino/.github/workflows/job_tensorflow_models_tests.yml", "*", "inputs.model_scope", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openxla_iree.model.yml b/ql/lib/ext/generated/reusable-workflows/openxla_iree.model.yml new file mode 100644 index 00000000000..271c80c575e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openxla_iree.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openxla/iree/.github/workflows/pkgci_regression_test_nvidiagpu_vulkan.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_regression_test_nvidiagpu_cuda.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_test_tensorflow_cpu.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_regression_test_cpu.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_regression_test_amdgpu_vulkan.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_regression_test_amdgpu_rocm.yml", "*", "inputs.artifact_run_id", "code-injection", "generated"] + - ["openxla/iree/.github/workflows/pkgci_build_packages.yml", "*", "inputs.package_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/openzfs_zfs.model.yml b/ql/lib/ext/generated/reusable-workflows/openzfs_zfs.model.yml new file mode 100644 index 00000000000..0f4ad0a7ca7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/openzfs_zfs.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["openzfs/zfs/.github/workflows/zfs-linux-tests.yml", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/operator-framework_java-operator-sdk.model.yml b/ql/lib/ext/generated/reusable-workflows/operator-framework_java-operator-sdk.model.yml new file mode 100644 index 00000000000..c38ae925860 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/operator-framework_java-operator-sdk.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["operator-framework/java-operator-sdk/.github/workflows/integration-tests.yml", "*", "inputs.http-client", "code-injection", "generated"] + - ["operator-framework/java-operator-sdk/.github/workflows/integration-tests.yml", "*", "inputs.kube-version", "code-injection", "generated"] + - ["operator-framework/java-operator-sdk/.github/workflows/integration-tests.yml", "*", "inputs.java-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/orange-opensource_hurl.model.yml b/ql/lib/ext/generated/reusable-workflows/orange-opensource_hurl.model.yml new file mode 100644 index 00000000000..fd4697ac1c4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/orange-opensource_hurl.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["orange-opensource/hurl/.github/workflows/update-branch-version.yml", "*", "inputs.new_version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/paolosalvatori_servicebusexplorer.model.yml b/ql/lib/ext/generated/reusable-workflows/paolosalvatori_servicebusexplorer.model.yml new file mode 100644 index 00000000000..90c4c20b585 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/paolosalvatori_servicebusexplorer.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["paolosalvatori/servicebusexplorer/.github/workflows/publish.yml", "*", "inputs.release-version", "code-injection", "generated"] + - ["paolosalvatori/servicebusexplorer/.github/workflows/build-test.yml", "*", "inputs.release-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/parcel-bundler_parcel.model.yml b/ql/lib/ext/generated/reusable-workflows/parcel-bundler_parcel.model.yml new file mode 100644 index 00000000000..51d99171a54 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/parcel-bundler_parcel.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["parcel-bundler/parcel/.github/workflows/release.yml", "*", "inputs.release-command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pardeike_harmony.model.yml b/ql/lib/ext/generated/reusable-workflows/pardeike_harmony.model.yml new file mode 100644 index 00000000000..8e74c9b811d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pardeike_harmony.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pardeike/harmony/.github/workflows/test-build.yml", "*", "inputs.build_configuration", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pcsx2_pcsx2.model.yml b/ql/lib/ext/generated/reusable-workflows/pcsx2_pcsx2.model.yml new file mode 100644 index 00000000000..cd7de6d5786 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pcsx2_pcsx2.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pcsx2/pcsx2/.github/workflows/windows_build_qt.yml", "*", "inputs.configuration", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/windows_build_qt.yml", "*", "inputs.platform", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/windows_build_qt.yml", "*", "inputs.cmakeFlags", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/windows_build_qt.yml", "*", "inputs.patchesUrl", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/macos_build.yml", "*", "inputs.patchesUrl", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/linux_build_qt.yml", "*", "inputs.patchesUrl", "code-injection", "generated"] + - ["pcsx2/pcsx2/.github/workflows/linux_build_flatpak.yml", "*", "inputs.patchesUrl", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pennylaneai_pennylane.model.yml b/ql/lib/ext/generated/reusable-workflows/pennylaneai_pennylane.model.yml new file mode 100644 index 00000000000..ecea4012c75 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pennylaneai_pennylane.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pennylaneai/pennylane/.github/workflows/unit-test.yml", "*", "inputs.pytest_test_directory", "code-injection", "generated"] + - ["pennylaneai/pennylane/.github/workflows/unit-test.yml", "*", "inputs.job_name", "code-injection", "generated"] + - ["pennylaneai/pennylane/.github/workflows/interface-unit-tests.yml", "*", "inputs.run_lightened_ci", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pinecone-io_pinecone-python-client.model.yml b/ql/lib/ext/generated/reusable-workflows/pinecone-io_pinecone-python-client.model.yml new file mode 100644 index 00000000000..f8ee5402a92 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pinecone-io_pinecone-python-client.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pinecone-io/pinecone-python-client/.github/workflows/publish-to-pypi.yaml", "*", "inputs.prereleaseSuffix", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pixie-io_pixie.model.yml b/ql/lib/ext/generated/reusable-workflows/pixie-io_pixie.model.yml new file mode 100644 index 00000000000..aa76014db32 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pixie-io_pixie.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pixie-io/pixie/.github/workflows/perf_common.yaml", "*", "inputs.tags", "code-injection", "generated"] + - ["pixie-io/pixie/.github/workflows/perf_common.yaml", "*", "inputs.suites", "code-injection", "generated"] + - ["pixie-io/pixie/.github/workflows/get_image.yaml", "*", "inputs.image-base-name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/plantuml_plantuml.model.yml b/ql/lib/ext/generated/reusable-workflows/plantuml_plantuml.model.yml new file mode 100644 index 00000000000..e52ce3c8318 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/plantuml_plantuml.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["plantuml/plantuml/.github/workflows/native-image.yml", "*", "inputs.release-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/powerdns_pdns.model.yml b/ql/lib/ext/generated/reusable-workflows/powerdns_pdns.model.yml new file mode 100644 index 00000000000..31f24a27268 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/powerdns_pdns.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["powerdns/pdns/.github/workflows/build-packages.yml", "*", "inputs.os", "code-injection", "generated"] + - ["powerdns/pdns/.github/workflows/build-packages.yml", "*", "inputs.product", "code-injection", "generated"] + - ["powerdns/pdns/.github/workflows/build-packages.yml", "*", "inputs.is_release", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/preactjs_preact.model.yml b/ql/lib/ext/generated/reusable-workflows/preactjs_preact.model.yml new file mode 100644 index 00000000000..4ace66c79c3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/preactjs_preact.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["preactjs/preact/.github/workflows/run-bench.yml", "*", "inputs.benchmark", "code-injection", "generated"] + - ["preactjs/preact/.github/workflows/run-bench.yml", "*", "inputs.trace", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/prismlauncher_prismlauncher.model.yml b/ql/lib/ext/generated/reusable-workflows/prismlauncher_prismlauncher.model.yml new file mode 100644 index 00000000000..44518d6a348 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/prismlauncher_prismlauncher.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["prismlauncher/prismlauncher/.github/workflows/build.yml", "*", "inputs.build_type", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/product-os_flowzone.model.yml b/ql/lib/ext/generated/reusable-workflows/product-os_flowzone.model.yml new file mode 100644 index 00000000000..c0edbfae484 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/product-os_flowzone.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["product-os/flowzone/.github/workflows/flowzone.yml", "*", "inputs.ok_to_test_label", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/project-oak_oak.model.yml b/ql/lib/ext/generated/reusable-workflows/project-oak_oak.model.yml new file mode 100644 index 00000000000..a28ffce30f7 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/project-oak_oak.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["project-oak/oak/.github/workflows/reusable_provenance.yaml", "*", "inputs.ent-public-key", "code-injection", "generated"] + - ["project-oak/oak/.github/workflows/reusable_provenance.yaml", "*", "inputs.build-config-path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/prql_prql.model.yml b/ql/lib/ext/generated/reusable-workflows/prql_prql.model.yml new file mode 100644 index 00000000000..afe2daa172e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/prql_prql.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["prql/prql/.github/workflows/test-rust.yaml", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pulumi_pulumi.model.yml b/ql/lib/ext/generated/reusable-workflows/pulumi_pulumi.model.yml new file mode 100644 index 00000000000..a07044c0ccc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pulumi_pulumi.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pulumi/pulumi/.github/workflows/ci-run-test.yml", "*", "inputs.test-command", "code-injection", "generated"] + - ["pulumi/pulumi/.github/workflows/ci-run-test.yml", "*", "inputs.test-name", "code-injection", "generated"] + - ["pulumi/pulumi/.github/workflows/ci-dev-release.yml", "*", "inputs.version", "code-injection", "generated"] + - ["pulumi/pulumi/.github/workflows/ci-build-binaries.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["pulumi/pulumi/.github/workflows/ci-build-binaries.yml", "*", "inputs.os", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/puppetlabs_puppetlabs-puppetdb.model.yml b/ql/lib/ext/generated/reusable-workflows/puppetlabs_puppetlabs-puppetdb.model.yml new file mode 100644 index 00000000000..250307e3acd --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/puppetlabs_puppetlabs-puppetdb.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["puppetlabs/puppetlabs-puppetdb/.github/workflows/module_spec.yml", "*", "inputs.ignore_dependency_check", "code-injection", "generated"] + - ["puppetlabs/puppetlabs-puppetdb/.github/workflows/module_acceptance.yml", "*", "inputs.debug", "code-injection", "generated"] + - ["puppetlabs/puppetlabs-puppetdb/.github/workflows/matrix.yml", "*", "inputs.flags", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pyo3_maturin.model.yml b/ql/lib/ext/generated/reusable-workflows/pyo3_maturin.model.yml new file mode 100644 index 00000000000..e968f209706 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pyo3_maturin.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pyo3/maturin/.github/workflows/downstream.yml", "*", "inputs.manifest-dir", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pyo3_pyo3.model.yml b/ql/lib/ext/generated/reusable-workflows/pyo3_pyo3.model.yml new file mode 100644 index 00000000000..438f637a9a0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pyo3_pyo3.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pyo3/pyo3/.github/workflows/build.yml", "*", "inputs.extra-features", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/python_cpython.model.yml b/ql/lib/ext/generated/reusable-workflows/python_cpython.model.yml new file mode 100644 index 00000000000..7e7b82b25f5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/python_cpython.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["python/cpython/.github/workflows/reusable-ubuntu.yml", "*", "inputs.options", "code-injection", "generated"] + - ["python/cpython/.github/workflows/reusable-tsan.yml", "*", "inputs.options", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pytorch_botorch.model.yml b/ql/lib/ext/generated/reusable-workflows/pytorch_botorch.model.yml new file mode 100644 index 00000000000..e3c3b19e441 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pytorch_botorch.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pytorch/botorch/.github/workflows/reusable_website.yml", "*", "inputs.release_tag", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/pytorch_xla.model.yml b/ql/lib/ext/generated/reusable-workflows/pytorch_xla.model.yml new file mode 100644 index 00000000000..704adb3f121 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/pytorch_xla.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["pytorch/xla/.github/workflows/_test.yml", "*", "inputs.test-script", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/quarto-dev_quarto-cli.model.yml b/ql/lib/ext/generated/reusable-workflows/quarto-dev_quarto-cli.model.yml new file mode 100644 index 00000000000..5300a7d145e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/quarto-dev_quarto-cli.