hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 20:50:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make Untrusted Checkout and CachePoisoning rules path-problems

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-06-26 19:17:37 +02:00
parent e6311966c8
commit 5cd292e23e
7 changed files with 451 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ql/src/Security/CWE-349/CachePoisoning.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Cache Poisoning
* @description The cache can be poisoned by untrusted code, leading to a cache poisoning attack.
* @kind problem
* @kind path-problem
* @problem.severity error
* @precision high
* @security-severity 7.5
@@ -16,6 +16,8 @@ import codeql.actions.security.UntrustedCheckoutQuery
import codeql.actions.security.CachePoisoningQuery
import codeql.actions.security.PoisonableSteps
query predicate edges(Step a, Step b) { a.getAFollowingStep() = b }
from LocalJob j, Event e, PRHeadCheckoutStep checkout, Step s
where
j.getATriggerEvent() = e and
@@ -48,5 +50,4 @@ where
// excluding privileged workflows since they can be exploited in easier circumstances
not j.isPrivileged()
)
select checkout, "Potential cache poisoning in the context of the default branch on step $@.", s,
s.toString()
select s, checkout, s, "Potential cache poisoning in the context of the default branch"

10
ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
View File

@@ -3,7 +3,7 @@
* @description Priveleged workflows have read/write access to the base repository and access to secrets.
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
* that is able to push to the base repository and to access secrets.
* @kind problem
* @kind path-problem
* @problem.severity error
* @precision very-high
* @security-severity 9.3
@@ -17,12 +17,14 @@ import actions
import codeql.actions.security.UntrustedCheckoutQuery
import codeql.actions.security.PoisonableSteps
from LocalJob j, PRHeadCheckoutStep checkout
query predicate edges(Step a, Step b) { a.getAFollowingStep() = b }
from LocalJob j, PRHeadCheckoutStep checkout, PoisonableStep s
where
j = checkout.getEnclosingJob() and
j.getAStep() = checkout and
// the checkout is followed by a known poisonable step
checkout.getAFollowingStep() instanceof PoisonableStep and
checkout.getAFollowingStep() = s and
// the checkout is not controlled by an access check
not exists(ControlCheck check | check.dominates(checkout)) and
// the checkout occurs in a privileged context
@@ -31,4 +33,4 @@ where
or
inPrivilegedExternallyTriggerableJob(checkout)
)
select checkout, "Potential unsafe checkout of untrusted pull request on privileged workflow."
select s, checkout, s, "Potential unsafe checkout of untrusted code on a privileged workflow."

48
ql/test/query-tests/Security/CWE-094/.github/workflows/test8.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
run-name: Cleanup ${{ github.head_ref }}
on:
pull_request_target:
types: labeled
paths:
- 'images/**'
jobs:
clean_ci:
name: Clean CI runs
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: pwsh
run: |
$startDate = Get-Date -UFormat %s
$workflows = @("macos11", "macos12", "ubuntu2004", "ubuntu2204", "windows2019", "windows2022")
while ($true) {
$continue = $false
foreach ($wf in $workflows) {
$skippedCommand = "gh run list --workflow ${wf}.yml --branch ${{ github.event.pull_request.head.ref }} --repo ${{ github.repository }} --status skipped --json databaseId"
$skippedIds = Invoke-Expression -Command $skippedCommand | ConvertFrom-Json | ForEach-Object { $_.databaseId }
$skippedIds | ForEach-Object {
$deleteCommand = "gh run delete --repo ${{ github.repository }} $_"
Invoke-Expression -Command $deleteCommand
}
$pendingCommand = "gh run list --workflow ${wf}.yml --branch ${{ github.event.pull_request.head.ref }} --repo ${{ github.repository }} --status requested --json databaseId --template '{{ . | len }}'"
$pending = Invoke-Expression -Command $pendingCommand
if ($pending -gt 0) {
Write-Host "Pending for ${wf}.yml: $pending run(s)"
$continue = $true
}
}
if ($continue -eq $false) {
Write-Host "All done, exiting"
break
}
$curDate = Get-Date -UFormat %s
if (($curDate - $startDate) -gt 60) {
Write-Host "Reached timeout, exiting"
break
}
Write-Host "Waiting 5 seconds..."
