Move from yaml to js extractor

2025-12-28 14:46:33 +01:00 · 2024-06-03 18:13:01 +02:00
parent 88465bd0e3
commit a5c6df3070
755 changed files with 819 additions and 898 deletions
--- a/.!79690!.DS_Store
+++ b/.!79690!.DS_Store
--- a/ql/lib/codeql-pack.lock.yml
+++ b/ql/lib/codeql-pack.lock.yml
@@ -2,15 +2,25 @@
 lockVersion: 1.0.0
 dependencies:
  codeql/controlflow:
-    version: 0.1.8
+    version: 0.1.16
  codeql/dataflow:
-    version: 0.1.8
+    version: 0.2.7
+  codeql/javascript-all:
+    version: 0.9.1
+  codeql/mad:
+    version: 0.2.16
+  codeql/regex:
+    version: 0.2.16
  codeql/ssa:
-    version: 0.2.8
+    version: 0.2.16
+  codeql/tutorial:
+    version: 0.2.16
  codeql/typetracking:
-    version: 0.2.8
+    version: 0.2.16
  codeql/util:
-    version: 0.2.8
+    version: 0.2.16
+  codeql/xml:
+    version: 0.0.3
  codeql/yaml:
-    version: 0.1.5
+    version: 0.2.16
 compiled: false
--- a/ql/lib/codeql/actions/dataflow/ExternalFlow.qll
+++ b/ql/lib/codeql/actions/dataflow/ExternalFlow.qll
@@ -55,8 +55,8 @@ predicate externallyTriggerableEventsDataModel(string event) {
 *    - output arg: To node (prefixed with either `env.` or `output.`)
 *    - provenance: verification of the model
 */
-predicate sourceModel(string action, string version, string output, string kind, string provenance) {
-  Extensions::sourceModel(action, version, output, kind, provenance)
+predicate actionsSourceModel(string action, string version, string output, string kind, string provenance) {
+  Extensions::actionsSourceModel(action, version, output, kind, provenance)
 }

 /**
@@ -69,10 +69,10 @@ predicate sourceModel(string action, string version, string output, string kind,
 *    - kind: Either 'Taint' or 'Value'
 *    - provenance: verification of the model
 */
-predicate summaryModel(
+predicate actionsSummaryModel(
  string action, string version, string input, string output, string kind, string provenance
 ) {
-  Extensions::summaryModel(action, version, input, output, kind, provenance)
+  Extensions::actionsSummaryModel(action, version, input, output, kind, provenance)
 }

 /**
@@ -84,13 +84,13 @@ predicate summaryModel(
 *    - kind: sink kind
 *    - provenance: verification of the model
 */
-predicate sinkModel(string action, string version, string input, string kind, string provenance) {
-  Extensions::sinkModel(action, version, input, kind, provenance)
+predicate actionsSinkModel(string action, string version, string input, string kind, string provenance) {
+  Extensions::actionsSinkModel(action, version, input, kind, provenance)
 }

 predicate externallyDefinedSource(DataFlow::Node source, string sourceType, string fieldName) {
  exists(Uses uses, string action, string version, string kind |
-    sourceModel(action, version, fieldName, kind, _) and
+    actionsSourceModel(action, version, fieldName, kind, _) and
    uses.getCallee() = action.toLowerCase() and
    (
      if version.trim() = "*"
@@ -113,7 +113,7 @@ predicate externallyDefinedStoreStep(
  DataFlow::Node pred, DataFlow::Node succ, DataFlow::ContentSet c
 ) {
  exists(Uses uses, string action, string version, string input, string output |
-    summaryModel(action, version, input, output, "taint", _) and
+    actionsSummaryModel(action, version, input, output, "taint", _) and
    c = any(DataFlow::FieldContent ct | ct.getName() = output.replaceAll("output.", "")) and
    uses.getCallee() = action.toLowerCase() and
    (
@@ -135,7 +135,7 @@ predicate externallyDefinedStoreStep(

 predicate externallyDefinedSink(DataFlow::Node sink, string kind) {
  exists(Uses uses, string action, string version, string input |
-    sinkModel(action, version, input, kind, _) and
+    actionsSinkModel(action, version, input, kind, _) and
    uses.getCallee() = action.toLowerCase() and
    (
      if input.trim().matches("env.%")
--- a/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll
+++ b/ql/lib/codeql/actions/dataflow/internal/ExternalFlowExtensions.qll
@@ -5,21 +5,21 @@
 /**
 * Holds if a source model exists for the given parameters.
 */
-extensible predicate sourceModel(
+extensible predicate actionsSourceModel(
  string action, string version, string output, string kind, string provenance
 );

 /**
 * Holds if a summary model exists for the given parameters.
 */
-extensible predicate summaryModel(
+extensible predicate actionsSummaryModel(
  string action, string version, string input, string output, string kind, string provenance
 );

 /**
 * Holds if a sink model exists for the given parameters.
 */
-extensible predicate sinkModel(
+extensible predicate actionsSinkModel(
  string action, string version, string input, string kind, string provenance
 );

--- a/ql/lib/ext/8398a7_action-slack.model.yml
+++ b/ql/lib/ext/8398a7_action-slack.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["8398a7/action-slack", "*", "input.custom_payload", "code-injection", "manual"]
--- a/ql/lib/ext/SonarSource_sonarcloud-github-action.model.yml
+++ b/ql/lib/ext/SonarSource_sonarcloud-github-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["SonarSource/sonarcloud-github-action", "*", "input.args", "secret-exfiltration", "manual"]