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["quarto-dev/quarto-cli/.github/workflows/test-smokes.yml", "*", "inputs.buckets", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/rancher_dashboard.model.yml b/ql/lib/ext/generated/reusable-workflows/rancher_dashboard.model.yml new file mode 100644 index 00000000000..f82254bd22b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/rancher_dashboard.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rancher/dashboard/.github/workflows/build-extension-charts.yml", "*", "inputs.tagged_release", "code-injection", "generated"] + - ["rancher/dashboard/.github/workflows/build-extension-charts.yml", "*", "inputs.target_branch", "code-injection", "generated"] + - ["rancher/dashboard/.github/workflows/build-extension-catalog.yml", "*", "inputs.tagged_release", "code-injection", "generated"] + - ["rancher/dashboard/.github/workflows/build-extension-catalog.yml", "*", "inputs.registry_target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/rasterio_rasterio.model.yml b/ql/lib/ext/generated/reusable-workflows/rasterio_rasterio.model.yml new file mode 100644 index 00000000000..80a26a9e65f --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/rasterio_rasterio.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rasterio/rasterio/.github/workflows/test_gdal_build.yaml", "*", "inputs.gdal_ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/redisearch_redisearch.model.yml b/ql/lib/ext/generated/reusable-workflows/redisearch_redisearch.model.yml new file mode 100644 index 00000000000..eb5e7835565 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/redisearch_redisearch.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["redisearch/redisearch/.github/workflows/flow-build-artifacts.yml", "*", "inputs.architecture", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/remix-run_remix.model.yml b/ql/lib/ext/generated/reusable-workflows/remix-run_remix.model.yml new file mode 100644 index 00000000000..cd2629f49bc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/remix-run_remix.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["remix-run/remix/.github/workflows/stacks.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/rmcrackan_libation.model.yml b/ql/lib/ext/generated/reusable-workflows/rmcrackan_libation.model.yml new file mode 100644 index 00000000000..77ad5d6a6d3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/rmcrackan_libation.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rmcrackan/libation/.github/workflows/build-windows.yml", "*", "inputs.version_override", "code-injection", "generated"] + - ["rmcrackan/libation/.github/workflows/build-linux.yml", "*", "inputs.architecture", "code-injection", "generated"] + - ["rmcrackan/libation/.github/workflows/build-linux.yml", "*", "inputs.OS", "code-injection", "generated"] + - ["rmcrackan/libation/.github/workflows/build-linux.yml", "*", "inputs.version_override", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/rocketchat_rocket.chat.model.yml b/ql/lib/ext/generated/reusable-workflows/rocketchat_rocket.chat.model.yml new file mode 100644 index 00000000000..a881a1a5fd3 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/rocketchat_rocket.chat.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rocketchat/rocket.chat/.github/workflows/ci-test-e2e.yml", "*", "inputs.total-shard", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/ruby_ruby.wasm.model.yml b/ql/lib/ext/generated/reusable-workflows/ruby_ruby.wasm.model.yml new file mode 100644 index 00000000000..693d3abc03e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/ruby_ruby.wasm.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ruby/ruby.wasm/.github/workflows/build.yml", "*", "inputs.prerel_name", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/rustdesk_rustdesk.model.yml b/ql/lib/ext/generated/reusable-workflows/rustdesk_rustdesk.model.yml new file mode 100644 index 00000000000..119cbe465e6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/rustdesk_rustdesk.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["rustdesk/rustdesk/.github/workflows/third-party-RustDeskTempTopMostWindow.yml", "*", "inputs.target_version", "code-injection", "generated"] + - ["rustdesk/rustdesk/.github/workflows/third-party-RustDeskTempTopMostWindow.yml", "*", "inputs.configuration", "code-injection", "generated"] + - ["rustdesk/rustdesk/.github/workflows/third-party-RustDeskTempTopMostWindow.yml", "*", "inputs.platform", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/saadeghi_daisyui.model.yml b/ql/lib/ext/generated/reusable-workflows/saadeghi_daisyui.model.yml new file mode 100644 index 00000000000..2d35b933923 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/saadeghi_daisyui.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["saadeghi/daisyui/.github/workflows/write-release-notes.yml", "*", "inputs.daisyuiversion", "code-injection", "generated"] + - ["saadeghi/daisyui/.github/workflows/deploy-docs.yml", "*", "inputs.daisyuiversion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/sagemath_sage.model.yml b/ql/lib/ext/generated/reusable-workflows/sagemath_sage.model.yml new file mode 100644 index 00000000000..7ca34fc3e44 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/sagemath_sage.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sagemath/sage/.github/workflows/macos.yml", "*", "inputs.stage", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/macos.yml", "*", "inputs.targets_optional", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/macos.yml", "*", "inputs.targets", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/macos.yml", "*", "inputs.targets_pre", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/docker_hub.yml", "*", "inputs.dockerhub_repository", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/docker.yml", "*", "inputs.timeout", "code-injection", "generated"] + - ["sagemath/sage/.github/workflows/docker.yml", "*", "inputs.docker_push_repository", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/schemastore_schemastore.model.yml b/ql/lib/ext/generated/reusable-workflows/schemastore_schemastore.model.yml new file mode 100644 index 00000000000..d3cc8e73b70 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/schemastore_schemastore.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["schemastore/schemastore/src/test/github-workflow/reusable-workflow.yaml", "*", "inputs.constraints", "code-injection", "generated"] + - ["schemastore/schemastore/src/negative_test/github-workflow/reusable-workflow-input-must-declare-type.yaml", "*", "inputs.constraints", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/scikit-learn_scikit-learn.model.yml b/ql/lib/ext/generated/reusable-workflows/scikit-learn_scikit-learn.model.yml new file mode 100644 index 00000000000..a9f8401aab2 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/scikit-learn_scikit-learn.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["scikit-learn/scikit-learn/.github/workflows/update_tracking_issue.yml", "*", "inputs.job_status", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/seleniumhq_selenium.model.yml b/ql/lib/ext/generated/reusable-workflows/seleniumhq_selenium.model.yml new file mode 100644 index 00000000000..acf43426e56 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/seleniumhq_selenium.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["seleniumhq/selenium/.github/workflows/bazel.yml", "*", "inputs.run", "code-injection", "generated"] + - ["seleniumhq/selenium/.github/workflows/bazel.yml", "*", "inputs.ruby-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-packager.model.yml b/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-packager.model.yml new file mode 100644 index 00000000000..3c9178a9125 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-packager.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shaka-project/shaka-packager/.github/workflows/publish-npm.yaml", "*", "inputs.latest", "code-injection", "generated"] + - ["shaka-project/shaka-packager/.github/workflows/publish-npm.yaml", "*", "inputs.tag", "code-injection", "generated"] + - ["shaka-project/shaka-packager/.github/workflows/build.yaml", "*", "inputs.self_hosted", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-player.model.yml b/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-player.model.yml new file mode 100644 index 00000000000..24603c25a77 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/shaka-project_shaka-player.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shaka-project/shaka-player/.github/workflows/selenium-lab-tests.yaml", "*", "inputs.ignore_test_status", "code-injection", "generated"] + - ["shaka-project/shaka-player/.github/workflows/selenium-lab-tests.yaml", "*", "inputs.test_filter", "code-injection", "generated"] + - ["shaka-project/shaka-player/.github/workflows/selenium-lab-tests.yaml", "*", "inputs.browser_filter", "code-injection", "generated"] + - ["shaka-project/shaka-player/.github/workflows/selenium-lab-tests.yaml", "*", "inputs.pr", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/shimataro_ssh-key-action.model.yml b/ql/lib/ext/generated/reusable-workflows/shimataro_ssh-key-action.model.yml new file mode 100644 index 00000000000..29f01c24bed --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/shimataro_ssh-key-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["shimataro/ssh-key-action/.github/workflows/reusable-verify.yml", "*", "inputs.package_installation_command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/softfever_orcaslicer.model.yml b/ql/lib/ext/generated/reusable-workflows/softfever_orcaslicer.model.yml new file mode 100644 index 00000000000..acad489dbe5 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/softfever_orcaslicer.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["softfever/orcaslicer/.github/workflows/build_orca.yml", "*", "inputs.arch", "code-injection", "generated"] + - ["softfever/orcaslicer/.github/workflows/build_deps.yml", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/software-mansion_react-native-reanimated.model.yml b/ql/lib/ext/generated/reusable-workflows/software-mansion_react-native-reanimated.model.yml new file mode 100644 index 00000000000..e15b6d33042 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/software-mansion_react-native-reanimated.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["software-mansion/react-native-reanimated/.github/workflows/build-npm-package-action.yml", "*", "inputs.option", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/solana-labs_solana.model.yml b/ql/lib/ext/generated/reusable-workflows/solana-labs_solana.model.yml new file mode 100644 index 00000000000..12c9f97b7a4 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/solana-labs_solana.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["solana-labs/solana/.github/workflows/release-artifacts.yml", "*", "inputs.commit", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/sonarr_sonarr.model.yml b/ql/lib/ext/generated/reusable-workflows/sonarr_sonarr.model.yml new file mode 100644 index 00000000000..685944420aa --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/sonarr_sonarr.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sonarr/sonarr/.github/workflows/deploy.yml", "*", "inputs.version", "code-injection", "generated"] + - ["sonarr/sonarr/.github/workflows/deploy.yml", "*", "inputs.branch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/speedb-io_speedb.model.yml b/ql/lib/ext/generated/reusable-workflows/speedb-io_speedb.model.yml new file mode 100644 index 00000000000..884c3d154ad --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/speedb-io_speedb.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["speedb-io/speedb/.github/workflows/build_ubuntu_arm.yml", "*", "inputs.verSion", "code-injection", "generated"] + - ["speedb-io/speedb/.github/workflows/build_macos_ARM.yml", "*", "inputs.verSion", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/spring-cloud_spring-cloud-dataflow.model.yml b/ql/lib/ext/generated/reusable-workflows/spring-cloud_spring-cloud-dataflow.model.yml new file mode 100644 index 00000000000..799958a7fee --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/spring-cloud_spring-cloud-dataflow.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["spring-cloud/spring-cloud-dataflow/.github/workflows/build-images.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/sqlfluff_sqlfluff.model.yml b/ql/lib/ext/generated/reusable-workflows/sqlfluff_sqlfluff.model.yml new file mode 100644 index 00000000000..32d3e59e1f8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/sqlfluff_sqlfluff.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["sqlfluff/sqlfluff/.github/workflows/ci-test-python.yml", "*", "inputs.marks", "code-injection", "generated"] + - ["sqlfluff/sqlfluff/.github/workflows/ci-test-python.yml", "*", "inputs.python-version", "code-injection", "generated"] + - ["sqlfluff/sqlfluff/.github/workflows/ci-test-dbt.yml", "*", "inputs.dbt-version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/stdlib-js_stdlib.model.yml b/ql/lib/ext/generated/reusable-workflows/stdlib-js_stdlib.model.yml new file mode 100644 index 00000000000..f2893eb2407 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/stdlib-js_stdlib.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["stdlib-js/stdlib/.github/workflows/update_pr_copyright_years.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] + - ["stdlib-js/stdlib/.github/workflows/lint_autofix.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] + - ["stdlib-js/stdlib/.github/workflows/check_required_files.yml", "*", "inputs.user", "code-injection", "generated"] + - ["stdlib-js/stdlib/.github/workflows/check_required_files.