From e1d6c7dac413e8d0b6564678998613797097468c Mon Sep 17 00:00:00 2001 From: jorgectf Date: Wed, 21 Feb 2024 15:29:27 +0100 Subject: [PATCH 1/2] Add some steps --- ql/lib/ext/akhileshns_heroku-deploy.model.yml | 6 ++++++ ql/lib/ext/android-actions_setup-android.model.yml | 6 ++++++ .../ext/apple-actions_import-codesign-certs.model.yml | 6 ++++++ .../ashley-taylor_read-json-property-action.model.yml | 6 ++++++ .../ext/ashley-taylor_regex-property-action.model.yml | 7 +++++++ ql/lib/ext/aszc_change-string-case-action.model.yml | 8 ++++++++ .../aws-actions_configure-aws-credentials.model.yml | 11 +++++++++++ ql/lib/ext/bobheadxi_deployments.model.yml | 6 ++++++ ql/lib/ext/bufbuild_buf-breaking-action.model.yml | 6 ++++++ ql/lib/ext/bufbuild_buf-lint-action.model.yml | 6 ++++++ ql/lib/ext/cachix_cachix-action.model.yml | 6 ++++++ ql/lib/ext/coursier_cache-action.model.yml | 6 ++++++ ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml | 6 ++++++ ql/lib/ext/csexton_release-asset-action.model.yml | 6 ++++++ ql/lib/ext/delaguardo_setup-clojure.model.yml | 6 ++++++ ql/lib/ext/frabert_replace-string-action.model.yml | 4 ++-- .../ext/franzdiebold_github-env-vars-action.model.yml | 7 +++++++ ql/lib/ext/game-ci_unity-test-runner.model.yml | 6 ++++++ ql/lib/ext/getsentry_action-release.model.yml | 7 +++++++ ql/lib/ext/github_codeql-action.model.yml | 6 ++++++ ql/lib/ext/gradle_gradle-build-action.model.yml | 8 ++++++++ ql/lib/ext/haya14busa_action-cond.model.yml | 7 +++++++ ql/lib/ext/hexlet_project-action.model.yml | 6 ++++++ ql/lib/ext/jsdaniell_create-json.model.yml | 8 ++++++++ ql/lib/ext/jwalton_gh-ecr-push.model.yml | 6 ++++++ .../ext/khan_pull-request-comment-trigger.model.yml | 7 +++++++ ...ner_circleci-artifacts-redirector-action.model.yml | 6 ++++++ .../mad9000_actions-find-and-replace-string.model.yml | 4 ++-- ql/lib/ext/mattdavis0351_actions.model.yml | 7 +++++++ .../ext/metro-digital_setup-tools-for-waas.model.yml | 6 ++++++ ql/lib/ext/mishakav_pytest-coverage-comment.model.yml | 6 ++++++ ql/lib/ext/mymindstorm_setup-emsdk.model.yml | 6 ++++++ ql/lib/ext/ruby_setup-ruby.model.yml | 6 ++++++ ...alsify_action-detect-and-tag-new-version.model.yml | 6 ++++++ ql/lib/ext/shallwefootball_upload-s3-action.model.yml | 6 ++++++ ql/lib/ext/shogo82148_actions-setup-perl.model.yml | 6 ++++++ ql/lib/ext/suisei-cn_actions-download-file.model.yml | 6 ++++++ ql/lib/ext/timheuer_base64-to-file.model.yml | 7 +++++++ ql/lib/ext/tzkhan_pr-update-action.model.yml | 6 ++++++ ql/lib/ext/xt0rted_slash-command-action.model.yml | 7 +++++++ 40 files changed, 251 insertions(+), 4 deletions(-) create mode 100644 ql/lib/ext/akhileshns_heroku-deploy.model.yml create mode 100644 ql/lib/ext/android-actions_setup-android.model.yml create mode 100644 ql/lib/ext/apple-actions_import-codesign-certs.model.yml create mode 100644 ql/lib/ext/ashley-taylor_read-json-property-action.model.yml create mode 100644 ql/lib/ext/ashley-taylor_regex-property-action.model.yml create mode 100644 ql/lib/ext/aszc_change-string-case-action.model.yml create mode 100644 ql/lib/ext/aws-actions_configure-aws-credentials.model.yml create mode 100644 ql/lib/ext/bobheadxi_deployments.model.yml create mode 100644 ql/lib/ext/bufbuild_buf-breaking-action.model.yml create mode 100644 ql/lib/ext/bufbuild_buf-lint-action.model.yml create mode 100644 ql/lib/ext/cachix_cachix-action.model.yml create mode 100644 ql/lib/ext/coursier_cache-action.model.yml create mode 100644 ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml create mode 100644 ql/lib/ext/csexton_release-asset-action.model.yml create mode 100644 ql/lib/ext/delaguardo_setup-clojure.model.yml create mode 100644 ql/lib/ext/franzdiebold_github-env-vars-action.model.yml create mode 100644 ql/lib/ext/game-ci_unity-test-runner.model.yml create mode 100644 ql/lib/ext/getsentry_action-release.model.yml create mode 100644 ql/lib/ext/github_codeql-action.model.yml create mode 100644 ql/lib/ext/gradle_gradle-build-action.model.yml create mode 100644 ql/lib/ext/haya14busa_action-cond.model.yml create mode 100644 ql/lib/ext/hexlet_project-action.model.yml create mode 100644 ql/lib/ext/jsdaniell_create-json.model.yml create mode 100644 ql/lib/ext/jwalton_gh-ecr-push.model.yml create