Start-Sleep -Seconds 5
}

4
ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
View File

@@ -249,6 +249,8 @@ nodes
| .github/workflows/test7.yml:13:9:17:6 | Uses Step: refs | semmle.label | Uses Step: refs |
| .github/workflows/test7.yml:18:37:18:80 | steps.comment-branch.outputs.head_ref | semmle.label | steps.comment-branch.outputs.head_ref |
| .github/workflows/test7.yml:20:37:20:70 | steps.refs.outputs.head_ref | semmle.label | steps.refs.outputs.head_ref |
| .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node [job_output] | semmle.label | Job outputs node [job_output] |
| .github/workflows/test.yml:8:20:8:50 | steps.step5.outputs.MSG5 | semmle.label | steps.step5.outputs.MSG5 |
| .github/workflows/test.yml:12:9:18:6 | Uses Step: step0 [value] | semmle.label | Uses Step: step0 [value] |
@@ -348,6 +350,8 @@ subpaths
| .github/workflows/test5.yml:12:21:12:64 | toJSON(github.event.comment.body).foo | .github/workflows/test5.yml:12:21:12:64 | toJSON(github.event.comment.body).foo | .github/workflows/test5.yml:12:21:12:64 | toJSON(github.event.comment.body).foo | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test5.yml:12:21:12:64 | toJSON(github.event.comment.body).foo | ${{ toJSON(github.event.comment.body).foo }} |
| .github/workflows/test7.yml:18:37:18:80 | steps.comment-branch.outputs.head_ref | .github/workflows/test7.yml:9:9:13:6 | Uses Step: comment-branch | .github/workflows/test7.yml:18:37:18:80 | steps.comment-branch.outputs.head_ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test7.yml:18:37:18:80 | steps.comment-branch.outputs.head_ref | ${{ steps.comment-branch.outputs.head_ref }} |
| .github/workflows/test7.yml:20:37:20:70 | steps.refs.outputs.head_ref | .github/workflows/test7.yml:13:9:17:6 | Uses Step: refs | .github/workflows/test7.yml:20:37:20:70 | steps.refs.outputs.head_ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test7.yml:20:37:20:70 | steps.refs.outputs.head_ref | ${{ steps.refs.outputs.head_ref }} |
| .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | ${{ github.event.workflow_run.display_title }} |
| .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:10:19:10:70 | github.event.workflow_run.head_commit.message | ${{ github.event.workflow_run.head_commit.message }} |
| .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:11:19:11:75 | github.event.workflow_run.head_commit.author.email | ${{ github.event.workflow_run.head_commit.author.email }} |

2
ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
View File

@@ -249,6 +249,8 @@ nodes
| .github/workflows/test7.yml:13:9:17:6 | Uses Step: refs | semmle.label | Uses Step: refs |
| .github/workflows/test7.yml:18:37:18:80 | steps.comment-branch.outputs.head_ref | semmle.label | steps.comment-branch.outputs.head_ref |
| .github/workflows/test7.yml:20:37:20:70 | steps.refs.outputs.head_ref | semmle.label | steps.refs.outputs.head_ref |
| .github/workflows/test8.yml:24:76:24:116 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test8.yml:30:76:30:116 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test.yml:8:7:10:4 | Job outputs node [job_output] | semmle.label | Job outputs node [job_output] |
| .github/workflows/test.yml:8:20:8:50 | steps.step5.outputs.MSG5 | semmle.label | steps.step5.outputs.MSG5 |
| .github/workflows/test.yml:12:9:18:6 | Uses Step: step0 [value] | semmle.label | Uses Step: step0 [value] |

134
ql/test/query-tests/Security/CWE-349/CachePoisoning.expected
View File

@@ -1,12 +1,122 @@
| .github/workflows/test1.yml:13:9:18:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test1.yml:18:9:22:6 | Uses Step | Uses Step |
| .github/workflows/test2.yml:11:9:14:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test2.yml:14:9:18:6 | Uses Step | Uses Step |
| .github/workflows/test3.yml:11:9:14:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test3.yml:14:9:22:6 | Uses Step | Uses Step |
| .github/workflows/test6.yml:10:9:13:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test6.yml:13:9:17:6 | Uses Step | Uses Step |
| .github/workflows/test7.yml:10:9:13:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test7.yml:13:9:16:6 | Uses Step | Uses Step |
| .github/workflows/test8.yml:12:9:15:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test8.yml:15:9:17:2 | Run Step | Run Step |
| .github/workflows/test8.yml:23:9:26:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test8.yml:26:9:28:2 | Uses Step | Uses Step |
| .github/workflows/test8.yml:34:9:37:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test8.yml:37:9:37:75 | Run Step | Run Step |
| .github/workflows/test11.yml:14:9:19:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test11.yml:19:9:23:6 | Uses Step | Uses Step |
| .github/workflows/test15.yml:14:9:17:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test15.yml:17:9:21:6 | Uses Step | Uses Step |
| .github/workflows/test16.yml:14:9:17:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test16.yml:17:9:21:6 | Uses Step | Uses Step |
| .github/workflows/test17.yml:15:9:20:6 | Uses Step | Potential cache poisoning in the context of the default branch on step $@. | .github/workflows/test17.yml:22:9:26:31 | Uses Step | Uses Step |
edges
| .github/workflows/test1.yml:10:9:13:6 | Uses Step: comment-branch | .github/workflows/test1.yml:13:9:18:6 | Uses Step |
| .github/workflows/test1.yml:10:9:13:6 | Uses Step: comment-branch | .github/workflows/test1.yml:18:9:22:6 | Uses Step |
| .github/workflows/test1.yml:10:9:13:6 | Uses Step: comment-branch | .github/workflows/test1.yml:22:9:23:21 | Run Step |
| .github/workflows/test1.yml:13:9:18:6 | Uses Step | .github/workflows/test1.yml:18:9:22:6 | Uses Step |
| .github/workflows/test1.yml:13:9:18:6 | Uses Step | .github/workflows/test1.yml:22:9:23:21 | Run Step |