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/stereokit_stereokit.model.yml b/ql/lib/ext/generated/reusable-workflows/stereokit_stereokit.model.yml new file mode 100644 index 00000000000..ea3b2029f82 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/stereokit_stereokit.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["stereokit/stereokit/.github/workflows/build.yml", "*", "inputs.patch", "code-injection", "generated"] + - ["stereokit/stereokit/.github/workflows/build.yml", "*", "inputs.minor", "code-injection", "generated"] + - ["stereokit/stereokit/.github/workflows/build.yml", "*", "inputs.major", "code-injection", "generated"] + - ["stereokit/stereokit/.github/workflows/build.yml", "*", "inputs.preName", "code-injection", "generated"] + - ["stereokit/stereokit/.github/workflows/build.yml", "*", "inputs.pre", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/streetsidesoftware_cspell.model.yml b/ql/lib/ext/generated/reusable-workflows/streetsidesoftware_cspell.model.yml new file mode 100644 index 00000000000..74bdcb807c8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/streetsidesoftware_cspell.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["streetsidesoftware/cspell/.github/workflows/reuseable-pr-from-artifact.yml", "*", "inputs.patch_path", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/supabase_auth.model.yml b/ql/lib/ext/generated/reusable-workflows/supabase_auth.model.yml new file mode 100644 index 00000000000..4c0442abd2b --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/supabase_auth.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["supabase/auth/.github/workflows/publish.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/supabase_cli.model.yml b/ql/lib/ext/generated/reusable-workflows/supabase_cli.model.yml new file mode 100644 index 00000000000..39c81d39066 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/supabase_cli.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["supabase/cli/.github/workflows/mirror-image.yml", "*", "inputs.image", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tencent_hippy.model.yml b/ql/lib/ext/generated/reusable-workflows/tencent_hippy.model.yml new file mode 100644 index 00000000000..82f5ba4be74 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tencent_hippy.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tencent/hippy/.github/workflows/reuse_get_workflow_output.yml", "*", "inputs.workflow_run", "code-injection", "generated"] + - ["tencent/hippy/.github/workflows/reuse_classify_commits.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] + - ["tencent/hippy/.github/workflows/reuse_approve_checks_run.yml", "*", "inputs.pull_request_head_sha", "code-injection", "generated"] + - ["tencent/hippy/.github/workflows/reuse_approve_checks_run.yml", "*", "inputs.pull_request_number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tgstation_tgstation.model.yml b/ql/lib/ext/generated/reusable-workflows/tgstation_tgstation.model.yml new file mode 100644 index 00000000000..ffb08a8fa2e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tgstation_tgstation.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tgstation/tgstation/.github/workflows/run_integration_tests.yml", "*", "inputs.map", "code-injection", "generated"] + - ["tgstation/tgstation/.github/workflows/run_integration_tests.yml", "*", "inputs.minor", "code-injection", "generated"] + - ["tgstation/tgstation/.github/workflows/run_integration_tests.yml", "*", "inputs.major", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/thesofproject_sof.model.yml b/ql/lib/ext/generated/reusable-workflows/thesofproject_sof.model.yml new file mode 100644 index 00000000000..4012908e7e9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/thesofproject_sof.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["thesofproject/sof/.github/workflows/ipc_fuzzer.yml", "*", "inputs.fuzzing_duration_s", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tiann_kernelsu.model.yml b/ql/lib/ext/generated/reusable-workflows/tiann_kernelsu.model.yml new file mode 100644 index 00000000000..a1af8280ebc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tiann_kernelsu.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tiann/kernelsu/.github/workflows/ksud.yml", "*", "inputs.target", "code-injection", "generated"] + - ["tiann/kernelsu/.github/workflows/avd-kernel.yml", "*", "inputs.manifest_name", "code-injection", "generated"] + - ["tiann/kernelsu/.github/workflows/wsa-kernel.yml", "*", "inputs.arch", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tiledb-inc_tiledb.model.yml b/ql/lib/ext/generated/reusable-workflows/tiledb-inc_tiledb.model.yml new file mode 100644 index 00000000000..84de5681fea --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tiledb-inc_tiledb.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tiledb-inc/tiledb/.github/workflows/ci-linux_mac.yml", "*", "inputs.asan", "code-injection", "generated"] + - ["tiledb-inc/tiledb/.github/workflows/append-release-cmake.yml", "*", "inputs.ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/toeverything_affine.model.yml b/ql/lib/ext/generated/reusable-workflows/toeverything_affine.model.yml new file mode 100644 index 00000000000..c9e8b5c23c0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/toeverything_affine.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["toeverything/affine/.github/workflows/build-server-image.yml", "*", "inputs.flavor", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tracel-ai_burn.model.yml b/ql/lib/ext/generated/reusable-workflows/tracel-ai_burn.model.yml new file mode 100644 index 00000000000..80dde7f2fc0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tracel-ai_burn.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tracel-ai/burn/.github/workflows/publish-template.yml", "*", "inputs.crate", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/tribler_tribler.model.yml b/ql/lib/ext/generated/reusable-workflows/tribler_tribler.model.yml new file mode 100644 index 00000000000..1ffaa4e1cd0 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/tribler_tribler.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["tribler/tribler/.github/workflows/pytest_custom_ipv8.yml", "*", "inputs.ipv8-git-ref", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/ubisoft_sharpmake.model.yml b/ql/lib/ext/generated/reusable-workflows/ubisoft_sharpmake.model.yml new file mode 100644 index 00000000000..48b35d83c70 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/ubisoft_sharpmake.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["ubisoft/sharpmake/.github/workflows/build.yml", "*", "inputs.framework", "code-injection", "generated"] + - ["ubisoft/sharpmake/.github/workflows/build.yml", "*", "inputs.configuration", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/unity-technologies_ml-agents.model.yml b/ql/lib/ext/generated/reusable-workflows/unity-technologies_ml-agents.model.yml new file mode 100644 index 00000000000..e1a0c8a9fcf --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/unity-technologies_ml-agents.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["unity-technologies/ml-agents/.github/workflows/pytest.yml", "*", "inputs.pytest_markers", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/urbit_urbit.model.yml b/ql/lib/ext/generated/reusable-workflows/urbit_urbit.model.yml new file mode 100644 index 00000000000..71cd3fed3ed --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/urbit_urbit.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["urbit/urbit/.github/workflows/shared.yml", "*", "inputs.pace", "code-injection", "generated"] + - ["urbit/urbit/.github/workflows/shared.yml", "*", "inputs.next", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/uyuni-project_uyuni.model.yml b/ql/lib/ext/generated/reusable-workflows/uyuni-project_uyuni.model.yml new file mode 100644 index 00000000000..47f53f495f8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/uyuni-project_uyuni.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["uyuni-project/uyuni/.github/workflows/acceptance_tests_common.yml", "*", "inputs.server_id", "code-injection", "generated"] + - ["uyuni-project/uyuni/.github/workflows/acceptance_tests_common.yml", "*", "inputs.secondary_tests", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/vert-x3_vertx-hazelcast.model.yml b/ql/lib/ext/generated/reusable-workflows/vert-x3_vertx-hazelcast.model.yml new file mode 100644 index 00000000000..1b592aa91cc --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/vert-x3_vertx-hazelcast.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vert-x3/vertx-hazelcast/.github/workflows/it.yml", "*", "inputs.hz", "code-injection", "generated"] + - ["vert-x3/vertx-hazelcast/.github/workflows/ci.yml", "*", "inputs.hz", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/vkcom_vkui.model.yml b/ql/lib/ext/generated/reusable-workflows/vkcom_vkui.model.yml new file mode 100644 index 00000000000..db4e957a87a --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/vkcom_vkui.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["vkcom/vkui/.github/workflows/reusable_workflow_test.yml", "*", "inputs.workspace", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/walletconnect_web3modal.model.yml b/ql/lib/ext/generated/reusable-workflows/walletconnect_web3modal.model.yml new file mode 100644 index 00000000000..c3642c84f63 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/walletconnect_web3modal.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["walletconnect/web3modal/.github/workflows/ui_tests.yml", "*", "inputs.command", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/warzone2100_warzone2100.model.yml b/ql/lib/ext/generated/reusable-workflows/warzone2100_warzone2100.model.yml new file mode 100644 index 00000000000..3e6691f0e8f --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/warzone2100_warzone2100.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["warzone2100/warzone2100/.github/workflows/publish_web_build.yml", "*", "inputs.architecture", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/wasmedge_wasmedge.model.yml b/ql/lib/ext/generated/reusable-workflows/wasmedge_wasmedge.model.yml new file mode 100644 index 00000000000..733c2e20a71 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/wasmedge_wasmedge.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["wasmedge/wasmedge/.github/workflows/reusable-create-source-tarball.yml", "*", "inputs.version", "code-injection", "generated"] + - ["wasmedge/wasmedge/.github/workflows/reusable-build-on-windows.yml", "*", "inputs.version", "code-injection", "generated"] + - ["wasmedge/wasmedge/.github/workflows/reusable-build-on-windows-msvc.yml", "*", "inputs.version", "code-injection", "generated"] + - ["wasmedge/wasmedge/.github/workflows/reusable-build-on-ubuntu.yml", "*", "inputs.version", "code-injection", "generated"] + - ["wasmedge/wasmedge/.github/workflows/reusable-build-on-manylinux.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/web-infra-dev_rspack.model.yml b/ql/lib/ext/generated/reusable-workflows/web-infra-dev_rspack.model.yml new file mode 100644 index 00000000000..cb80f74e4e8 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/web-infra-dev_rspack.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["web-infra-dev/rspack/.github/workflows/reusable-build.yml", "*", "inputs.profile", "code-injection", "generated"] + - ["web-infra-dev/rspack/.github/workflows/reusable-build.yml", "*", "inputs.target", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/werf_werf.model.yml b/ql/lib/ext/generated/reusable-workflows/werf_werf.model.yml new file mode 100644 index 00000000000..0f78ea086a6 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/werf_werf.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["werf/werf/.github/workflows/_test_unit.yml", "*", "inputs.excludePackages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_unit.yml", "*", "inputs.packages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_unit.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_regular.yml", "*", "inputs.excludePackages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_regular.yml", "*", "inputs.packages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_regular.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_per-k8s-version.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_per-k8s-version-and-container-registry.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_integration_per-container-registry.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_regular.yml", "*", "inputs.excludePackages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_regular.yml", "*", "inputs.scope", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_regular.yml", "*", "inputs.packages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_regular.yml", "*", "inputs.coverage", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_per-k8s-version.yml", "*", "inputs.excludePackages", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_per-k8s-version.yml", "*", "inputs.scope", "code-injection", "generated"] + - ["werf/werf/.github/workflows/_test_e2e_per-k8s-version.yml", "*", "inputs.packages", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/widdix_aws-cf-templates.model.yml b/ql/lib/ext/generated/reusable-workflows/widdix_aws-cf-templates.model.yml new file mode 100644 index 00000000000..e2bf8f96fa9 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/widdix_aws-cf-templates.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["widdix/aws-cf-templates/.github/workflows/acceptance-test-run.yml", "*", "inputs.tests", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/wildfly_wildfly.model.yml b/ql/lib/ext/generated/reusable-workflows/wildfly_wildfly.model.yml new file mode 100644 index 00000000000..4a8500a147e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/wildfly_wildfly.