hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix query

Browse Source 
Forgot to move the `and`.
This commit is contained in:
martincostello
2025-02-14 13:36:09 +00:00
parent 9a7ed7f3f7
commit 5d2409e652
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
View File

@@ -40,8 +40,8 @@ where
) and
uses.getVersion() = version and
not isTrustedOwner(nwo) and
not if isContainerImage(nwo) then isPinnedContainer(version) else isPinnedCommit(version)
not isImmutableAction(uses, nwo) and
not if isContainerImage(nwo) then isPinnedContainer(version) else isPinnedCommit(version) and
not isImmutableAction(uses, nwo)
select uses.getCalleeNode(),
"Unpinned 3rd party Action '" + name + "' step $@ uses '" + nwo + "' with ref '" + version +
"', not a pinned commit hash", uses, uses.toString()