hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

github actions queries

Browse Source
This commit is contained in:
Jaroslav Lobačevski
2021-03-05 18:05:42 +02:00
parent d685aff5e2
commit 673e64909a
26 changed files with 946 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/comment_issue.yml vendored Normal file
View File

@@ -0,0 +1,8 @@
on: issue_comment
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- run: |
echo '${{ github.event.comment.body }}'

38
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_if_job.yml vendored Normal file
View File

@@ -0,0 +1,38 @@
on:
pull_request_target:
jobs:
job1:
if: contains(github.event.issue.labels.*.name, 'ok')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
job2:
if: github.event.label.name == 'ok'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
job3:
if: github.actor == 'ok'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
job4:
if: github.actor == 'ok' || true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
job5:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

31
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_if_step.yml vendored Normal file
View File

@@ -0,0 +1,31 @@
on:
pull_request_target:
jobs:
job1:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
if: contains(github.event.issue.labels.*.name, 'ok')
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@v2
if: github.event.label.name == 'ok'
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@v2
if: github.actor == 'ok'
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@v2
if: github.actor == 'ok' || true
with:
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

12
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_label_only.yml vendored Normal file
View File

@@ -0,0 +1,12 @@
on:
pull_request_target:
types: [labeled]
push:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

13
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_label_only_mapping.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
on:
pull_request_target:
types:
labeled:
push:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

15
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_labels_mapping.yml vendored Normal file
View File

@@ -0,0 +1,15 @@
on:
pull_request_target:
types:
labeled:
opened:
closed:
push:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

12
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_labels_sequence.yml vendored Normal file
View File

@@ -0,0 +1,12 @@
on:
pull_request_target:
types: [labeled, opened]
push:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

10
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_mapping.yml vendored Normal file
View File

@@ -0,0 +1,10 @@
on:
pull_request_target:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

10
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_master.yml vendored Normal file
View File

@@ -0,0 +1,10 @@
on:
pull_request_target:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: master

11
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_run.yml vendored Normal file
View File

@@ -0,0 +1,11 @@
on: pull_request_target
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
- run: make

9
javascript/ql/test/experimental/Security/CWE-829/.github/workflows/pull_request_target_sequence.yml vendored Normal file
View File

@@ -0,0 +1,9 @@
on: [pull_request_target, push]
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}

1
javascript/ql/test/experimental/Security/CWE-829/empty.js Normal file
View File

@@ -0,0 +1 @@
console.log('test')

1
javascript/ql/test/experimental/Security/CWE-829/expression_injection.expected Normal file
View File

@@ -0,0 +1 @@
| .github/workflows/comment_issue.yml:7:12:8:47 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. |

1
javascript/ql/test/experimental/Security/CWE-829/expression_injection.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE-829/expression_injection.ql

9
javascript/ql/test/experimental/Security/CWE-829/pull_request_target.expected Normal file
View File

@@ -0,0 +1,9 @@
| .github/workflows/pull_request_target_if_job.yml:30:7:33:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_job.yml:36:7:38:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_step.yml:24:7:29:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_if_step.yml:29:7:31:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_labels_mapping.yml:13:7:15:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_labels_sequence.yml:10:7:12:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_mapping.yml:8:7:10:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_run.yml:7:7:11:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |
| .github/workflows/pull_request_target_sequence.yml:7:7:9:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on `pull_request_target` |

1
javascript/ql/test/experimental/Security/CWE-829/pull_request_target.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE-829/pull_request_target.ql