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["wildfly/wildfly/.github/workflows/shared-wildfly-build-and-test.yml", "*", "inputs.build-arguments", "code-injection", "generated"] + - ["wildfly/wildfly/.github/workflows/shared-wildfly-build-and-test.yml", "*", "inputs.test-arguments", "code-injection", "generated"] + - ["wildfly/wildfly/.github/workflows/shared-wildfly-build-and-test.yml", "*", "inputs.maven-repo-path", "code-injection", "generated"] + - ["wildfly/wildfly/.github/workflows/shared-wildfly-build.yml", "*", "inputs.git-log-number", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/yt-dlp_yt-dlp.model.yml b/ql/lib/ext/generated/reusable-workflows/yt-dlp_yt-dlp.model.yml new file mode 100644 index 00000000000..3e362cebc58 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/yt-dlp_yt-dlp.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["yt-dlp/yt-dlp/.github/workflows/release.yml", "*", "inputs.target", "code-injection", "generated"] + - ["yt-dlp/yt-dlp/.github/workflows/release.yml", "*", "inputs.source", "code-injection", "generated"] + - ["yt-dlp/yt-dlp/.github/workflows/release.yml", "*", "inputs.prerelease", "code-injection", "generated"] + - ["yt-dlp/yt-dlp/.github/workflows/release.yml", "*", "inputs.version", "code-injection", "generated"] + - ["yt-dlp/yt-dlp/.github/workflows/build.yml", "*", "inputs.version", "code-injection", "generated"] + - ["yt-dlp/yt-dlp/.github/workflows/build.yml", "*", "inputs.channel", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/zenml-io_zenml.model.yml b/ql/lib/ext/generated/reusable-workflows/zenml-io_zenml.model.yml new file mode 100644 index 00000000000..9e5f6e3541e --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/zenml-io_zenml.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zenml-io/zenml/.github/workflows/publish_docker_image.yml", "*", "inputs.config_file", "code-injection", "generated"] + - ["zenml-io/zenml/.github/workflows/integration-test-slow.yml", "*", "inputs.test_environment", "code-injection", "generated"] + - ["zenml-io/zenml/.github/workflows/integration-test-fast.yml", "*", "inputs.test_environment", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/zephyrproject-rtos_zephyr.model.yml b/ql/lib/ext/generated/reusable-workflows/zephyrproject-rtos_zephyr.model.yml new file mode 100644 index 00000000000..89fbb5dbf70 --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/zephyrproject-rtos_zephyr.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zephyrproject-rtos/zephyr/.github/workflows/ready-to-merge.yml", "*", "inputs.needs_context", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/generated/reusable-workflows/zitadel_zitadel.model.yml b/ql/lib/ext/generated/reusable-workflows/zitadel_zitadel.model.yml new file mode 100644 index 00000000000..26f9f659a2d --- /dev/null +++ b/ql/lib/ext/generated/reusable-workflows/zitadel_zitadel.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: githubsecuritylab/actions-all + extensible: sinkModel + data: + - ["zitadel/zitadel/.github/workflows/release.yml", "*", "inputs.image_name", "code-injection", "generated"] + - ["zitadel/zitadel/.github/workflows/release.yml", "*", "inputs.build_image_name", "code-injection", "generated"] + - ["zitadel/zitadel/.github/workflows/container.yml", "*", "inputs.build_image_name", "code-injection", "generated"] + - ["zitadel/zitadel/.github/workflows/compile.yml", "*", "inputs.version", "code-injection", "generated"] \ No newline at end of file diff --git a/ql/lib/ext/getsentry_action-release.model.yml b/ql/lib/ext/getsentry_action-release.model.yml index e6688f3805d..c7e2cf41b3f 100644 --- a/ql/lib/ext/getsentry_action-release.model.yml +++ b/ql/lib/ext/getsentry_action-release.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["getsentry/action-release", "*", "input.version", "output.version", "taint"] - - ["getsentry/action-release", "*", "input.version_prefix", "output.version", "taint"] + - ["getsentry/action-release", "*", "input.version", "output.version", "taint", "manual"] + - ["getsentry/action-release", "*", "input.version_prefix", "output.version", "taint", "manual"] diff --git a/ql/lib/ext/github_codeql-action.model.yml b/ql/lib/ext/github_codeql-action.model.yml index b214178350c..781384a2fe1 100644 --- a/ql/lib/ext/github_codeql-action.model.yml +++ b/ql/lib/ext/github_codeql-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["github/codeql-action", "*", "input.output", "output.sarif-output", "taint"] + - ["github/codeql-action", "*", "input.output", "output.sarif-output", "taint", "manual"] diff --git a/ql/lib/ext/go-semantic-release_action.model.yml b/ql/lib/ext/go-semantic-release_action.model.yml index 146f4a17a55..9036f199f42 100644 --- a/ql/lib/ext/go-semantic-release_action.model.yml +++ b/ql/lib/ext/go-semantic-release_action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["go-semantic-release/action", "*", "input.bin", "command-injection"] + - ["go-semantic-release/action", "*", "input.bin", "command-injection", "manual"] diff --git a/ql/lib/ext/golangci_golangci-lint-action.model.yml b/ql/lib/ext/golangci_golangci-lint-action.model.yml index 8c0f7a5ad61..7eee95dbcce 100644 --- a/ql/lib/ext/golangci_golangci-lint-action.model.yml +++ b/ql/lib/ext/golangci_golangci-lint-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["golangci/golangci-lint-action", "*", "input.version", "command-injection"] + - ["golangci/golangci-lint-action", "*", "input.version", "command-injection", "manual"] diff --git a/ql/lib/ext/gonuit_heroku-docker-deploy.model.yml b/ql/lib/ext/gonuit_heroku-docker-deploy.model.yml index 9c7c03b9f35..4fe9e32ce52 100644 --- a/ql/lib/ext/gonuit_heroku-docker-deploy.model.yml +++ b/ql/lib/ext/gonuit_heroku-docker-deploy.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["gonuit/heroku-docker-deploy", "*", "input.email", "command-injection"] - - ["gonuit/heroku-docker-deploy", "*", "input.heroku_api_key", "command-injection"] + - ["gonuit/heroku-docker-deploy", "*", "input.email", "command-injection", "manual"] + - ["gonuit/heroku-docker-deploy", "*", "input.heroku_api_key", "command-injection", "manual"] diff --git a/ql/lib/ext/goreleaser_goreleaser-action.model.yml b/ql/lib/ext/goreleaser_goreleaser-action.model.yml index 9d9eac38af0..0352ece87b5 100644 --- a/ql/lib/ext/goreleaser_goreleaser-action.model.yml +++ b/ql/lib/ext/goreleaser_goreleaser-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["goreleaser/goreleaser-action", "*", "input.args", "command-injection"] + - ["goreleaser/goreleaser-action", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/gr2m_create-or-update-pull-request-action.model.yml b/ql/lib/ext/gr2m_create-or-update-pull-request-action.model.yml index 4c74301d1c3..712f2ce3395 100644 --- a/ql/lib/ext/gr2m_create-or-update-pull-request-action.model.yml +++ b/ql/lib/ext/gr2m_create-or-update-pull-request-action.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["gr2m/create-or-update-pull-request-action", "*", "input.branch", "command-injection"] - - ["gr2m/create-or-update-pull-request-action", "*", "input.path", "command-injection"] - - ["gr2m/create-or-update-pull-request-action", "*", "input.commit-message", "command-injection"] - - ["gr2m/create-or-update-pull-request-action", "*", "input.author", "command-injection"] \ No newline at end of file + - ["gr2m/create-or-update-pull-request-action", "*", "input.branch", "command-injection", "manual"] + - ["gr2m/create-or-update-pull-request-action", "*", "input.path", "command-injection", "manual"] + - ["gr2m/create-or-update-pull-request-action", "*", "input.commit-message", "command-injection", "manual"] + - ["gr2m/create-or-update-pull-request-action", "*", "input.author", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/gradle_gradle-build-action.model.yml b/ql/lib/ext/gradle_gradle-build-action.model.yml index 0534d299627..45c00c1c30e 100644 --- a/ql/lib/ext/gradle_gradle-build-action.model.yml +++ b/ql/lib/ext/gradle_gradle-build-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["gradle/gradle-build-action", "*", "input.cache-encryption-key", "env.GRADLE_ENCRYPTION_KEY", "taint"] - - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-agree", "env.BUILD_SCAN_TERMS_OF_SERVICE_AGREE", "taint"] - - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-url", "env.BUILD_SCAN_TERMS_OF_SERVICE_URL", "taint"] + - ["gradle/gradle-build-action", "*", "input.cache-encryption-key", "env.GRADLE_ENCRYPTION_KEY", "taint", "manual"] + - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-agree", "env.BUILD_SCAN_TERMS_OF_SERVICE_AGREE", "taint", "manual"] + - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-url", "env.BUILD_SCAN_TERMS_OF_SERVICE_URL", "taint", "manual"] diff --git a/ql/lib/ext/haya14busa_action-cond.model.yml b/ql/lib/ext/haya14busa_action-cond.model.yml index a8a528b85c5..8f05918155e 100644 --- a/ql/lib/ext/haya14busa_action-cond.model.yml +++ b/ql/lib/ext/haya14busa_action-cond.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["haya14busa/action-cond", "*", "input.if_true", "output.value", "taint"] - - ["haya14busa/action-cond", "*", "input.if_false", "output.value", "taint"] + - ["haya14busa/action-cond", "*", "input.if_true", "output.value", "taint", "manual"] + - ["haya14busa/action-cond", "*", "input.if_false", "output.value", "taint", "manual"] diff --git a/ql/lib/ext/hexlet_project-action.model.yml b/ql/lib/ext/hexlet_project-action.model.yml index 6a907fcc3a1..708c310c05f 100644 --- a/ql/lib/ext/hexlet_project-action.model.yml +++ b/ql/lib/ext/hexlet_project-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["hexlet/project-action", "*", "input.mount-path", "env.PWD", "taint"] + - ["hexlet/project-action", "*", "input.mount-path", "env.PWD", "taint", "manual"] diff --git a/ql/lib/ext/ilammy_msvc-dev-cmd.model.yml b/ql/lib/ext/ilammy_msvc-dev-cmd.model.yml index 6332cbfdad8..76177635899 100644 --- a/ql/lib/ext/ilammy_msvc-dev-cmd.model.yml +++ b/ql/lib/ext/ilammy_msvc-dev-cmd.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["ilammy/msvc-dev-cmd", "*", "input.vsversion", "command-injection"] - - ["ilammy/msvc-dev-cmd", "*", "input.arch", "command-injection"] - - ["ilammy/msvc-dev-cmd", "*", "input.sdk", "command-injection"] - - ["ilammy/msvc-dev-cmd", "*", "input.toolset", "command-injection"] \ No newline at end of file + - ["ilammy/msvc-dev-cmd", "*", "input.vsversion", "command-injection", "manual"] + - ["ilammy/msvc-dev-cmd", "*", "input.arch", "command-injection", "manual"] + - ["ilammy/msvc-dev-cmd", "*", "input.sdk", "command-injection", "manual"] + - ["ilammy/msvc-dev-cmd", "*", "input.toolset", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/ilammy_setup-nasm.model.yml b/ql/lib/ext/ilammy_setup-nasm.model.yml index f8b8490c213..7106115c17a 100644 --- a/ql/lib/ext/ilammy_setup-nasm.model.yml +++ b/ql/lib/ext/ilammy_setup-nasm.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["ilammy/setup-nasm", "*", "input.version", "command-injection"] - - ["ilammy/setup-nasm", "*", "input.destination", "command-injection"] + - ["ilammy/setup-nasm", "*", "input.version", "command-injection", "manual"] + - ["ilammy/setup-nasm", "*", "input.destination", "command-injection", "manual"] diff --git a/ql/lib/ext/imjohnbo_issue-bot.model.yml b/ql/lib/ext/imjohnbo_issue-bot.model.yml index 64024ef5c72..366e5dd1766 100644 --- a/ql/lib/ext/imjohnbo_issue-bot.model.yml +++ b/ql/lib/ext/imjohnbo_issue-bot.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["imjohnbo/issue-bot", "*", "input.body", "code-injection"] - - ["imjohnbo/issue-bot", "*", "input.linked-comments-previous-issue-text", "code-injection"] - - ["imjohnbo/issue-bot", "*", "input.linked-comments-new-issue-text", "code-injection"] \ No newline at end of file + - ["imjohnbo/issue-bot", "*", "input.body", "code-injection", "manual"] + - ["imjohnbo/issue-bot", "*", "input.linked-comments-previous-issue-text", "code-injection", "manual"] + - ["imjohnbo/issue-bot", "*", "input.linked-comments-new-issue-text", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/iterative_setup-cml.model.yml b/ql/lib/ext/iterative_setup-cml.model.yml index 1771ac2bad0..a469063fc50 100644 --- a/ql/lib/ext/iterative_setup-cml.model.yml +++ b/ql/lib/ext/iterative_setup-cml.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["iterative/setup-cml", "*", "input.version", "command-injection"] + - ["iterative/setup-cml", "*", "input.version", "command-injection", "manual"] diff --git a/ql/lib/ext/iterative_setup-dvc.model.yml b/ql/lib/ext/iterative_setup-dvc.model.yml index e8600c6f7df..d0d5b57574b 100644 --- a/ql/lib/ext/iterative_setup-dvc.model.yml +++ b/ql/lib/ext/iterative_setup-dvc.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["iterative/setup-dvc", "*", "input.version", "command-injection"] + - ["iterative/setup-dvc", "*", "input.version", "command-injection", "manual"] diff --git a/ql/lib/ext/jamesives_github-pages-deploy-action.model.yml b/ql/lib/ext/jamesives_github-pages-deploy-action.model.yml index 2ab70905db1..3151e335d22 100644 --- a/ql/lib/ext/jamesives_github-pages-deploy-action.model.yml +++ b/ql/lib/ext/jamesives_github-pages-deploy-action.