| .github/workflows/test1.yml:18:9:22:6 | Uses Step | .github/workflows/test1.yml:22:9:23:21 | Run Step |
| .github/workflows/test2.yml:11:9:14:6 | Uses Step | .github/workflows/test2.yml:14:9:18:6 | Uses Step |
| .github/workflows/test2.yml:11:9:14:6 | Uses Step | .github/workflows/test2.yml:18:9:19:21 | Run Step |
| .github/workflows/test2.yml:14:9:18:6 | Uses Step | .github/workflows/test2.yml:18:9:19:21 | Run Step |
| .github/workflows/test3.yml:11:9:14:6 | Uses Step | .github/workflows/test3.yml:14:9:22:6 | Uses Step |
| .github/workflows/test3.yml:11:9:14:6 | Uses Step | .github/workflows/test3.yml:22:9:23:34 | Run Step |
| .github/workflows/test3.yml:14:9:22:6 | Uses Step | .github/workflows/test3.yml:22:9:23:34 | Run Step |
| .github/workflows/test4.yml:13:9:16:6 | Uses Step | .github/workflows/test4.yml:16:9:20:6 | Uses Step |
| .github/workflows/test4.yml:13:9:16:6 | Uses Step | .github/workflows/test4.yml:20:9:21:34 | Run Step |
| .github/workflows/test4.yml:16:9:20:6 | Uses Step | .github/workflows/test4.yml:20:9:21:34 | Run Step |
| .github/workflows/test5.yml:11:9:14:6 | Uses Step | .github/workflows/test5.yml:14:9:18:6 | Uses Step |
| .github/workflows/test5.yml:11:9:14:6 | Uses Step | .github/workflows/test5.yml:18:9:19:11 | Run Step |
| .github/workflows/test5.yml:14:9:18:6 | Uses Step | .github/workflows/test5.yml:18:9:19:11 | Run Step |
| .github/workflows/test6.yml:10:9:13:6 | Uses Step | .github/workflows/test6.yml:13:9:17:6 | Uses Step |
| .github/workflows/test6.yml:10:9:13:6 | Uses Step | .github/workflows/test6.yml:17:9:18:11 | Run Step |
| .github/workflows/test6.yml:13:9:17:6 | Uses Step | .github/workflows/test6.yml:17:9:18:11 | Run Step |
| .github/workflows/test7.yml:10:9:13:6 | Uses Step | .github/workflows/test7.yml:13:9:16:6 | Uses Step |
| .github/workflows/test7.yml:10:9:13:6 | Uses Step | .github/workflows/test7.yml:16:9:17:11 | Run Step |
| .github/workflows/test7.yml:13:9:16:6 | Uses Step | .github/workflows/test7.yml:16:9:17:11 | Run Step |
| .github/workflows/test8.yml:10:9:12:6 | Uses Step: comment-branch | .github/workflows/test8.yml:12:9:15:6 | Uses Step |
| .github/workflows/test8.yml:10:9:12:6 | Uses Step: comment-branch | .github/workflows/test8.yml:15:9:17:2 | Run Step |
| .github/workflows/test8.yml:12:9:15:6 | Uses Step | .github/workflows/test8.yml:15:9:17:2 | Run Step |
| .github/workflows/test8.yml:21:9:23:6 | Uses Step: comment-branch | .github/workflows/test8.yml:23:9:26:6 | Uses Step |
| .github/workflows/test8.yml:21:9:23:6 | Uses Step: comment-branch | .github/workflows/test8.yml:26:9:28:2 | Uses Step |
| .github/workflows/test8.yml:23:9:26:6 | Uses Step | .github/workflows/test8.yml:26:9:28:2 | Uses Step |
| .github/workflows/test8.yml:32:9:34:6 | Uses Step: comment-branch | .github/workflows/test8.yml:34:9:37:6 | Uses Step |
| .github/workflows/test8.yml:32:9:34:6 | Uses Step: comment-branch | .github/workflows/test8.yml:37:9:37:75 | Run Step |
| .github/workflows/test8.yml:34:9:37:6 | Uses Step | .github/workflows/test8.yml:37:9:37:75 | Run Step |
| .github/workflows/test11.yml:11:9:14:6 | Uses Step: comment-branch | .github/workflows/test11.yml:14:9:19:6 | Uses Step |
| .github/workflows/test11.yml:11:9:14:6 | Uses Step: comment-branch | .github/workflows/test11.yml:19:9:23:6 | Uses Step |
| .github/workflows/test11.yml:11:9:14:6 | Uses Step: comment-branch | .github/workflows/test11.yml:23:9:24:21 | Run Step |
| .github/workflows/test11.yml:14:9:19:6 | Uses Step | .github/workflows/test11.yml:19:9:23:6 | Uses Step |
| .github/workflows/test11.yml:14:9:19:6 | Uses Step | .github/workflows/test11.yml:23:9:24:21 | Run Step |
| .github/workflows/test11.yml:19:9:23:6 | Uses Step | .github/workflows/test11.yml:23:9:24:21 | Run Step |
| .github/workflows/test12.yml:11:9:14:6 | Uses Step: comment-branch | .github/workflows/test12.yml:14:9:19:6 | Uses Step |
| .github/workflows/test12.yml:11:9:14:6 | Uses Step: comment-branch | .github/workflows/test12.yml:19:9:20:30 | Run Step |
| .github/workflows/test12.yml:14:9:19:6 | Uses Step | .github/workflows/test12.yml:19:9:20:30 | Run Step |
| .github/workflows/test13.yml:14:9:17:6 | Uses Step | .github/workflows/test13.yml:17:9:21:6 | Uses Step |
| .github/workflows/test13.yml:14:9:17:6 | Uses Step | .github/workflows/test13.yml:21:9:22:21 | Run Step |
| .github/workflows/test13.yml:17:9:21:6 | Uses Step | .github/workflows/test13.yml:21:9:22:21 | Run Step |
| .github/workflows/test14.yml:14:9:17:6 | Uses Step | .github/workflows/test14.yml:17:9:21:6 | Uses Step |
| .github/workflows/test14.yml:14:9:17:6 | Uses Step | .github/workflows/test14.yml:21:9:22:21 | Run Step |
| .github/workflows/test14.yml:17:9:21:6 | Uses Step | .github/workflows/test14.yml:21:9:22:21 | Run Step |
| .github/workflows/test15.yml:14:9:17:6 | Uses Step | .github/workflows/test15.yml:17:9:21:6 | Uses Step |
| .github/workflows/test15.yml:14:9:17:6 | Uses Step | .github/workflows/test15.yml:21:9:22:21 | Run Step |
| .github/workflows/test15.yml:17:9:21:6 | Uses Step | .github/workflows/test15.yml:21:9:22:21 | Run Step |
| .github/workflows/test16.yml:14:9:17:6 | Uses Step | .github/workflows/test16.yml:17:9:21:6 | Uses Step |
| .github/workflows/test16.yml:14:9:17:6 | Uses Step | .github/workflows/test16.yml:21:9:22:21 | Run Step |
| .github/workflows/test16.yml:17:9:21:6 | Uses Step | .github/workflows/test16.yml:21:9:22:21 | Run Step |
| .github/workflows/test17.yml:15:9:20:6 | Uses Step | .github/workflows/test17.yml:20:9:22:6 | Uses Step |
| .github/workflows/test17.yml:15:9:20:6 | Uses Step | .github/workflows/test17.yml:22:9:26:31 | Uses Step |
| .github/workflows/test17.yml:20:9:22:6 | Uses Step | .github/workflows/test17.yml:22:9:26:31 | Uses Step |
| .github/workflows/test18.yml:15:9:19:6 | Uses Step | .github/workflows/test18.yml:19:9:24:6 | Uses Step |