mode 100644 ql/lib/ext/khan_pull-request-comment-trigger.model.yml create mode 100644 ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml create mode 100644 ql/lib/ext/mattdavis0351_actions.model.yml create mode 100644 ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml create mode 100644 ql/lib/ext/mishakav_pytest-coverage-comment.model.yml create mode 100644 ql/lib/ext/mymindstorm_setup-emsdk.model.yml create mode 100644 ql/lib/ext/ruby_setup-ruby.model.yml create mode 100644 ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml create mode 100644 ql/lib/ext/shallwefootball_upload-s3-action.model.yml create mode 100644 ql/lib/ext/shogo82148_actions-setup-perl.model.yml create mode 100644 ql/lib/ext/suisei-cn_actions-download-file.model.yml create mode 100644 ql/lib/ext/timheuer_base64-to-file.model.yml create mode 100644 ql/lib/ext/tzkhan_pr-update-action.model.yml create mode 100644 ql/lib/ext/xt0rted_slash-command-action.model.yml diff --git a/ql/lib/ext/akhileshns_heroku-deploy.model.yml b/ql/lib/ext/akhileshns_heroku-deploy.model.yml new file mode 100644 index 00000000000..73e49a1fb06 --- /dev/null +++ b/ql/lib/ext/akhileshns_heroku-deploy.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint"] diff --git a/ql/lib/ext/android-actions_setup-android.model.yml b/ql/lib/ext/android-actions_setup-android.model.yml new file mode 100644 index 00000000000..11ea0ae7922 --- /dev/null +++ b/ql/lib/ext/android-actions_setup-android.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/apple-actions_import-codesign-certs.model.yml b/ql/lib/ext/apple-actions_import-codesign-certs.model.yml new file mode 100644 index 00000000000..2fdf6c78d53 --- /dev/null +++ b/ql/lib/ext/apple-actions_import-codesign-certs.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml b/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml new file mode 100644 index 00000000000..fb837050879 --- /dev/null +++ b/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/ashley-taylor_regex-property-action.model.yml b/ql/lib/ext/ashley-taylor_regex-property-action.model.yml new file mode 100644 index 00000000000..d3b929956d1 --- /dev/null +++ b/ql/lib/ext/ashley-taylor_regex-property-action.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint"] + - ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/aszc_change-string-case-action.model.yml b/ql/lib/ext/aszc_change-string-case-action.model.yml new file mode 100644 index 00000000000..f4527cf1b7f --- /dev/null +++ b/ql/lib/ext/aszc_change-string-case-action.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint"] + - ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint"] + - ["aszc/change-string-case-action", "*", "input.replace-with", "output.lowercase", "taint"] diff --git a/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml b/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml new file mode 100644 index 00000000000..f9510094295 --- /dev/null +++ b/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "env.AWS_SECRET_ACCESS_KEY", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "secret.AWS_SECRET_ACCESS_KEY", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "env.AWS_SESSION_TOKEN", "taint"] + - ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "secret.AWS_SESSION_TOKEN", "taint"] diff --git a/ql/lib/ext/bobheadxi_deployments.model.yml b/ql/lib/ext/bobheadxi_deployments.model.yml new file mode 100644 index 00000000000..a458e229e04 --- /dev/null +++ b/ql/lib/ext/bobheadxi_deployments.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["bobheadxi/deployments", "*", "input.env", "output.env", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/bufbuild_buf-breaking-action.model.yml b/ql/lib/ext/bufbuild_buf-breaking-action.model.yml new file mode 100644 index 00000000000..a6cfbb6ee9e --- /dev/null +++ b/ql/lib/ext/bufbuild_buf-breaking-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/bufbuild_buf-lint-action.model.yml b/ql/lib/ext/bufbuild_buf-lint-action.model.yml new file mode 100644 index 00000000000..9fb754ea9e1 --- /dev/null +++ b/ql/lib/ext/bufbuild_buf-lint-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/cachix_cachix-action.model.yml b/ql/lib/ext/cachix_cachix-action.model.yml new file mode 100644 