mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Add change notes and test workflow file.
This commit is contained in:
AdnaneKhan
4
actions/ql/lib/change-notes/2025-07-08.md
Normal file
4
actions/ql/lib/change-notes/2025-07-08.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
|
||||
22
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoison93.yml
vendored
Normal file
22
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/artifactpoison93.yml
vendored
Normal file
@@ -0,0 +1,22 @@
|
||||
name: Secure Workflow
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["Prev"]
|
||||
types:
|
||||
- completed
|
||||
|
||||
jobs:
|
||||
Download:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- run: mkdir -p ${{ runner.temp }}/artifacts/
|
||||
- uses: dawidd6/action-download-artifact@v2
|
||||
with:
|
||||
name: pr_number
|
||||
path: ${{ runner.temp }}/artifacts/
|
||||
|
||||
- name: Run command
|
||||
run: |
|
||||
sh cmd.sh
|
||||
Reference in New Issue
Block a user