| .github/workflows/test18.yml:15:9:19:6 | Uses Step | .github/workflows/test18.yml:24:9:27:6 | Run Step |
| .github/workflows/test18.yml:15:9:19:6 | Uses Step | .github/workflows/test18.yml:27:9:30:6 | Run Step |
| .github/workflows/test18.yml:15:9:19:6 | Uses Step | .github/workflows/test18.yml:30:9:31:54 | Run Step |
| .github/workflows/test18.yml:19:9:24:6 | Uses Step | .github/workflows/test18.yml:24:9:27:6 | Run Step |
| .github/workflows/test18.yml:19:9:24:6 | Uses Step | .github/workflows/test18.yml:27:9:30:6 | Run Step |
| .github/workflows/test18.yml:19:9:24:6 | Uses Step | .github/workflows/test18.yml:30:9:31:54 | Run Step |
| .github/workflows/test18.yml:24:9:27:6 | Run Step | .github/workflows/test18.yml:27:9:30:6 | Run Step |
| .github/workflows/test18.yml:24:9:27:6 | Run Step | .github/workflows/test18.yml:30:9:31:54 | Run Step |
| .github/workflows/test18.yml:27:9:30:6 | Run Step | .github/workflows/test18.yml:30:9:31:54 | Run Step |
| .github/workflows/test19.yml:15:9:21:6 | Uses Step: modified_files | .github/workflows/test19.yml:21:9:41:49 | Run Step: check |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:25:7:31:4 | Uses Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:31:7:33:4 | Uses Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:33:7:38:4 | Uses Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:38:7:40:4 | Run Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:40:7:41:4 | Run Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:31:7:33:4 | Uses Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:33:7:38:4 | Uses Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:38:7:40:4 | Run Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:40:7:41:4 | Run Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:25:7:31:4 | Uses Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:33:7:38:4 | Uses Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:38:7:40:4 | Run Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:40:7:41:4 | Run Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:31:7:33:4 | Uses Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:38:7:40:4 | Run Step |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:40:7:41:4 | Run Step |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:38:7:40:4 | Run Step | .github/workflows/test20.yml:40:7:41:4 | Run Step |
| .github/workflows/test20.yml:38:7:40:4 | Run Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:38:7:40:4 | Run Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:38:7:40:4 | Run Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:40:7:41:4 | Run Step | .github/workflows/test20.yml:41:7:42:4 | Run Step |
| .github/workflows/test20.yml:40:7:41:4 | Run Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:40:7:41:4 | Run Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:41:7:42:4 | Run Step | .github/workflows/test20.yml:42:7:43:4 | Run Step |
| .github/workflows/test20.yml:41:7:42:4 | Run Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
| .github/workflows/test20.yml:42:7:43:4 | Run Step | .github/workflows/test20.yml:43:7:46:39 | Uses Step |
#select
| .github/workflows/test1.yml:18:9:22:6 | Uses Step | .github/workflows/test1.yml:13:9:18:6 | Uses Step | .github/workflows/test1.yml:18:9:22:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test2.yml:14:9:18:6 | Uses Step | .github/workflows/test2.yml:11:9:14:6 | Uses Step | .github/workflows/test2.yml:14:9:18:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test3.yml:14:9:22:6 | Uses Step | .github/workflows/test3.yml:11:9:14:6 | Uses Step | .github/workflows/test3.yml:14:9:22:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test6.yml:13:9:17:6 | Uses Step | .github/workflows/test6.yml:10:9:13:6 | Uses Step | .github/workflows/test6.yml:13:9:17:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test7.yml:13:9:16:6 | Uses Step | .github/workflows/test7.yml:10:9:13:6 | Uses Step | .github/workflows/test7.yml:13:9:16:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test8.yml:15:9:17:2 | Run Step | .github/workflows/test8.yml:12:9:15:6 | Uses Step | .github/workflows/test8.yml:15:9:17:2 | Run Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test8.yml:26:9:28:2 | Uses Step | .github/workflows/test8.yml:23:9:26:6 | Uses Step | .github/workflows/test8.yml:26:9:28:2 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test8.yml:37:9:37:75 | Run Step | .github/workflows/test8.yml:34:9:37:6 | Uses Step | .github/workflows/test8.yml:37:9:37:75 | Run Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test11.yml:19:9:23:6 | Uses Step | .github/workflows/test11.yml:14:9:19:6 | Uses Step | .github/workflows/test11.yml:19:9:23:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test15.yml:17:9:21:6 | Uses Step | .github/workflows/test15.yml:14:9:17:6 | Uses Step | .github/workflows/test15.yml:17:9:21:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test16.yml:17:9:21:6 | Uses Step | .github/workflows/test16.yml:14:9:17:6 | Uses Step | .github/workflows/test16.yml:17:9:21:6 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test17.yml:22:9:26:31 | Uses Step | .github/workflows/test17.yml:15:9:20:6 | Uses Step | .github/workflows/test17.yml:22:9:26:31 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test20.yml:33:7:38:4 | Uses Step | .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:33:7:38:4 | Uses Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test20.yml:38:7:40:4 | Run Step | .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:38:7:40:4 | Run Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test20.yml:41:7:42:4 | Run Step | .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:41:7:42:4 | Run Step | Potential cache poisoning in the context of the default branch |