index 00000000000..bd9563317fb --- /dev/null +++ b/ql/lib/ext/cachix_cachix-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/coursier_cache-action.model.yml b/ql/lib/ext/coursier_cache-action.model.yml new file mode 100644 index 00000000000..951a297207d --- /dev/null +++ b/ql/lib/ext/coursier_cache-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml b/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml new file mode 100644 index 00000000000..ab6458028a5 --- /dev/null +++ b/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/csexton_release-asset-action.model.yml b/ql/lib/ext/csexton_release-asset-action.model.yml new file mode 100644 index 00000000000..084e3328dc8 --- /dev/null +++ b/ql/lib/ext/csexton_release-asset-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint"] diff --git a/ql/lib/ext/delaguardo_setup-clojure.model.yml b/ql/lib/ext/delaguardo_setup-clojure.model.yml new file mode 100644 index 00000000000..b2872259fe9 --- /dev/null +++ b/ql/lib/ext/delaguardo_setup-clojure.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint"] diff --git a/ql/lib/ext/frabert_replace-string-action.model.yml b/ql/lib/ext/frabert_replace-string-action.model.yml index 76ce81b394e..79fd5c76e4a 100644 --- a/ql/lib/ext/frabert_replace-string-action.model.yml +++ b/ql/lib/ext/frabert_replace-string-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/actions-all extensible: summaryModel data: - - ["frabert/replace-string-action", "*", "string", "replaced", "taint"] - - ["frabert/replace-string-action", "*", "replace-with", "replaced", "taint"] + - ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint"] + - ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint"] diff --git a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml new file mode 100644 index 00000000000..8475cb66c02 --- /dev/null +++ b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: sourceModel + data: + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "pull_request", "PR body"] + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "pull_request", "PR title"] diff --git a/ql/lib/ext/game-ci_unity-test-runner.model.yml b/ql/lib/ext/game-ci_unity-test-runner.model.yml new file mode 100644 index 00000000000..a0d4b357b5a --- /dev/null +++ b/ql/lib/ext/game-ci_unity-test-runner.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint"] diff --git a/ql/lib/ext/getsentry_action-release.model.yml b/ql/lib/ext/getsentry_action-release.model.yml new file mode 100644 index 00000000000..d416a71c91d --- /dev/null +++ b/ql/lib/ext/getsentry_action-release.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["getsentry/action-release", "*", "input.version", "output.version", "taint"] + - ["getsentry/action-release", "*", "input.version_prefix", "output.version", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/github_codeql-action.model.yml b/ql/lib/ext/github_codeql-action.model.yml new file mode 100644 index 00000000000..3710f7e07b8 --- /dev/null +++ b/ql/lib/ext/github_codeql-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["github/codeql-action", "*", "input.output", "output.sarif-output", "taint"] diff --git a/ql/lib/ext/gradle_gradle-build-action.model.yml b/ql/lib/ext/gradle_gradle-build-action.model.yml new file mode 100644 index 00000000000..6ea8a6c6800 --- /dev/null +++ b/ql/lib/ext/gradle_gradle-build-action.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["gradle/gradle-build-action", "*", "input.cache-encryption-key", "env.GRADLE_ENCRYPTION_KEY", "taint"] + - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-agree", "env.BUILD_SCAN_TERMS_OF_SERVICE_AGREE", "taint"] + - ["gradle/gradle-build-action", "*", "input.build-scan-terms-of-service-url", "env.BUILD_SCAN_TERMS_OF_SERVICE_URL", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/haya14busa_action-cond.model.yml b/ql/lib/ext/haya14busa_action-cond.model.yml new file mode 100644 index 00000000000..f0e0752b735 --- /dev/null +++ b/ql/lib/ext/haya14busa_action-cond.