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["jamesives/github-pages-deploy-action", "*", "input.branch", "command-injection"] - - ["jamesives/github-pages-deploy-action", "*", "input.commit-message", "command-injection"] - - ["jamesives/github-pages-deploy-action", "*", "input.git-config-email", "command-injection"] - - ["jamesives/github-pages-deploy-action", "*", "input.git-config-name", "command-injection"] - - ["jamesives/github-pages-deploy-action", "*", "input.target-folder", "command-injection"] - - ["jamesives/github-pages-deploy-action", "*", "input.tag", "command-injection"] + - ["jamesives/github-pages-deploy-action", "*", "input.branch", "command-injection", "manual"] + - ["jamesives/github-pages-deploy-action", "*", "input.commit-message", "command-injection", "manual"] + - ["jamesives/github-pages-deploy-action", "*", "input.git-config-email", "command-injection", "manual"] + - ["jamesives/github-pages-deploy-action", "*", "input.git-config-name", "command-injection", "manual"] + - ["jamesives/github-pages-deploy-action", "*", "input.target-folder", "command-injection", "manual"] + - ["jamesives/github-pages-deploy-action", "*", "input.tag", "command-injection", "manual"] diff --git a/ql/lib/ext/jitterbit_get-changed-files.model.yml b/ql/lib/ext/jitterbit_get-changed-files.model.yml index 2e5b0d42efd..38253b68934 100644 --- a/ql/lib/ext/jitterbit_get-changed-files.model.yml +++ b/ql/lib/ext/jitterbit_get-changed-files.model.yml @@ -3,10 +3,10 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["jitterbit/get-changed-files", "*", "output.all", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.added", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.modified", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.removed", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.renamed", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.added_modified", "PR changed files"] - - ["jitterbit/get-changed-files", "*", "output.deleted", "PR changed files"] + - ["jitterbit/get-changed-files", "*", "output.all", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.added", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.modified", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.removed", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.renamed", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.added_modified", "PR changed files", "manual"] + - ["jitterbit/get-changed-files", "*", "output.deleted", "PR changed files", "manual"] diff --git a/ql/lib/ext/johnnymorganz_stylua-action.model.yml b/ql/lib/ext/johnnymorganz_stylua-action.model.yml index 948be24b45c..0930fc246c3 100644 --- a/ql/lib/ext/johnnymorganz_stylua-action.model.yml +++ b/ql/lib/ext/johnnymorganz_stylua-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["johnnymorganz/stylua-action", "*", "input.args", "command-injection"] + - ["johnnymorganz/stylua-action", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/jsdaniell_create-json.model.yml b/ql/lib/ext/jsdaniell_create-json.model.yml index f1a04c9e244..5b344799ad9 100644 --- a/ql/lib/ext/jsdaniell_create-json.model.yml +++ b/ql/lib/ext/jsdaniell_create-json.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["jsdaniell/create-json", "*", "input.name", "output.successfully", "taint"] - - ["jsdaniell/create-json", "*", "input.json", "output.successfully", "taint"] - - ["jsdaniell/create-json", "*", "input.dir", "output.successfully", "taint"] + - ["jsdaniell/create-json", "*", "input.name", "output.successfully", "taint", "manual"] + - ["jsdaniell/create-json", "*", "input.json", "output.successfully", "taint", "manual"] + - ["jsdaniell/create-json", "*", "input.dir", "output.successfully", "taint", "manual"] diff --git a/ql/lib/ext/jurplel_install-qt-action.model.yml b/ql/lib/ext/jurplel_install-qt-action.model.yml index 928c1f918d3..5b6f1342fc4 100644 --- a/ql/lib/ext/jurplel_install-qt-action.model.yml +++ b/ql/lib/ext/jurplel_install-qt-action.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["jurplel/install-qt-action", "*", "input.version", "command-injection"] - - ["jurplel/install-qt-action", "*", "input.arch", "command-injection"] - - ["jurplel/install-qt-action", "*", "input.dir", "command-injection"] - - ["jurplel/install-qt-action", "*", "input.aqtversion", "command-injection"] - - ["jurplel/install-qt-action", "*", "input.py7zrversion", "command-injection"] - - ["jurplel/install-qt-action", "*", "input.extra", "command-injection"] + - ["jurplel/install-qt-action", "*", "input.version", "command-injection", "manual"] + - ["jurplel/install-qt-action", "*", "input.arch", "command-injection", "manual"] + - ["jurplel/install-qt-action", "*", "input.dir", "command-injection", "manual"] + - ["jurplel/install-qt-action", "*", "input.aqtversion", "command-injection", "manual"] + - ["jurplel/install-qt-action", "*", "input.py7zrversion", "command-injection", "manual"] + - ["jurplel/install-qt-action", "*", "input.extra", "command-injection", "manual"] diff --git a/ql/lib/ext/jwalton_gh-ecr-push.model.yml b/ql/lib/ext/jwalton_gh-ecr-push.model.yml index ad95f1f323a..b34833d85f3 100644 --- a/ql/lib/ext/jwalton_gh-ecr-push.model.yml +++ b/ql/lib/ext/jwalton_gh-ecr-push.model.yml @@ -3,11 +3,11 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["jwalton/gh-ecr-push", "*", "input.image", "output.imageUrl", "taint"] + - ["jwalton/gh-ecr-push", "*", "input.image", "output.imageUrl", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["jwalton/gh-ecr-push", "*", "input.image", "command-injection"] - - ["jwalton/gh-ecr-push", "*", "input.local-image", "command-injection"] - - ["jwalton/gh-ecr-push", "*", "input.region", "command-injection"] + - ["jwalton/gh-ecr-push", "*", "input.image", "command-injection", "manual"] + - ["jwalton/gh-ecr-push", "*", "input.local-image", "command-injection", "manual"] + - ["jwalton/gh-ecr-push", "*", "input.region", "command-injection", "manual"] diff --git a/ql/lib/ext/khan_pull-request-comment-trigger.model.yml b/ql/lib/ext/khan_pull-request-comment-trigger.model.yml index 18339bfa4e9..bbfc0bed1df 100644 --- a/ql/lib/ext/khan_pull-request-comment-trigger.model.yml +++ b/ql/lib/ext/khan_pull-request-comment-trigger.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body"] - - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body"] + - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body", "manual"] + - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "Comment body", "manual"] diff --git a/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml b/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml index abfca93b4ec..74ef5820cb7 100644 --- a/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml +++ b/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["larsoner/circleci-artifacts-redirector-action", "*", "input.artifact-path", "output.url", "taint"] + - ["larsoner/circleci-artifacts-redirector-action", "*", "input.artifact-path", "output.url", "taint", "manual"] diff --git a/ql/lib/ext/leafo_gh-actions-lua.model.yml b/ql/lib/ext/leafo_gh-actions-lua.model.yml index b3cb5aa3940..e05a3afd63a 100644 --- a/ql/lib/ext/leafo_gh-actions-lua.model.yml +++ b/ql/lib/ext/leafo_gh-actions-lua.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["leafo/gh-actions-lua", "*", "input.luaVersion", "command-injection"] - - ["leafo/gh-actions-lua", "*", "input.luaCompileFlags", "command-injection"] + - ["leafo/gh-actions-lua", "*", "input.luaVersion", "command-injection", "manual"] + - ["leafo/gh-actions-lua", "*", "input.luaCompileFlags", "command-injection", "manual"] diff --git a/ql/lib/ext/leafo_gh-actions-luarocks.model.yml b/ql/lib/ext/leafo_gh-actions-luarocks.model.yml index a84880cfdf1..a96ad45d624 100644 --- a/ql/lib/ext/leafo_gh-actions-luarocks.model.yml +++ b/ql/lib/ext/leafo_gh-actions-luarocks.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["leafo/gh-actions-luarocks", "*", "input.withLuaPath", "command-injection"] + - ["leafo/gh-actions-luarocks", "*", "input.withLuaPath", "command-injection", "manual"] diff --git a/ql/lib/ext/lucasbento_auto-close-issues.model.yml b/ql/lib/ext/lucasbento_auto-close-issues.model.yml index f32484a4f0d..a70e8facf7c 100644 --- a/ql/lib/ext/lucasbento_auto-close-issues.model.yml +++ b/ql/lib/ext/lucasbento_auto-close-issues.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["lucasbento/auto-close-issues", "*", "input.issue-close-message", "code-injection"] \ No newline at end of file + - ["lucasbento/auto-close-issues", "*", "input.issue-close-message", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml b/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml index 57c35c90214..66280f8bdd6 100644 --- a/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml +++ b/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["mad9000/actions-find-and-replace-string", "*", "input.source", "output.value", "taint"] - - ["mad9000/actions-find-and-replace-string", "*", "input.replace", "output.value", "taint"] \ No newline at end of file + - ["mad9000/actions-find-and-replace-string", "*", "input.source", "output.value", "taint", "manual"] + - ["mad9000/actions-find-and-replace-string", "*", "input.replace", "output.value", "taint", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/magefile_mage-action.model.yml b/ql/lib/ext/magefile_mage-action.model.yml index 9ce43e68a75..65965daeb1d 100644 --- a/ql/lib/ext/magefile_mage-action.model.yml +++ b/ql/lib/ext/magefile_mage-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["magefile/mage-action", "*", "input.args", "command-injection"] + - ["magefile/mage-action", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/maierj_fastlane-action.model.yml b/ql/lib/ext/maierj_fastlane-action.model.yml index ac3aaa67def..ba9a04f588b 100644 --- a/ql/lib/ext/maierj_fastlane-action.model.yml +++ b/ql/lib/ext/maierj_fastlane-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["maierj/fastlane-action", "*", "input.lane", "command-injection"] - - ["maierj/fastlane-action", "*", "input.options", "command-injection"] - - ["maierj/fastlane-action", "*", "input.env", "command-injection"] + - ["maierj/fastlane-action", "*", "input.lane", "command-injection", "manual"] + - ["maierj/fastlane-action", "*", "input.options", "command-injection", "manual"] + - ["maierj/fastlane-action", "*", "input.env", "command-injection", "manual"] diff --git a/ql/lib/ext/manusa_actions-setup-minikube.model.yml b/ql/lib/ext/manusa_actions-setup-minikube.model.yml index 90fd673c705..aea054e24b0 100644 --- a/ql/lib/ext/manusa_actions-setup-minikube.model.yml +++ b/ql/lib/ext/manusa_actions-setup-minikube.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["manusa/actions-setup-minikube", "*", "input.kubernetes_version", "command-injection"] - - ["manusa/actions-setup-minikube", "*", "input.driver", "command-injection"] - - ["manusa/actions-setup-minikube", "*", "input.container_runtime", "command-injection"] - - ["manusa/actions-setup-minikube", "*", "input.start_args", "command-injection"] + - ["manusa/actions-setup-minikube", "*", "input.kubernetes_version", "command-injection", "manual"] + - ["manusa/actions-setup-minikube", "*", "input.driver", "command-injection", "manual"] + - ["manusa/actions-setup-minikube", "*", "input.container_runtime", "command-injection", "manual"] + - ["manusa/actions-setup-minikube", "*", "input.start_args", "command-injection", "manual"] diff --git a/ql/lib/ext/marocchino_on_artifact.model.yml b/ql/lib/ext/marocchino_on_artifact.model.yml index 9f621758cff..7a556a0f0ec 100644 --- a/ql/lib/ext/marocchino_on_artifact.model.yml +++ b/ql/lib/ext/marocchino_on_artifact.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["marocchino/on_artifact", "*", "output.*", "Downloaded artifact"] + - ["marocchino/on_artifact", "*", "output.*", "Downloaded artifact", "manual"] diff --git a/ql/lib/ext/mattdavis0351_actions.model.yml b/ql/lib/ext/mattdavis0351_actions.model.yml index 2c9f46b46f4..bb1c3ffca2a 100644 --- a/ql/lib/ext/mattdavis0351_actions.model.yml +++ b/ql/lib/ext/mattdavis0351_actions.model.yml @@ -3,14 +3,14 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["mattdavis0351/actions", "*", "input.image-name", "output.imageUrl", "taint"] - - ["mattdavis0351/actions", "*", "input.tag", "output.imageUrl", "taint"] + - ["mattdavis0351/actions", "*", "input.image-name", "output.imageUrl", "taint", "manual"] + - ["mattdavis0351/actions", "*", "input.tag", "output.imageUrl", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["mattdavis0351/actions", "*", "input.repo-token", "command-injection"] - - ["mattdavis0351/actions", "*", "input.dockerfile-location", "command-injection"] - - ["mattdavis0351/actions", "*", "input.image-name", "command-injection"] - - ["mattdavis0351/actions", "*", "input.dockerfile-name", "command-injection"] - - ["mattdavis0351/actions", "*", "input.tag", "command-injection"] + - ["mattdavis0351/actions", "*", "input.repo-token", "command-injection", "manual"] + - ["mattdavis0351/actions", "*", "input.dockerfile-location", "command-injection", "manual"] + - ["mattdavis0351/actions", "*", "input.image-name", "command-injection", "manual"] + - ["mattdavis0351/actions", "*", "input.dockerfile-name", "command-injection", "manual"] + - ["mattdavis0351/actions", "*", "input.tag", "command-injection", "manual"] diff --git a/ql/lib/ext/meteorengineer_setup-meteor.model.yml b/ql/lib/ext/meteorengineer_setup-meteor.model.yml index 1bcf8e7ce7a..d3bec5ea39d 100644 --- a/ql/lib/ext/meteorengineer_setup-meteor.model.yml +++ b/ql/lib/ext/meteorengineer_setup-meteor.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["meteorengineer/setup-meteor", "*", "input.meteor-release", "command-injection"] + - ["meteorengineer/setup-meteor", "*", "input.meteor-release", "command-injection", "manual"] diff --git a/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml b/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml index dfa441761ab..c65527150b5 100644 --- a/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml +++ b/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["metro-digital/setup-tools-for-waas", "*", "input.gcp_sa_key", "env.GCLOUD_PROJECT", "taint"] + - ["metro-digital/setup-tools-for-waas", "*", "input.gcp_sa_key", "env.GCLOUD_PROJECT", "taint", "manual"] diff --git a/ql/lib/ext/microsoft_setup-msbuild.model.yml b/ql/lib/ext/microsoft_setup-msbuild.model.yml index 81706744568..25565b445fc 100644 --- a/ql/lib/ext/microsoft_setup-msbuild.model.yml +++ b/ql/lib/ext/microsoft_setup-msbuild.