hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make predicate name clearer

Browse Source
This commit is contained in:
jarlob
2023-04-14 01:05:21 +02:00
parent 79218a3946
commit 94065764d5
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
View File

@@ -104,11 +104,11 @@ private predicate isExternalUserControlledWorkflowRun(string context) {
}
/**
* Holds if the env variable name in `${{ env.name }}`
* is where the external user controlled value was assigned to.
* Holds if environment name in the `injection` (in a form of `env.name`)
* is tainted by the `context` (in a form of `github.event.xxx.xxx`).
*/
bindingset[injection]
predicate isEnvTainted(string injection, string context) {
predicate isEnvInterpolationTainted(string injection, string context) {
exists(Actions::Env env, string envName, YamlString envValue |
envValue = env.lookup(envName) and
Actions::getEnvName(injection) = envName and
@@ -125,7 +125,7 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) {
(
injection = context
or
isEnvTainted(injection, context)
isEnvInterpolationTainted(injection, context)
)
}
@@ -142,7 +142,7 @@ predicate isScriptInjectable(Actions::Script script, string injection, string co
(
injection = context
or
isEnvTainted(injection, context)
isEnvInterpolationTainted(injection, context)
)
)
}