| .github/workflows/test20.yml:42:7:43:4 | Run Step | .github/workflows/test20.yml:18:7:25:4 | Uses Step | .github/workflows/test20.yml:42:7:43:4 | Run Step | Potential cache poisoning in the context of the default branch |

273
ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected
View File

@@ -1,8 +1,265 @@
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/level0.yml:99:9:103:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/level0.yml:125:9:129:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/mend.yml:22:9:29:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/untrusted_checkout.yml:10:9:13:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
| .github/workflows/untrusted_checkout.yml:13:9:16:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
edges
| .github/workflows/actor_trusted_checkout.yml:9:7:14:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:14:7:15:4 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:9:7:14:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step |
| .github/workflows/actor_trusted_checkout.yml:9:7:14:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:9:7:14:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:14:7:15:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step |
| .github/workflows/actor_trusted_checkout.yml:14:7:15:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:14:7:15:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step | .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:15:7:19:4 | Run Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/actor_trusted_checkout.yml:19:7:23:4 | Uses Step | .github/workflows/actor_trusted_checkout.yml:23:7:26:21 | Uses Step |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact |
| .github/workflows/artifactpoisoning7.yml:8:9:16:6 | Uses Step | .github/workflows/artifactpoisoning7.yml:20:9:21:52 | Run Step |
| .github/workflows/artifactpoisoning7.yml:16:9:20:6 | Run Step: artifact | .github/workflows/artifactpoisoning7.yml:20:9:21:52 | Run Step |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:32:9:36:6 | Run Step |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:36:9:38:78 | Run Step |
| .github/workflows/artifactpoisoning11.yml:32:9:36:6 | Run Step | .github/workflows/artifactpoisoning11.yml:36:9:38:78 | Run Step |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:32:9:36:6 | Run Step |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:36:9:38:62 | Run Step |
| .github/workflows/artifactpoisoning12.yml:32:9:36:6 | Run Step | .github/workflows/artifactpoisoning12.yml:36:9:38:62 | Run Step |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:18:9:20:21 | Run Step |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:17:9:18:20 | Run Step |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:15:9:18:6 | Run Step |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:18:9:19:23 | Run Step |
| .github/workflows/artifactpoisoning31.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning31.yml:18:9:19:23 | Run Step |
| .github/workflows/artifactpoisoning32.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning32.yml:16:9:18:20 | Run Step |
| .github/workflows/artifactpoisoning33.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning33.yml:16:9:18:20 | Run Step |
| .github/workflows/artifactpoisoning34.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning34.yml:16:9:20:6 | Uses Step |
| .github/workflows/artifactpoisoning34.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning34.yml:20:9:22:23 | Run Step |
| .github/workflows/artifactpoisoning34.yml:16:9:20:6 | Uses Step | .github/workflows/artifactpoisoning34.yml:20:9:22:23 | Run Step |
| .github/workflows/artifactpoisoning41.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning41.yml:21:9:22:23 | Run Step |
| .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:21:9:22:19 | Run Step |
| .github/workflows/artifactpoisoning51.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning51.yml:15:9:18:6 | Run Step |
| .github/workflows/artifactpoisoning51.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning51.yml:18:9:20:57 | Run Step |
| .github/workflows/artifactpoisoning51.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning51.yml:18:9:20:57 | Run Step |
| .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:15:9:18:6 | Run Step |
| .github/workflows/artifactpoisoning52.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning52.yml:18:9:23:40 | Run Step |
| .github/workflows/artifactpoisoning52.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning52.yml:18:9:23:40 | Run Step |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step |
| .github/workflows/artifactpoisoning53.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:9:23:29 | Run Step |
| .github/workflows/artifactpoisoning53.yml:15:9:18:6 | Run Step | .github/workflows/artifactpoisoning53.yml:18:9:23:29 | Run Step |
| .github/workflows/artifactpoisoning61.yml:20:9:41:6 | Uses Step | .github/workflows/artifactpoisoning61.yml:41:9:53:6 | Run Step: prepare |
| .github/workflows/artifactpoisoning61.yml:20:9:41:6 | Uses Step | .github/workflows/artifactpoisoning61.yml:53:9:53:50 | Run Step |
| .github/workflows/artifactpoisoning61.yml:41:9:53:6 | Run Step: prepare | .github/workflows/artifactpoisoning61.yml:53:9:53:50 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:37:9:40:6 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:40:9:44:6 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:44:9:48:6 | Run Step |
| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:37:9:40:6 | Run Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:40:9:44:6 | Run Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:44:9:48:6 | Run Step |
| .github/workflows/auto_ci.yml:27:9:32:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:37:9:40:6 | Run Step |
| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:40:9:44:6 | Run Step |
| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:44:9:48:6 | Run Step |
| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:37:9:40:6 | Run Step | .github/workflows/auto_ci.yml:40:9:44:6 | Run Step |
| .github/workflows/auto_ci.yml:37:9:40:6 | Run Step | .github/workflows/auto_ci.yml:44:9:48:6 | Run Step |
| .github/workflows/auto_ci.yml:37:9:40:6 | Run Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:40:9:44:6 | Run Step | .github/workflows/auto_ci.yml:44:9:48:6 | Run Step |
| .github/workflows/auto_ci.yml:40:9:44:6 | Run Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:44:9:48:6 | Run Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:74:9:79:6 | Uses Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:93:9:96:6 | Uses Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files | .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr |
| .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:96:9:108:6 | Run Step: stage_files | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr | .github/workflows/auto_ci.yml:119:9:125:6 | Run Step |
| .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:108:9:119:6 | Uses Step: create_pr | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:119:9:125:6 | Run Step | .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step |
| .github/workflows/auto_ci.yml:119:9:125:6 | Run Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/auto_ci.yml:125:9:133:6 | Uses Step | .github/workflows/auto_ci.yml:133:9:135:20 | Run Step |
| .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | .github/workflows/dependabot1.yml:19:9:23:6 | Run Step: nvm |
| .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | .github/workflows/dependabot1.yml:23:9:28:6 | Uses Step |
| .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | .github/workflows/dependabot1.yml:28:9:31:6 | Run Step |
| .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | .github/workflows/dependabot1.yml:31:9:34:6 | Run Step |
| .github/workflows/dependabot1.yml:15:9:19:6 | Uses Step | .github/workflows/dependabot1.yml:34:9:36:2 | Run Step |
| .github/workflows/dependabot1.yml:19:9:23:6 | Run Step: nvm | .github/workflows/dependabot1.yml:23:9:28:6 | Uses Step |
| .github/workflows/dependabot1.yml:19:9:23:6 | Run Step: nvm | .github/workflows/dependabot1.yml:28:9:31:6 | Run Step |
| .github/workflows/dependabot1.yml:19:9:23:6 | Run Step: nvm | .github/workflows/dependabot1.yml:31:9:34:6 | Run Step |
| .github/workflows/dependabot1.yml:19:9:23:6 | Run Step: nvm | .github/workflows/dependabot1.yml:34:9:36:2 | Run Step |
| .github/workflows/dependabot1.yml:23:9:28:6 | Uses Step | .github/workflows/dependabot1.yml:28:9:31:6 | Run Step |
| .github/workflows/dependabot1.yml:23:9:28:6 | Uses Step | .github/workflows/dependabot1.yml:31:9:34:6 | Run Step |
| .github/workflows/dependabot1.yml:23:9:28:6 | Uses Step | .github/workflows/dependabot1.yml:34:9:36:2 | Run Step |
| .github/workflows/dependabot1.yml:28:9:31:6 | Run Step | .github/workflows/dependabot1.yml:31:9:34:6 | Run Step |
| .github/workflows/dependabot1.yml:28:9:31:6 | Run Step | .github/workflows/dependabot1.yml:34:9:36:2 | Run Step |
| .github/workflows/dependabot1.yml:31:9:34:6 | Run Step | .github/workflows/dependabot1.yml:34:9:36:2 | Run Step |
| .github/workflows/dependabot1.yml:39:9:43:6 | Uses Step | .github/workflows/dependabot1.yml:43:9:45:29 | Uses Step |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:47:9:52:6 | Run Step |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:52:9:58:6 | Run Step |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:58:9:61:6 | Run Step |
| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm | .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step |
| .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm | .github/workflows/dependabot2.yml:47:9:52:6 | Run Step |
| .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm | .github/workflows/dependabot2.yml:52:9:58:6 | Run Step |
| .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm | .github/workflows/dependabot2.yml:58:9:61:6 | Run Step |
| .github/workflows/dependabot2.yml:38:9:42:6 | Run Step: nvm | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step | .github/workflows/dependabot2.yml:47:9:52:6 | Run Step |
| .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step | .github/workflows/dependabot2.yml:52:9:58:6 | Run Step |
| .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step | .github/workflows/dependabot2.yml:58:9:61:6 | Run Step |
| .github/workflows/dependabot2.yml:42:9:47:6 | Uses Step | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/dependabot2.yml:47:9:52:6 | Run Step | .github/workflows/dependabot2.yml:52:9:58:6 | Run Step |
| .github/workflows/dependabot2.yml:47:9:52:6 | Run Step | .github/workflows/dependabot2.yml:58:9:61:6 | Run Step |
| .github/workflows/dependabot2.yml:47:9:52:6 | Run Step | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/dependabot2.yml:52:9:58:6 | Run Step | .github/workflows/dependabot2.yml:58:9:61:6 | Run Step |
| .github/workflows/dependabot2.yml:52:9:58:6 | Run Step | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/dependabot2.yml:58:9:61:6 | Run Step | .github/workflows/dependabot2.yml:61:9:68:19 | Run Step |
| .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:18:11:21:8 | Uses Step |
| .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step |
| .github/workflows/gitcheckout.yml:18:11:21:8 | Uses Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step |
| .github/workflows/issue_comment_3rd_party_action.yml:12:9:16:6 | Uses Step: comment-branch | .github/workflows/issue_comment_3rd_party_action.yml:16:9:22:2 | Uses Step |