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["microsoft/setup-msbuild", "*", "input.vs-version", "command-injection"] - - ["microsoft/setup-msbuild", "*", "input.vswhere-path", "command-injection"] + - ["microsoft/setup-msbuild", "*", "input.vs-version", "command-injection", "manual"] + - ["microsoft/setup-msbuild", "*", "input.vswhere-path", "command-injection", "manual"] diff --git a/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml b/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml index 18297709838..d46a07dde96 100644 --- a/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml +++ b/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["mishakav/pytest-coverage-comment", "*", "input.multiple-files", "output.summaryReport", "taint"] + - ["mishakav/pytest-coverage-comment", "*", "input.multiple-files", "output.summaryReport", "taint", "manual"] diff --git a/ql/lib/ext/mr-smithers-excellent_docker-build-push.model.yml b/ql/lib/ext/mr-smithers-excellent_docker-build-push.model.yml index aeca6db0d98..2d162fbc914 100644 --- a/ql/lib/ext/mr-smithers-excellent_docker-build-push.model.yml +++ b/ql/lib/ext/mr-smithers-excellent_docker-build-push.model.yml @@ -3,14 +3,14 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["mr-smithers-excellent/docker-build-push", "*", "input.tags", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.buildArgs", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.labels", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.target", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.directory", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.platform", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.image", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.registry", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.dockerfile", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.githubOrg", "command-injection"] - - ["mr-smithers-excellent/docker-build-push", "*", "input.username", "command-injection"] \ No newline at end of file + - ["mr-smithers-excellent/docker-build-push", "*", "input.tags", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.buildArgs", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.labels", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.target", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.directory", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.platform", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.image", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.registry", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.dockerfile", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.githubOrg", "command-injection", "manual"] + - ["mr-smithers-excellent/docker-build-push", "*", "input.username", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/msys2_setup-msys2.model.yml b/ql/lib/ext/msys2_setup-msys2.model.yml index b9358bd2d69..fc91bacdb72 100644 --- a/ql/lib/ext/msys2_setup-msys2.model.yml +++ b/ql/lib/ext/msys2_setup-msys2.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["msys2/setup-msys2", "*", "input.install", "command-injection"] - - ["msys2/setup-msys2", "*", "input.pacboy", "command-injection"] \ No newline at end of file + - ["msys2/setup-msys2", "*", "input.install", "command-injection", "manual"] + - ["msys2/setup-msys2", "*", "input.pacboy", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/mxschmitt_action-tmate.model.yml b/ql/lib/ext/mxschmitt_action-tmate.model.yml index a18319954e3..8b2b4e79afa 100644 --- a/ql/lib/ext/mxschmitt_action-tmate.model.yml +++ b/ql/lib/ext/mxschmitt_action-tmate.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["mxschmitt/action-tmate", "*", "input.tmate-server-rsa-fingerprint", "command-injection"] - - ["mxschmitt/action-tmate", "*", "input.tmate-server-ed25519-fingerprint", "command-injection"] + - ["mxschmitt/action-tmate", "*", "input.tmate-server-rsa-fingerprint", "command-injection", "manual"] + - ["mxschmitt/action-tmate", "*", "input.tmate-server-ed25519-fingerprint", "command-injection", "manual"] diff --git a/ql/lib/ext/mymindstorm_setup-emsdk.model.yml b/ql/lib/ext/mymindstorm_setup-emsdk.model.yml index f46c40a8f9c..2ea1fdf6855 100644 --- a/ql/lib/ext/mymindstorm_setup-emsdk.model.yml +++ b/ql/lib/ext/mymindstorm_setup-emsdk.model.yml @@ -3,10 +3,10 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["mymindstorm/setup-emsdk", "*", "input.actions-cache-folder", "env.EMSDK", "taint"] + - ["mymindstorm/setup-emsdk", "*", "input.actions-cache-folder", "env.EMSDK", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["mymindstorm/setup-emsdk", "*", "input.actions-cache-folder", "command-injection"] - - ["mymindstorm/setup-emsdk", "*", "input.version", "command-injection"] + - ["mymindstorm/setup-emsdk", "*", "input.actions-cache-folder", "command-injection", "manual"] + - ["mymindstorm/setup-emsdk", "*", "input.version", "command-injection", "manual"] diff --git a/ql/lib/ext/nanasess_setup-chromedriver.model.yml b/ql/lib/ext/nanasess_setup-chromedriver.model.yml index 219de80c39e..21e0d819db7 100644 --- a/ql/lib/ext/nanasess_setup-chromedriver.model.yml +++ b/ql/lib/ext/nanasess_setup-chromedriver.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["nanasess/setup-chromedriver", "*", "input.chromedriver-version", "command-injection"] + - ["nanasess/setup-chromedriver", "*", "input.chromedriver-version", "command-injection", "manual"] diff --git a/ql/lib/ext/nanasess_setup-php.model.yml b/ql/lib/ext/nanasess_setup-php.model.yml index dc3c2739e87..bcc8ce6b80d 100644 --- a/ql/lib/ext/nanasess_setup-php.model.yml +++ b/ql/lib/ext/nanasess_setup-php.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["nanasess/setup-php", "*", "input.php-version", "command-injection"] + - ["nanasess/setup-php", "*", "input.php-version", "command-injection", "manual"] diff --git a/ql/lib/ext/nick-fields_retry.model.yml b/ql/lib/ext/nick-fields_retry.model.yml index 30679750f13..741ab37eb9b 100644 --- a/ql/lib/ext/nick-fields_retry.model.yml +++ b/ql/lib/ext/nick-fields_retry.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["nick-fields/retry", "*", "input.on_retry_command", "command-injection"] - - ["nick-fields/retry", "*", "input.new_command_on_retry", "command-injection"] - - ["nick-fields/retry", "*", "input.command", "command-injection"] + - ["nick-fields/retry", "*", "input.on_retry_command", "command-injection", "manual"] + - ["nick-fields/retry", "*", "input.new_command_on_retry", "command-injection", "manual"] + - ["nick-fields/retry", "*", "input.command", "command-injection", "manual"] diff --git a/ql/lib/ext/octokit_graphql-action.model.yml b/ql/lib/ext/octokit_graphql-action.model.yml index c600e7a93b6..a9d6b80a627 100644 --- a/ql/lib/ext/octokit_graphql-action.model.yml +++ b/ql/lib/ext/octokit_graphql-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["octokit/graphql-action", "*", "input.query", "request-forgery"] + - ["octokit/graphql-action", "*", "input.query", "request-forgery", "manual"] diff --git a/ql/lib/ext/octokit_request-action.model.yml b/ql/lib/ext/octokit_request-action.model.yml index ed9088c9f56..73d4df99af2 100644 --- a/ql/lib/ext/octokit_request-action.model.yml +++ b/ql/lib/ext/octokit_request-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["octokit/request-action", "*", "input.route", "request-forgery"] + - ["octokit/request-action", "*", "input.route", "request-forgery", "manual"] diff --git a/ql/lib/ext/olafurpg_setup-scala.model.yml b/ql/lib/ext/olafurpg_setup-scala.model.yml index 988c3d5e674..fb6ae5102e1 100644 --- a/ql/lib/ext/olafurpg_setup-scala.model.yml +++ b/ql/lib/ext/olafurpg_setup-scala.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["olafurpg/setup-scala", "*", "input.jabba-version", "command-injection"] + - ["olafurpg/setup-scala", "*", "input.jabba-version", "command-injection", "manual"] diff --git a/ql/lib/ext/paambaati_codeclimate-action.model.yml b/ql/lib/ext/paambaati_codeclimate-action.model.yml index 91a3382348c..8b29e5c9988 100644 --- a/ql/lib/ext/paambaati_codeclimate-action.model.yml +++ b/ql/lib/ext/paambaati_codeclimate-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["paambaati/codeclimate-action", "*", "input.coverageCommand", "command-injection"] + - ["paambaati/codeclimate-action", "*", "input.coverageCommand", "command-injection", "manual"] diff --git a/ql/lib/ext/peter-evans_create-pull-request.model.yml b/ql/lib/ext/peter-evans_create-pull-request.model.yml index d9d15dc94b2..5a5cedcaca5 100644 --- a/ql/lib/ext/peter-evans_create-pull-request.model.yml +++ b/ql/lib/ext/peter-evans_create-pull-request.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["peter-evans/create-pull-request", "*", "input.branch", "command-injection"] + - ["peter-evans/create-pull-request", "*", "input.branch", "command-injection", "manual"] diff --git a/ql/lib/ext/plasmicapp_plasmic-action.model.yml b/ql/lib/ext/plasmicapp_plasmic-action.model.yml index 6bc0467692d..12d3f23f8fd 100644 --- a/ql/lib/ext/plasmicapp_plasmic-action.model.yml +++ b/ql/lib/ext/plasmicapp_plasmic-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["plasmicapp/plasmic-action", "*", "input.project_id", "command-injection"] - - ["plasmicapp/plasmic-action", "*", "input.project_api_token", "command-injection"] - - ["plasmicapp/plasmic-action", "*", "input.branch", "command-injection"] + - ["plasmicapp/plasmic-action", "*", "input.project_id", "command-injection", "manual"] + - ["plasmicapp/plasmic-action", "*", "input.project_api_token", "command-injection", "manual"] + - ["plasmicapp/plasmic-action", "*", "input.branch", "command-injection", "manual"] diff --git a/ql/lib/ext/preactjs_compressed-size-action.model.yml b/ql/lib/ext/preactjs_compressed-size-action.model.yml index 62dea47d818..30be564c42a 100644 --- a/ql/lib/ext/preactjs_compressed-size-action.model.yml +++ b/ql/lib/ext/preactjs_compressed-size-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["preactjs/compressed-size-action", "*", "input.build-script", "command-injection"] - - ["preactjs/compressed-size-action", "*", "input.clean-script", "command-injection"] + - ["preactjs/compressed-size-action", "*", "input.build-script", "command-injection", "manual"] + - ["preactjs/compressed-size-action", "*", "input.clean-script", "command-injection", "manual"] diff --git a/ql/lib/ext/py-actions_flake8.model.yml b/ql/lib/ext/py-actions_flake8.model.yml index 525d0199859..13d4cfeb814 100644 --- a/ql/lib/ext/py-actions_flake8.model.yml +++ b/ql/lib/ext/py-actions_flake8.model.yml @@ -3,10 +3,10 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["py-actions/flake8", "*", "input.flake8-version", "command-injection"] - - ["py-actions/flake8", "*", "input.plugins", "command-injection"] - - ["py-actions/flake8", "*", "input.path", "command-injection"] - - ["py-actions/flake8", "*", "input.ignore", "command-injection"] - - ["py-actions/flake8", "*", "input.exclude", "command-injection"] - - ["py-actions/flake8", "*", "input.max-line-length", "command-injection"] - - ["py-actions/flake8", "*", "input.args", "command-injection"] + - ["py-actions/flake8", "*", "input.flake8-version", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.plugins", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.path", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.ignore", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.exclude", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.max-line-length", "command-injection", "manual"] + - ["py-actions/flake8", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/py-actions_py-dependency-install.model.yml b/ql/lib/ext/py-actions_py-dependency-install.model.yml index 5aac0f89432..3043c9b30ec 100644 --- a/ql/lib/ext/py-actions_py-dependency-install.model.yml +++ b/ql/lib/ext/py-actions_py-dependency-install.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["py-actions/py-dependency-install", "*", "input.path", "command-injection"] + - ["py-actions/py-dependency-install", "*", "input.path", "command-injection", "manual"] diff --git a/ql/lib/ext/pyo3_maturin-action.model.yml b/ql/lib/ext/pyo3_maturin-action.model.yml index d32c6509ad7..29d51d1bfbb 100644 --- a/ql/lib/ext/pyo3_maturin-action.model.yml +++ b/ql/lib/ext/pyo3_maturin-action.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["pyo3/maturin-action", "*", "input.before-script-linux", "command-injection"] - - ["pyo3/maturin-action", "*", "input.target", "command-injection"] - - ["pyo3/maturin-action", "*", "input.command", "command-injection"] - - ["pyo3/maturin-action", "*", "input.manylinux", "command-injection"] + - ["pyo3/maturin-action", "*", "input.before-script-linux", "command-injection", "manual"] + - ["pyo3/maturin-action", "*", "input.target", "command-injection", "manual"] + - ["pyo3/maturin-action", "*", "input.command", "command-injection", "manual"] + - ["pyo3/maturin-action", "*", "input.manylinux", "command-injection", "manual"] diff --git a/ql/lib/ext/reactivecircus_android-emulator-runner.model.yml b/ql/lib/ext/reactivecircus_android-emulator-runner.model.yml index c4ea326ecef..75a9650a92f 100644 --- a/ql/lib/ext/reactivecircus_android-emulator-runner.model.yml +++ b/ql/lib/ext/reactivecircus_android-emulator-runner.model.yml @@ -3,22 +3,22 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["reactivecircus/android-emulator-runner", "*", "input.api-level", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.target", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.arch", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.profile", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.sdcard-path-or-size'", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.cores", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ram-size", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.heap-size", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.disk-size", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.emulator-options", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.emulator-build", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.cmake", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] - - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection"] + - ["reactivecircus/android-emulator-runner", "*", "input.api-level", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.target", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.arch", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.profile", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.sdcard-path-or-size'", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.cores", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ram-size", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.heap-size", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.disk-size", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.emulator-options", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.emulator-build", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.cmake", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] + - ["reactivecircus/android-emulator-runner", "*", "input.ndk", "command-injection", "manual"] diff --git a/ql/lib/ext/redhat-plumbers-in-action_download-artifact.model.yml b/ql/lib/ext/redhat-plumbers-in-action_download-artifact.model.yml index 52c478dd1d4..9b0ec011fd6 100644 --- a/ql/lib/ext/redhat-plumbers-in-action_download-artifact.model.yml +++ b/ql/lib/ext/redhat-plumbers-in-action_download-artifact.