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["haya14busa/action-cond", "*", "input.if_true", "output.value", "taint"] + - ["haya14busa/action-cond", "*", "input.if_false", "output.value", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/hexlet_project-action.model.yml b/ql/lib/ext/hexlet_project-action.model.yml new file mode 100644 index 00000000000..4499d91cab6 --- /dev/null +++ b/ql/lib/ext/hexlet_project-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["hexlet/project-action", "*", "input.mount-path", "env.PWD", "taint"] diff --git a/ql/lib/ext/jsdaniell_create-json.model.yml b/ql/lib/ext/jsdaniell_create-json.model.yml new file mode 100644 index 00000000000..a0f59b9e38b --- /dev/null +++ b/ql/lib/ext/jsdaniell_create-json.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["jsdaniell/create-json", "*", "input.name", "output.successfully", "taint"] + - ["jsdaniell/create-json", "*", "input.json", "output.successfully", "taint"] + - ["jsdaniell/create-json", "*", "input.dir", "output.successfully", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/jwalton_gh-ecr-push.model.yml b/ql/lib/ext/jwalton_gh-ecr-push.model.yml new file mode 100644 index 00000000000..8ae3bb0035d --- /dev/null +++ b/ql/lib/ext/jwalton_gh-ecr-push.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["jwalton/gh-ecr-push", "*", "input.image", "output.imageUrl", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/khan_pull-request-comment-trigger.model.yml b/ql/lib/ext/khan_pull-request-comment-trigger.model.yml new file mode 100644 index 00000000000..d95c69bc5b1 --- /dev/null +++ b/ql/lib/ext/khan_pull-request-comment-trigger.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: sourceModel + data: + - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "issue_comment", ""] + - ["khan/pull-request-comment-trigger", "*", "output.comment_body", "pull_request_comment", ""] \ No newline at end of file diff --git a/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml b/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml new file mode 100644 index 00000000000..3c60de5bb0a --- /dev/null +++ b/ql/lib/ext/larsoner_circleci-artifacts-redirector-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["larsoner/circleci-artifacts-redirector-action", "*", "input.artifact-path", "output.url", "taint"] diff --git a/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml b/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml index 46a577d2f7e..8358159bd40 100644 --- a/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml +++ b/ql/lib/ext/mad9000_actions-find-and-replace-string.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/actions-all extensible: summaryModel data: - - ["mad9000/actions-find-and-replace-string", "*", "source", "value", "taint"] - - ["mad9000/actions-find-and-replace-string", "*", "replace", "value", "taint"] \ No newline at end of file + - ["mad9000/actions-find-and-replace-string", "*", "input.source", "output.value", "taint"] + - ["mad9000/actions-find-and-replace-string", "*", "input.replace", "output.value", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/mattdavis0351_actions.model.yml b/ql/lib/ext/mattdavis0351_actions.model.yml new file mode 100644 index 00000000000..54302b86e83 --- /dev/null +++ b/ql/lib/ext/mattdavis0351_actions.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["mattdavis0351/actions", "*", "input.image-name", "output.imageUrl", "taint"] + - ["mattdavis0351/actions", "*", "input.tag", "output.imageUrl", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml b/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml new file mode 100644 index 00000000000..7904383d707 --- /dev/null +++ b/ql/lib/ext/metro-digital_setup-tools-for-waas.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["metro-digital/setup-tools-for-waas", "*", "input.gcp_sa_key", "env.GCLOUD_PROJECT", "taint"] diff --git a/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml b/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml new file mode 100644 index 00000000000..0c283016c86 --- /dev/null +++ b/ql/lib/ext/mishakav_pytest-coverage-comment.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["mishakav/pytest-coverage-comment", "*", "input.multiple-files", "output.summaryReport", "taint"] diff --git a/ql/lib/ext/mymindstorm_setup-emsdk.model.yml b/ql/lib/ext/mymindstorm_setup-emsdk.model.yml new file mode 100644 index 00000000000..2694ec2c453 --- /dev/null +++ b/ql/lib/ext/mymindstorm_setup-emsdk.