hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

qhelp

Browse Source
This commit is contained in:
Jaroslav Lobačevski
2021-03-15 18:47:45 +02:00
parent de6ed1dcb9
commit 87ea442a78
3 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.qhelp
View File

@@ -46,12 +46,13 @@
<p>
The following examples use two triggers to handle potentially untrusted
pull request in a secure manner:
The following example uses two workflows to handle potentially untrusted
pull request in a secure manner. The receive_pr.yml is triggered first:
</p>
<sample src="examples/receive_pr.yml" />
<p>The comment_pr.yml is triggered after receive_pr.yml completes:</p>
<sample src="examples/comment_pr.yml" />
</example>

1
javascript/ql/src/experimental/Security/CWE-094/examples/comment_pr.yml
View File

@@ -1,4 +1,3 @@
# comment_pr.yml
name: Comment on the pull request
# read-write repo token

1
javascript/ql/src/experimental/Security/CWE-094/examples/receive_pr.yml
View File

@@ -1,4 +1,3 @@
# receive_pr.yml
name: Receive PR
# read-only repo token