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["redhat-plumbers-in-action/download-artifact", "*", "output.*", "Downloaded artifact"] + - ["redhat-plumbers-in-action/download-artifact", "*", "output.*", "Downloaded artifact", "manual"] diff --git a/ql/lib/ext/reggionick_s3-deploy.model.yml b/ql/lib/ext/reggionick_s3-deploy.model.yml index 7213a39f992..a0c4d6f7ec5 100644 --- a/ql/lib/ext/reggionick_s3-deploy.model.yml +++ b/ql/lib/ext/reggionick_s3-deploy.model.yml @@ -3,11 +3,11 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["reggionick/s3-deploy", "*", "input.bucket", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.bucket-region", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.dist-id", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.invalidation", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.delete-removed", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.cacheControl", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.cache", "command-injection"] - - ["reggionick/s3-deploy", "*", "input.files-to-include", "command-injection"] + - ["reggionick/s3-deploy", "*", "input.bucket", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.bucket-region", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.dist-id", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.invalidation", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.delete-removed", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.cacheControl", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.cache", "command-injection", "manual"] + - ["reggionick/s3-deploy", "*", "input.files-to-include", "command-injection", "manual"] diff --git a/ql/lib/ext/renovatebot_github-action.model.yml b/ql/lib/ext/renovatebot_github-action.model.yml index 3207c6d7521..b5d4629003b 100644 --- a/ql/lib/ext/renovatebot_github-action.model.yml +++ b/ql/lib/ext/renovatebot_github-action.model.yml @@ -3,8 +3,8 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["renovatebot/github-action", "*", "input.renovate-image", "command-injection"] - - ["renovatebot/github-action", "*", "input.renovate-version", "command-injection"] - - ["renovatebot/github-action", "*", "input.docker-cmd-file", "command-injection"] - - ["renovatebot/github-action", "*", "input.docker-user", "command-injection"] - - ["renovatebot/github-action", "*", "input.docker-volumes", "command-injection"] + - ["renovatebot/github-action", "*", "input.renovate-image", "command-injection", "manual"] + - ["renovatebot/github-action", "*", "input.renovate-version", "command-injection", "manual"] + - ["renovatebot/github-action", "*", "input.docker-cmd-file", "command-injection", "manual"] + - ["renovatebot/github-action", "*", "input.docker-user", "command-injection", "manual"] + - ["renovatebot/github-action", "*", "input.docker-volumes", "command-injection", "manual"] diff --git a/ql/lib/ext/roots_issue-closer-action.model.yml b/ql/lib/ext/roots_issue-closer-action.model.yml index d00d78bcba8..4b96edeccc2 100644 --- a/ql/lib/ext/roots_issue-closer-action.model.yml +++ b/ql/lib/ext/roots_issue-closer-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["roots/issue-closer-action", "*", "input.issue-close-message", "code-injection"] - - ["roots/issue-closer-action", "*", "input.pr-close-message", "code-injection"] + - ["roots/issue-closer-action", "*", "input.issue-close-message", "code-injection", "manual"] + - ["roots/issue-closer-action", "*", "input.pr-close-message", "code-injection", "manual"] diff --git a/ql/lib/ext/ros-tooling_setup-ros.model.yml b/ql/lib/ext/ros-tooling_setup-ros.model.yml index e2813105bdc..ae3ef2e2b1b 100644 --- a/ql/lib/ext/ros-tooling_setup-ros.model.yml +++ b/ql/lib/ext/ros-tooling_setup-ros.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["ros-tooling/setup-ros", "*", "input.required-ros-distributions", "command-injection"] + - ["ros-tooling/setup-ros", "*", "input.required-ros-distributions", "command-injection", "manual"] diff --git a/ql/lib/ext/ruby_setup-ruby.model.yml b/ql/lib/ext/ruby_setup-ruby.model.yml index d6ba27a5079..079dfc1fc02 100644 --- a/ql/lib/ext/ruby_setup-ruby.model.yml +++ b/ql/lib/ext/ruby_setup-ruby.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["ruby/setup-ruby", "*", "input.ruby-version", "output.ruby-prefix", "taint"] + - ["ruby/setup-ruby", "*", "input.ruby-version", "output.ruby-prefix", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["ruby/setup-ruby", "*", "input.ruby-version", "command-injection"] + - ["ruby/setup-ruby", "*", "input.ruby-version", "command-injection", "manual"] diff --git a/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml b/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml index 413f4f3058b..19edd617c67 100644 --- a/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml +++ b/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml @@ -3,9 +3,9 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["salsify/action-detect-and-tag-new-version", "*", "input.tag-template", "output.tag", "taint"] + - ["salsify/action-detect-and-tag-new-version", "*", "input.tag-template", "output.tag", "taint", "manual"] - addsTo: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["salsify/action-detect-and-tag-new-version", "*", "input.version-command", "command-injection"] + - ["salsify/action-detect-and-tag-new-version", "*", "input.version-command", "command-injection", "manual"] diff --git a/ql/lib/ext/shallwefootball_upload-s3-action.model.yml b/ql/lib/ext/shallwefootball_upload-s3-action.model.yml index a8db7e8313e..9f8d987c0af 100644 --- a/ql/lib/ext/shallwefootball_upload-s3-action.model.yml +++ b/ql/lib/ext/shallwefootball_upload-s3-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["shallwefootball/upload-s3-action", "*", "input.destination_dir", "output.object_key", "taint"] + - ["shallwefootball/upload-s3-action", "*", "input.destination_dir", "output.object_key", "taint", "manual"] diff --git a/ql/lib/ext/shogo82148_actions-setup-perl.model.yml b/ql/lib/ext/shogo82148_actions-setup-perl.model.yml index d171499049a..90a18103868 100644 --- a/ql/lib/ext/shogo82148_actions-setup-perl.model.yml +++ b/ql/lib/ext/shogo82148_actions-setup-perl.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["shogo82148/actions-setup-perl", "*", "input.working-directory", "env.PERL5LIB", "taint"] + - ["shogo82148/actions-setup-perl", "*", "input.working-directory", "env.PERL5LIB", "taint", "manual"] diff --git a/ql/lib/ext/skitionek_notify-microsoft-teams.model.yml b/ql/lib/ext/skitionek_notify-microsoft-teams.model.yml index 42361b203e0..fd484074f5c 100644 --- a/ql/lib/ext/skitionek_notify-microsoft-teams.model.yml +++ b/ql/lib/ext/skitionek_notify-microsoft-teams.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["skitionek/notify-microsoft-teams", "*", "input.overwrite", "code-injection"] \ No newline at end of file + - ["skitionek/notify-microsoft-teams", "*", "input.overwrite", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/snow-actions_eclint.model.yml b/ql/lib/ext/snow-actions_eclint.model.yml index 474b36186b0..5caaea9562e 100644 --- a/ql/lib/ext/snow-actions_eclint.model.yml +++ b/ql/lib/ext/snow-actions_eclint.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["snow-actions/eclint", "*", "input.args", "command-injection"] + - ["snow-actions/eclint", "*", "input.args", "command-injection", "manual"] diff --git a/ql/lib/ext/stackhawk_hawkscan-action.model.yml b/ql/lib/ext/stackhawk_hawkscan-action.model.yml index 73b93dbb88a..9462b8d5bbd 100644 --- a/ql/lib/ext/stackhawk_hawkscan-action.model.yml +++ b/ql/lib/ext/stackhawk_hawkscan-action.model.yml @@ -3,8 +3,8 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["stackhawk/hawkscan-action", "*", "input.workspace", "command-injection"] - - ["stackhawk/hawkscan-action", "*", "input.apiKey", "command-injection"] - - ["stackhawk/hawkscan-action", "*", "input.command", "command-injection"] - - ["stackhawk/hawkscan-action", "*", "input.args", "command-injection"] - - ["stackhawk/hawkscan-action", "*", "input.version", "command-injection"] \ No newline at end of file + - ["stackhawk/hawkscan-action", "*", "input.workspace", "command-injection", "manual"] + - ["stackhawk/hawkscan-action", "*", "input.apiKey", "command-injection", "manual"] + - ["stackhawk/hawkscan-action", "*", "input.command", "command-injection", "manual"] + - ["stackhawk/hawkscan-action", "*", "input.args", "command-injection", "manual"] + - ["stackhawk/hawkscan-action", "*", "input.version", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/step-security_harden-runner.model.yml b/ql/lib/ext/step-security_harden-runner.model.yml index 4138b97f0fb..9b01987e1f2 100644 --- a/ql/lib/ext/step-security_harden-runner.model.yml +++ b/ql/lib/ext/step-security_harden-runner.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["step-security/harden-runner", "*", "input.allowed-endpoints", "command-injection"] + - ["step-security/harden-runner", "*", "input.allowed-endpoints", "command-injection", "manual"] diff --git a/ql/lib/ext/suisei-cn_actions-download-file.model.yml b/ql/lib/ext/suisei-cn_actions-download-file.model.yml index 4ab448b04c1..10a3630ea0b 100644 --- a/ql/lib/ext/suisei-cn_actions-download-file.model.yml +++ b/ql/lib/ext/suisei-cn_actions-download-file.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["suisei-cn/actions-download-file", "*", "input.filename", "output.filename", "taint"] + - ["suisei-cn/actions-download-file", "*", "input.filename", "output.filename", "taint", "manual"] diff --git a/ql/lib/ext/tibdex_backport.model.yml b/ql/lib/ext/tibdex_backport.model.yml index 1bcbac476a8..aac20afddf5 100644 --- a/ql/lib/ext/tibdex_backport.model.yml +++ b/ql/lib/ext/tibdex_backport.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["tibdex/backport", "*", "input.body_template", "code-injection"] - - ["tibdex/backport", "*", "input.head_template", "code-injection"] - - ["tibdex/backport", "*", "input.labels_template", "code-injection"] - - ["tibdex/backport", "*", "input.title_template", "code-injection"] \ No newline at end of file + - ["tibdex/backport", "*", "input.body_template", "code-injection", "manual"] + - ["tibdex/backport", "*", "input.head_template", "code-injection", "manual"] + - ["tibdex/backport", "*", "input.labels_template", "code-injection", "manual"] + - ["tibdex/backport", "*", "input.title_template", "code-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/timheuer_base64-to-file.model.yml b/ql/lib/ext/timheuer_base64-to-file.model.yml index 299c387c81a..8dcabd1650a 100644 --- a/ql/lib/ext/timheuer_base64-to-file.model.yml +++ b/ql/lib/ext/timheuer_base64-to-file.