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["mymindstorm/setup-emsdk", "*", "input.actions-cache-folder", "env.EMSDK", "taint"] diff --git a/ql/lib/ext/ruby_setup-ruby.model.yml b/ql/lib/ext/ruby_setup-ruby.model.yml new file mode 100644 index 00000000000..aee6172b591 --- /dev/null +++ b/ql/lib/ext/ruby_setup-ruby.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["ruby/setup-ruby", "*", "input.ruby-version", "output.ruby-prefix", "taint"] diff --git a/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml b/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml new file mode 100644 index 00000000000..2167b16c7ba --- /dev/null +++ b/ql/lib/ext/salsify_action-detect-and-tag-new-version.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["salsify/action-detect-and-tag-new-version", "*", "input.tag-template", "output.tag", "taint"] diff --git a/ql/lib/ext/shallwefootball_upload-s3-action.model.yml b/ql/lib/ext/shallwefootball_upload-s3-action.model.yml new file mode 100644 index 00000000000..d90d7109fc2 --- /dev/null +++ b/ql/lib/ext/shallwefootball_upload-s3-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["shallwefootball/upload-s3-action", "*", "input.destination_dir", "output.object_key", "taint"] diff --git a/ql/lib/ext/shogo82148_actions-setup-perl.model.yml b/ql/lib/ext/shogo82148_actions-setup-perl.model.yml new file mode 100644 index 00000000000..20a412fd9b7 --- /dev/null +++ b/ql/lib/ext/shogo82148_actions-setup-perl.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["shogo82148/actions-setup-perl", "*", "input.working-directory", "env.PERL5LIB", "taint"] diff --git a/ql/lib/ext/suisei-cn_actions-download-file.model.yml b/ql/lib/ext/suisei-cn_actions-download-file.model.yml new file mode 100644 index 00000000000..8d0731c9792 --- /dev/null +++ b/ql/lib/ext/suisei-cn_actions-download-file.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["suisei-cn/actions-download-file", "*", "input.filename", "output.filename", "taint"] diff --git a/ql/lib/ext/timheuer_base64-to-file.model.yml b/ql/lib/ext/timheuer_base64-to-file.model.yml new file mode 100644 index 00000000000..9364fd74752 --- /dev/null +++ b/ql/lib/ext/timheuer_base64-to-file.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: summaryModel + data: + - ["timheuer/base64-to-file", "*", "input.fileName", "output.filePath", "taint"] + - ["timheuer/base64-to-file", "*", "input.fileDir", "output.filePath", "taint"] \ No newline at end of file diff --git a/ql/lib/ext/tzkhan_pr-update-action.model.yml b/ql/lib/ext/tzkhan_pr-update-action.model.yml new file mode 100644 index 00000000000..f16b69c7af9 --- /dev/null +++ b/ql/lib/ext/tzkhan_pr-update-action.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: sourceModel + data: + - ["tzkhan/pr-update-action", "*", "output.headMatch", "pull_request_target", ""] diff --git a/ql/lib/ext/xt0rted_slash-command-action.model.yml b/ql/lib/ext/xt0rted_slash-command-action.model.yml new file mode 100644 index 00000000000..59a4c5b5652 --- /dev/null +++ b/ql/lib/ext/xt0rted_slash-command-action.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: sourceModel + data: + - ["xt0rted/slash-command-action", "*", "output.command-arguments", "issue_comment", ""] + - ["xt0rted/slash-command-action", "*", "output.command-arguments", "pull_request_comment", ""] From 9e2be7d67445a3f9ff64ae614ac689b4dabb5b77 Mon Sep 17 00:00:00 2001 From: Jorge <46056498+jorgectf@users.noreply.github.com> Date: Wed, 21 Feb 2024 17:27:39 +0100 Subject: [PATCH 2/2] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Alvaro Muñoz --- ql/lib/ext/franzdiebold_github-env-vars-action.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml index 8475cb66c02..c08e6f1b396 100644 --- a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml +++ b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/actions-all extensible: sourceModel data: - - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "pull_request", "PR body"] - - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "pull_request", "PR title"] + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "pull_request_target", "PR body"] + - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "pull_request_target", "PR title"]