From 956b5bf6d661f5fd271637822ef2aa4c9ccb408d Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Thu, 13 Mar 2025 17:01:10 -0700 Subject: [PATCH] Actions: Fix typos in query names for env var injection This will reflect in the UI titles of existing and new alerts once shipped but should not churn any existing alerts. --- actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql | 2 +- actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql | 2 +- actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql | 2 +- actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql | 2 +- .../src/change-notes/2025-03-13-environment-query-names.md | 6 ++++++ 5 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 actions/ql/src/change-notes/2025-03-13-environment-query-names.md diff --git a/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql b/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql index 3bb1558788a..3e6d63a4604 100644 --- a/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql +++ b/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql @@ -1,5 +1,5 @@ /** - * @name PATH Enviroment Variable built from user-controlled sources + * @name PATH environment variable built from user-controlled sources * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql b/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql index b49cfb08225..9ea65c6d2ff 100644 --- a/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql @@ -1,5 +1,5 @@ /** - * @name PATH Enviroment Variable built from user-controlled sources + * @name PATH environment variable built from user-controlled sources * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql b/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql index 13086c63080..28ad3b5b5d2 100644 --- a/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql +++ b/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql @@ -1,5 +1,5 @@ /** - * @name Enviroment Variable built from user-controlled sources + * @name Environment variable built from user-controlled sources * @description Building an environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql b/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql index a3285b2e945..8bfd174e8f0 100644 --- a/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql @@ -1,5 +1,5 @@ /** - * @name Enviroment Variable built from user-controlled sources + * @name Environment variable built from user-controlled sources * @description Building an environment variable from user-controlled sources may alter the execution of following system commands * @kind path-problem * @problem.severity error diff --git a/actions/ql/src/change-notes/2025-03-13-environment-query-names.md b/actions/ql/src/change-notes/2025-03-13-environment-query-names.md new file mode 100644 index 00000000000..c0594fc6bee --- /dev/null +++ b/actions/ql/src/change-notes/2025-03-13-environment-query-names.md @@ -0,0 +1,6 @@ +--- +category: fix +--- +* Fixed typos in the query and alert titles for the queries + `actions/envpath-injection/critical`, `actions/envpath-injection/medium`, + `actions/envvar-injection/critical`, and `actions/envvar-injection/medium`. \ No newline at end of file