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: summaryModel data: - - ["timheuer/base64-to-file", "*", "input.fileName", "output.filePath", "taint"] - - ["timheuer/base64-to-file", "*", "input.fileDir", "output.filePath", "taint"] + - ["timheuer/base64-to-file", "*", "input.fileName", "output.filePath", "taint", "manual"] + - ["timheuer/base64-to-file", "*", "input.fileDir", "output.filePath", "taint", "manual"] diff --git a/ql/lib/ext/tj-actions_branch-names.model.yml b/ql/lib/ext/tj-actions_branch-names.model.yml index a7afc090a91..753303b0cb3 100644 --- a/ql/lib/ext/tj-actions_branch-names.model.yml +++ b/ql/lib/ext/tj-actions_branch-names.model.yml @@ -4,7 +4,7 @@ extensions: extensible: sourceModel data: # https://github.com/tj-actions/branch-names - - ["tj-actions/branch-names", "*", "output.current_branch", "PR current branch"] - - ["tj-actions/branch-names", "*", "output.head_ref_branch", "PR head branch"] - - ["tj-actions/branch-names", "*", "output.ref_branch", "Branch tirggering workflow run"] + - ["tj-actions/branch-names", "*", "output.current_branch", "PR current branch", "manual"] + - ["tj-actions/branch-names", "*", "output.head_ref_branch", "PR head branch", "manual"] + - ["tj-actions/branch-names", "*", "output.ref_branch", "Branch tirggering workflow run", "manual"] diff --git a/ql/lib/ext/tj-actions_changed-files.model.yml b/ql/lib/ext/tj-actions_changed-files.model.yml index 7890668fa87..fb15abce061 100644 --- a/ql/lib/ext/tj-actions_changed-files.model.yml +++ b/ql/lib/ext/tj-actions_changed-files.model.yml @@ -3,20 +3,20 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["tj-actions/changed-files", "*", "output.added_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.copied_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.deleted_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.modified_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.renamed_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.type_changed_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.unmerged_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.unknown_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.all_changed_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.other_changed_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.all_modified_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.other_modified_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.other_deleted_files", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.modified_keys", "PR changed files"] - - ["tj-actions/changed-files", "*", "output.changed_keys", "PR changed files"] + - ["tj-actions/changed-files", "*", "output.added_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.copied_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.deleted_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.modified_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.renamed_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.type_changed_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.unmerged_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.unknown_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.all_changed_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.other_changed_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.all_modified_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.other_modified_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.other_deleted_files", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.modified_keys", "PR changed files", "manual"] + - ["tj-actions/changed-files", "*", "output.changed_keys", "PR changed files", "manual"] diff --git a/ql/lib/ext/tj-actions_verify-changed-files.model.yml b/ql/lib/ext/tj-actions_verify-changed-files.model.yml index 1946b78f5fd..8e4938368b8 100644 --- a/ql/lib/ext/tj-actions_verify-changed-files.model.yml +++ b/ql/lib/ext/tj-actions_verify-changed-files.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["tj-actions/verify-changed-files", "*", "output.changed-files", "PR changed files"] + - ["tj-actions/verify-changed-files", "*", "output.changed-files", "PR changed files", "manual"] diff --git a/ql/lib/ext/trilom_file-changes-action.model.yml b/ql/lib/ext/trilom_file-changes-action.model.yml index 77706e266fe..61141e5f73b 100644 --- a/ql/lib/ext/trilom_file-changes-action.model.yml +++ b/ql/lib/ext/trilom_file-changes-action.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["trilom/file-changes-action", "*", "output.files", "PR changed files"] - - ["trilom/file-changes-action", "*", "output.files_added", "PR changed files"] - - ["trilom/file-changes-action", "*", "output.files_modified", "PR changed files"] - - ["trilom/file-changes-action", "*", "output.files_removed", "PR changed files"] + - ["trilom/file-changes-action", "*", "output.files", "PR changed files", "manual"] + - ["trilom/file-changes-action", "*", "output.files_added", "PR changed files", "manual"] + - ["trilom/file-changes-action", "*", "output.files_modified", "PR changed files", "manual"] + - ["trilom/file-changes-action", "*", "output.files_removed", "PR changed files", "manual"] diff --git a/ql/lib/ext/tripss_conventional-changelog-action.model.yml b/ql/lib/ext/tripss_conventional-changelog-action.model.yml index 3072c6f54fd..ae166b1f515 100644 --- a/ql/lib/ext/tripss_conventional-changelog-action.model.yml +++ b/ql/lib/ext/tripss_conventional-changelog-action.model.yml @@ -3,13 +3,13 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["tripss/conventional-changelog-action", "*", "input.pre-release-identifier", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-user-name", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-user-email", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-url", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.github-token", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-pull-method", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.fallback-version", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-message", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.git-branch", "command-injection"] - - ["tripss/conventional-changelog-action", "*", "input.tag-prefix'", "command-injection"] \ No newline at end of file + - ["tripss/conventional-changelog-action", "*", "input.pre-release-identifier", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-user-name", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-user-email", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-url", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.github-token", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-pull-method", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.fallback-version", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-message", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.git-branch", "command-injection", "manual"] + - ["tripss/conventional-changelog-action", "*", "input.tag-prefix'", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/tryghost_action-deploy-theme.model.yml b/ql/lib/ext/tryghost_action-deploy-theme.model.yml index 5fe53ea3d07..a6cc6884389 100644 --- a/ql/lib/ext/tryghost_action-deploy-theme.model.yml +++ b/ql/lib/ext/tryghost_action-deploy-theme.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["tryghost/action-deploy-theme", "*", "input.theme-name", "command-injection"] - - ["tryghost/action-deploy-theme", "*", "input.exclude", "command-injection"] + - ["tryghost/action-deploy-theme", "*", "input.theme-name", "command-injection", "manual"] + - ["tryghost/action-deploy-theme", "*", "input.exclude", "command-injection", "manual"] diff --git a/ql/lib/ext/tzkhan_pr-update-action.model.yml b/ql/lib/ext/tzkhan_pr-update-action.model.yml index d4b083e14d2..c80590e4931 100644 --- a/ql/lib/ext/tzkhan_pr-update-action.model.yml +++ b/ql/lib/ext/tzkhan_pr-update-action.model.yml @@ -3,4 +3,4 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["tzkhan/pr-update-action", "*", "output.headMatch", ""] + - ["tzkhan/pr-update-action", "*", "output.headMatch", "", "manual"] diff --git a/ql/lib/ext/veracode_veracode-sca.model.yml b/ql/lib/ext/veracode_veracode-sca.model.yml index 5e87f6c3b94..a352d6c9ff6 100644 --- a/ql/lib/ext/veracode_veracode-sca.model.yml +++ b/ql/lib/ext/veracode_veracode-sca.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["veracode/veracode-sca", "*", "input.url", "command-injection"] - - ["veracode/veracode-sca", "*", "input.path", "command-injection"] - - ["veracode/veracode-sca", "*", "input.skip-collectors", "command-injection"] - - ["veracode/veracode-sca", "*", "input.url", "command-injection"] + - ["veracode/veracode-sca", "*", "input.url", "command-injection", "manual"] + - ["veracode/veracode-sca", "*", "input.path", "command-injection", "manual"] + - ["veracode/veracode-sca", "*", "input.skip-collectors", "command-injection", "manual"] + - ["veracode/veracode-sca", "*", "input.url", "command-injection", "manual"] diff --git a/ql/lib/ext/wearerequired_lint-action.model.yml b/ql/lib/ext/wearerequired_lint-action.model.yml index dbe5d2d542d..6ed71f18215 100644 --- a/ql/lib/ext/wearerequired_lint-action.model.yml +++ b/ql/lib/ext/wearerequired_lint-action.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["wearerequired/lint-action", "*", "input.git_name", "command-injection"] - - ["wearerequired/lint-action", "*", "input.git_email", "command-injection"] - - ["wearerequired/lint-action", "*", "input.commit_message", "command-injection"] + - ["wearerequired/lint-action", "*", "input.git_name", "command-injection", "manual"] + - ["wearerequired/lint-action", "*", "input.git_email", "command-injection", "manual"] + - ["wearerequired/lint-action", "*", "input.commit_message", "command-injection", "manual"] diff --git a/ql/lib/ext/webfactory_ssh-agent.model.yml b/ql/lib/ext/webfactory_ssh-agent.model.yml index 9ecbdb6329f..5864c0d0ede 100644 --- a/ql/lib/ext/webfactory_ssh-agent.model.yml +++ b/ql/lib/ext/webfactory_ssh-agent.model.yml @@ -3,6 +3,6 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["webfactory/ssh-agent", "*", "input.ssh-agent-cmd", "command-injection"] - - ["webfactory/ssh-agent", "*", "input.ssh-add-cmd", "command-injection"] - - ["webfactory/ssh-agent", "*", "input.git-cmd", "command-injection"] + - ["webfactory/ssh-agent", "*", "input.ssh-agent-cmd", "command-injection", "manual"] + - ["webfactory/ssh-agent", "*", "input.ssh-add-cmd", "command-injection", "manual"] + - ["webfactory/ssh-agent", "*", "input.git-cmd", "command-injection", "manual"] diff --git a/ql/lib/ext/xt0rted_slash-command-action.model.yml b/ql/lib/ext/xt0rted_slash-command-action.model.yml index 31a1eb5bde9..2a4378d1712 100644 --- a/ql/lib/ext/xt0rted_slash-command-action.model.yml +++ b/ql/lib/ext/xt0rted_slash-command-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: githubsecuritylab/actions-all extensible: sourceModel data: - - ["xt0rted/slash-command-action", "*", "output.command-arguments", ""] - - ["xt0rted/slash-command-action", "*", "output.command-arguments", ""] + - ["xt0rted/slash-command-action", "*", "output.command-arguments", "", "manual"] + - ["xt0rted/slash-command-action", "*", "output.command-arguments", "", "manual"] diff --git a/ql/lib/ext/zaproxy_action-baseline.model.yml b/ql/lib/ext/zaproxy_action-baseline.model.yml index 10920eb6bf5..880b0d606da 100644 --- a/ql/lib/ext/zaproxy_action-baseline.model.yml +++ b/ql/lib/ext/zaproxy_action-baseline.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["zaproxy/action-baseline", "*", "input.docker_name", "command-injection"] - - ["zaproxy/action-baseline", "*", "input.target", "command-injection"] - - ["zaproxy/action-baseline", "*", "input.rules_file_name", "command-injection"] - - ["zaproxy/action-baseline", "*", "input.cmd_options", "command-injection"] \ No newline at end of file + - ["zaproxy/action-baseline", "*", "input.docker_name", "command-injection", "manual"] + - ["zaproxy/action-baseline", "*", "input.target", "command-injection", "manual"] + - ["zaproxy/action-baseline", "*", "input.rules_file_name", "command-injection", "manual"] + - ["zaproxy/action-baseline", "*", "input.cmd_options", "command-injection", "manual"] \ No newline at end of file diff --git a/ql/lib/ext/zaproxy_action-full-scan.model.yml b/ql/lib/ext/zaproxy_action-full-scan.model.yml index a1d49af0845..fd8172c6ca8 100644 --- a/ql/lib/ext/zaproxy_action-full-scan.model.yml +++ b/ql/lib/ext/zaproxy_action-full-scan.model.yml @@ -3,7 +3,7 @@ extensions: pack: githubsecuritylab/actions-all extensible: sinkModel data: - - ["zaproxy/action-full-scan", "*", "input.docker_name", "command-injection"] - - ["zaproxy/action-full-scan", "*", "input.target", "command-injection"] - - ["zaproxy/action-full-scan", "*", "input.rules_file_name", "command-injection"] - - ["zaproxy/action-full-scan", "*", "input.cmd_options", "command-injection"] + - ["zaproxy/action-full-scan", "*", "input.docker_name", "command-injection", "manual"] + - ["zaproxy/action-full-scan", "*", "input.target", "command-injection", "manual"] + - ["zaproxy/action-full-scan", "*", "input.rules_file_name", "command-injection", "manual"] + - ["zaproxy/action-full-scan", "*", "input.cmd_options", "command-injection", "manual"] diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index c1d32a1f817..aa02154bab1 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -14,3 +14,4 @@ groups: - yaml dataExtensions: - ext/*.model.yml + - ext/**/*.model.yml diff --git a/ql/src/Security/CWE-020/CompositeActionsSinks.ql b/ql/src/Security/CWE-020/CompositeActionsSinks.ql index 54f58e6b63e..3ea9050c832 100644 --- a/ql/src/Security/CWE-020/CompositeActionsSinks.ql +++ b/ql/src/Security/CWE-020/CompositeActionsSinks.ql @@ -21,7 +21,9 @@ private module MyConfig implements DataFlow::ConfigSig { exists(CompositeAction c | c.getAnInput() = source.asExpr()) } - predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink } + predicate isSink(DataFlow::Node sink) { + sink instanceof CodeInjectionSink and not externallyDefinedSink(sink, "code-injection") + } } module MyFlow = TaintTracking::Global; diff --git a/ql/src/Security/CWE-020/ReusableWorkflowsSinks.ql b/ql/src/Security/CWE-020/ReusableWorkflowsSinks.ql index 2dd5bf1cfef..5f1c54e7003 100644 --- a/ql/src/Security/CWE-020/ReusableWorkflowsSinks.ql +++ b/ql/src/Security/CWE-020/ReusableWorkflowsSinks.ql @@ -21,7 +21,9 @@ private module MyConfig implements DataFlow::ConfigSig { exists(ReusableWorkflow w | w.getAnInput() = source.asExpr()) } - predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink } + predicate isSink(DataFlow::Node sink) { + sink instanceof CodeInjectionSink and not externallyDefinedSink(sink, "code-injection") + } } module MyFlow = TaintTracking::Global; diff --git a/ql/test/library-tests/test.ql b/ql/test/library-tests/test.ql index 947757c8c3a..2a7d4bd72ba 100644 --- a/ql/test/library-tests/test.ql +++ b/ql/test/library-tests/test.ql @@ -49,12 +49,14 @@ query predicate nodeLocations(DataFlow::Node n, Location l) { n.getLocation() = query predicate scopes(Cfg::CfgScope c) { any() } -query predicate sources(string action, string version, string output, string kind) { - sourceModel(action, version, output, kind) +query predicate sources(string action, string version, string output, string kind, string provenance) { + sourceModel(action, version, output, kind, provenance) } -query predicate summaries(string action, string version, string input, string output, string kind) { - summaryModel(action, version, input, output, kind) +query predicate summaries( + string action, string version, string input, string output, string kind, string provenance +) { + summaryModel(action, version, input, output, kind, provenance) } query predicate calls(DataFlow::CallNode call, string callee) { callee = call.getCallee() }