| .github/workflows/issue_comment_3rd_party_action.yml:25:9:30:6 | Uses Step: comment-branch | .github/workflows/issue_comment_3rd_party_action.yml:30:9:36:2 | Uses Step |
| .github/workflows/issue_comment_3rd_party_action.yml:39:9:45:6 | Uses Step: refs | .github/workflows/issue_comment_3rd_party_action.yml:45:9:49:6 | Uses Step |
| .github/workflows/issue_comment_3rd_party_action.yml:39:9:45:6 | Uses Step: refs | .github/workflows/issue_comment_3rd_party_action.yml:49:9:52:25 | Uses Step |
| .github/workflows/issue_comment_3rd_party_action.yml:45:9:49:6 | Uses Step | .github/workflows/issue_comment_3rd_party_action.yml:49:9:52:25 | Uses Step |
| .github/workflows/issue_comment_heuristic.yml:11:9:24:6 | Uses Step: get-pr-info | .github/workflows/issue_comment_heuristic.yml:24:9:28:6 | Run Step: get-sha |
| .github/workflows/issue_comment_heuristic.yml:11:9:24:6 | Uses Step: get-pr-info | .github/workflows/issue_comment_heuristic.yml:28:9:33:2 | Uses Step |
| .github/workflows/issue_comment_heuristic.yml:24:9:28:6 | Run Step: get-sha | .github/workflows/issue_comment_heuristic.yml:28:9:33:2 | Uses Step |
| .github/workflows/issue_comment_heuristic.yml:37:7:48:4 | Run Step: vars | .github/workflows/issue_comment_heuristic.yml:48:7:50:46 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:12:9:19:6 | Uses Step: fetch_issue | .github/workflows/issue_comment_octokit.yml:19:9:26:6 | Uses Step: fetch_pr |
| .github/workflows/issue_comment_octokit.yml:12:9:19:6 | Uses Step: fetch_issue | .github/workflows/issue_comment_octokit.yml:26:9:30:6 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:12:9:19:6 | Uses Step: fetch_issue | .github/workflows/issue_comment_octokit.yml:30:9:35:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:19:9:26:6 | Uses Step: fetch_pr | .github/workflows/issue_comment_octokit.yml:26:9:30:6 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:19:9:26:6 | Uses Step: fetch_pr | .github/workflows/issue_comment_octokit.yml:30:9:35:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:26:9:30:6 | Uses Step | .github/workflows/issue_comment_octokit.yml:30:9:35:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:38:9:52:6 | Uses Step: get-pr-info | .github/workflows/issue_comment_octokit.yml:52:9:57:6 | Run Step: get-sha |
| .github/workflows/issue_comment_octokit.yml:38:9:52:6 | Uses Step: get-pr-info | .github/workflows/issue_comment_octokit.yml:57:9:62:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:52:9:57:6 | Run Step: get-sha | .github/workflows/issue_comment_octokit.yml:57:9:62:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:66:9:79:6 | Uses Step: sha | .github/workflows/issue_comment_octokit.yml:79:9:83:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:87:9:95:6 | Uses Step: sha | .github/workflows/issue_comment_octokit.yml:95:9:100:2 | Uses Step |
| .github/workflows/issue_comment_octokit.yml:103:9:109:6 | Uses Step: request | .github/workflows/issue_comment_octokit.yml:109:9:114:66 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:11:7:15:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:15:7:16:4 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:11:7:15:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:16:7:20:4 | Run Step |
| .github/workflows/label_trusted_checkout.yml:11:7:15:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:20:7:24:4 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:11:7:15:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:24:7:27:21 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:15:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:16:7:20:4 | Run Step |
| .github/workflows/label_trusted_checkout.yml:15:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:20:7:24:4 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:15:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:24:7:27:21 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:16:7:20:4 | Run Step | .github/workflows/label_trusted_checkout.yml:20:7:24:4 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:16:7:20:4 | Run Step | .github/workflows/label_trusted_checkout.yml:24:7:27:21 | Uses Step |
| .github/workflows/label_trusted_checkout.yml:20:7:24:4 | Uses Step | .github/workflows/label_trusted_checkout.yml:24:7:27:21 | Uses Step |
| .github/workflows/level0.yml:33:9:36:6 | Uses Step | .github/workflows/level0.yml:36:9:39:6 | Uses Step |
| .github/workflows/level0.yml:33:9:36:6 | Uses Step | .github/workflows/level0.yml:39:9:52:2 | Run Step: check_profanities |
| .github/workflows/level0.yml:36:9:39:6 | Uses Step | .github/workflows/level0.yml:39:9:52:2 | Run Step: check_profanities |
| .github/workflows/level0.yml:62:9:65:6 | Uses Step | .github/workflows/level0.yml:65:9:86:2 | Uses Step |
| .github/workflows/level0.yml:96:9:99:6 | Uses Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step |
| .github/workflows/level0.yml:96:9:99:6 | Uses Step | .github/workflows/level0.yml:103:9:107:6 | Uses Step |
| .github/workflows/level0.yml:96:9:99:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step |
| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:103:9:107:6 | Uses Step |
| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step |
| .github/workflows/level0.yml:103:9:107:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step |
| .github/workflows/level0.yml:122:9:125:6 | Uses Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step |
| .github/workflows/level0.yml:122:9:125:6 | Uses Step | .github/workflows/level0.yml:129:9:133:6 | Uses Step |
| .github/workflows/level0.yml:122:9:125:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step |
| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:129:9:133:6 | Uses Step |
| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step |
