hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: remove context 2 events mappings

Browse Source 
client_paylaod (dispatch), commits (push), head_commit (push) and
merge_group are not under external attacker control so remove them
This commit is contained in:
Alvaro Muñoz
2024-10-28 11:56:59 +01:00
parent 62d9302e8b
commit 792e8555af
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ql/lib/ext/config/context_event_map.yml
View File

@@ -40,14 +40,10 @@ extensions:
- ["workflow_run", "github.event.workflow_run"]
- ["workflow_run", "github.event.changes"]
# workflow_call receives the same event payload as the calling workflow
- ["workflow_call", "github.event.client_payload"]
- ["workflow_call", "github.event.comment"]
- ["workflow_call", "github.event.commits"]
- ["workflow_call", "github.event.discussion"]
- ["workflow_call", "github.event.head_commit"]
- ["workflow_call", "github.event.inputs"]
- ["workflow_call", "github.event.issue"]
- ["workflow_call", "github.event.merge_group"]
- ["workflow_call", "github.event.pages"]
- ["workflow_call", "github.event.pull_request"]
- ["workflow_call", "github.event.review"]