| .github/workflows/level0.yml:129:9:133:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step |
| .github/workflows/mend.yml:13:9:22:6 | Run Step: set_ref | .github/workflows/mend.yml:22:9:29:6 | Uses Step |
| .github/workflows/mend.yml:13:9:22:6 | Run Step: set_ref | .github/workflows/mend.yml:29:9:33:28 | Uses Step |
| .github/workflows/mend.yml:22:9:29:6 | Uses Step | .github/workflows/mend.yml:29:9:33:28 | Uses Step |
| .github/workflows/priv_pull_request_checkout.yml:14:9:20:6 | Uses Step | .github/workflows/priv_pull_request_checkout.yml:20:9:23:52 | Run Step |
| .github/workflows/test1.yml:18:9:21:6 | Uses Step | .github/workflows/test1.yml:21:9:24:6 | Run Step |
| .github/workflows/test1.yml:18:9:21:6 | Uses Step | .github/workflows/test1.yml:24:9:25:39 | Run Step |
| .github/workflows/test1.yml:21:9:24:6 | Run Step | .github/workflows/test1.yml:24:9:25:39 | Run Step |
| .github/workflows/test2.yml:13:9:16:6 | Uses Step | .github/workflows/test2.yml:16:9:20:52 | Uses Step |
| .github/workflows/test3.yml:28:9:33:6 | Uses Step | .github/workflows/test3.yml:33:9:35:6 | Run Step |
| .github/workflows/test3.yml:28:9:33:6 | Uses Step | .github/workflows/test3.yml:35:9:41:63 | Uses Step |
| .github/workflows/test3.yml:33:9:35:6 | Run Step | .github/workflows/test3.yml:35:9:41:63 | Uses Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:25:7:31:4 | Uses Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:31:7:33:4 | Uses Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:33:7:38:4 | Uses Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:38:7:40:4 | Run Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:40:7:41:4 | Run Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:18:7:25:4 | Uses Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:31:7:33:4 | Uses Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:33:7:38:4 | Uses Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:38:7:40:4 | Run Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:40:7:41:4 | Run Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:25:7:31:4 | Uses Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:33:7:38:4 | Uses Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:38:7:40:4 | Run Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:40:7:41:4 | Run Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:31:7:33:4 | Uses Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:33:7:38:4 | Uses Step | .github/workflows/test4.yml:38:7:40:4 | Run Step |
| .github/workflows/test4.yml:33:7:38:4 | Uses Step | .github/workflows/test4.yml:40:7:41:4 | Run Step |
| .github/workflows/test4.yml:33:7:38:4 | Uses Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:33:7:38:4 | Uses Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:33:7:38:4 | Uses Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:38:7:40:4 | Run Step | .github/workflows/test4.yml:40:7:41:4 | Run Step |
| .github/workflows/test4.yml:38:7:40:4 | Run Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:38:7:40:4 | Run Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:38:7:40:4 | Run Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:40:7:41:4 | Run Step | .github/workflows/test4.yml:41:7:42:4 | Run Step |
| .github/workflows/test4.yml:40:7:41:4 | Run Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:40:7:41:4 | Run Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:41:7:42:4 | Run Step | .github/workflows/test4.yml:42:7:43:4 | Run Step |
| .github/workflows/test4.yml:41:7:42:4 | Run Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/test4.yml:42:7:43:4 | Run Step | .github/workflows/test4.yml:43:7:46:39 | Uses Step |
| .github/workflows/unpinned_tags.yml:9:7:10:4 | Uses Step | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:9:7:10:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:11:61 | Uses Step |
| .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:11:61 | Uses Step |
| .github/workflows/untrusted_checkout2.yml:7:9:14:6 | Run Step: pr_number | .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step |
| .github/workflows/untrusted_checkout.yml:10:9:13:6 | Uses Step | .github/workflows/untrusted_checkout.yml:13:9:16:6 | Uses Step |
| .github/workflows/untrusted_checkout.yml:10:9:13:6 | Uses Step | .github/workflows/untrusted_checkout.yml:16:9:20:6 | Uses Step |
| .github/workflows/untrusted_checkout.yml:10:9:13:6 | Uses Step | .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step |
| .github/workflows/untrusted_checkout.yml:13:9:16:6 | Uses Step | .github/workflows/untrusted_checkout.yml:16:9:20:6 | Uses Step |
| .github/workflows/untrusted_checkout.yml:13:9:16:6 | Uses Step | .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step |
| .github/workflows/untrusted_checkout.yml:16:9:20:6 | Uses Step | .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step |
| .github/workflows/workflow_run_untrusted_checkout.yml:13:9:16:6 | Uses Step | .github/workflows/workflow_run_untrusted_checkout.yml:16:9:18:31 | Uses Step |
#select
| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/level0.yml:107:9:112:2 | Run Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/level0.yml:133:9:135:23 | Run Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/mend.yml:29:9:33:28 | Uses Step | .github/workflows/mend.yml:22:9:29:6 | Uses Step | .github/workflows/mend.yml:29:9:33:28 | Uses Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step | .github/workflows/untrusted_checkout.yml:10:9:13:6 | Uses Step | .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |
| .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step | .github/workflows/untrusted_checkout.yml:13:9:16:6 | Uses Step | .github/workflows/untrusted_checkout.yml:20:9:22:23 | Run Step | Potential unsafe checkout of untrusted code on a privileged workflow. |