--- a/ql/lib/ext/actions_github-script.model.yml
+++ b/ql/lib/ext/actions_github-script.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["actions/github-script", "*", "input.script", "code-injection", "manual"]
--- a/ql/lib/ext/ahmadnassri_action-changed-files.model.yml
+++ b/ql/lib/ext/ahmadnassri_action-changed-files.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
    data:
      - ["ahmadnassri/action-changed-files", "*", "output.files", "filename", "manual"]
      - ["ahmadnassri/action-changed-files", "*", "output.json", "json", "manual"]
--- a/ql/lib/ext/akhileshns_heroku-deploy.model.yml
+++ b/ql/lib/ext/akhileshns_heroku-deploy.model.yml
@@ -1,12 +1,12 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint", "manual"]
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection", "manual"]
      - ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection", "manual"]
--- a/ql/lib/ext/amannn_action-semantic-pull-request.model.yml
+++ b/ql/lib/ext/amannn_action-semantic-pull-request.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
    data:
      - ["amannn/action-semantic-pull-request", "*", "output.error_message", "text", "manual"]
--- a/ql/lib/ext/anchore_sbom-action.model.yml
+++ b/ql/lib/ext/anchore_sbom-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["anchore/sbom-action", "*", "input.syft-version", "command-injection", "manual"]
      - ["anchore/sbom-action", "*", "input.format", "command-injection", "manual"]
--- a/ql/lib/ext/anchore_scan-action.model.yml
+++ b/ql/lib/ext/anchore_scan-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["anchore/scan-action", "*", "input.grype-version", "command-injection", "manual"]
--- a/ql/lib/ext/andresz1_size-limit-action.model.yml
+++ b/ql/lib/ext/andresz1_size-limit-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["andresz1/size-limit-action", "*", "input.package_manager", "command-injection", "manual"]
      - ["andresz1/size-limit-action", "*", "input.build_script", "command-injection", "manual"]
--- a/ql/lib/ext/android-actions_setup-android.model.yml
+++ b/ql/lib/ext/android-actions_setup-android.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint", "manual"]
--- a/ql/lib/ext/apple-actions_import-codesign-certs.model.yml
+++ b/ql/lib/ext/apple-actions_import-codesign-certs.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint", "manual"]
--- a/ql/lib/ext/asdf-vm_actions.model.yml
+++ b/ql/lib/ext/asdf-vm_actions.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["asdf-vm/actions", "*", "input.before_install", "command-injection", "manual"]
--- a/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml
+++ b/ql/lib/ext/ashley-taylor_read-json-property-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint", "manual"]
--- a/ql/lib/ext/ashley-taylor_regex-property-action.model.yml
+++ b/ql/lib/ext/ashley-taylor_regex-property-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint", "manual"]
      - ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint", "manual"]
--- a/ql/lib/ext/aszc_change-string-case-action.model.yml
+++ b/ql/lib/ext/aszc_change-string-case-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint", "manual"]
      - ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint", "manual"]
--- a/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml
+++ b/ql/lib/ext/aws-actions_configure-aws-credentials.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint", "manual"]
      - ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint", "manual"]
--- a/ql/lib/ext/axel-op_googlejavaformat-action.model.yml
+++ b/ql/lib/ext/axel-op_googlejavaformat-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["axel-op/googlejavaformat-action", "*", "input.commitMessage", "command-injection", "manual"]
      - ["axel-op/googlejavaformat-action", "*", "input.commit-message", "command-injection", "manual"]
--- a/ql/lib/ext/azure_powershell.model.yml
+++ b/ql/lib/ext/azure_powershell.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["azure/powershell", "*", "input.azPSVersion", "command-injection", "manual"]
--- a/ql/lib/ext/bahmutov_npm-install.model.yml
+++ b/ql/lib/ext/bahmutov_npm-install.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["bahmutov/npm-install", "*", "input.install-command", "command-injection", "manual"]
--- a/ql/lib/ext/blackducksoftware_github-action.model.yml
+++ b/ql/lib/ext/blackducksoftware_github-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["blackducksoftware/github-action", "*", "input.args", "command-injection", "manual"]
      - ["blackducksoftware/github-action", "*", "input.blackduck.url", "command-injection", "manual"]
--- a/ql/lib/ext/bobheadxi_deployments.model.yml
+++ b/ql/lib/ext/bobheadxi_deployments.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["bobheadxi/deployments", "*", "input.env", "output.env", "taint", "manual"]
--- a/ql/lib/ext/bufbuild_buf-breaking-action.model.yml
+++ b/ql/lib/ext/bufbuild_buf-breaking-action.model.yml
@@ -1,12 +1,12 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"]
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["bufbuild/buf-breaking-action", "*", "input.input", "command-injection", "manual"]
      - ["bufbuild/buf-breaking-action", "*", "input.against", "command-injection", "manual"]
--- a/ql/lib/ext/bufbuild_buf-lint-action.model.yml
+++ b/ql/lib/ext/bufbuild_buf-lint-action.model.yml
@@ -1,11 +1,11 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"]
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["bufbuild/buf-lint-action", "*", "input.input", "command-injection", "manual"]
--- a/ql/lib/ext/bufbuild_buf-setup-action.model.yml
+++ b/ql/lib/ext/bufbuild_buf-setup-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["bufbuild/buf-setup-action", "*", "input.buf_domain", "command-injection", "manual"]
      - ["bufbuild/buf-setup-action", "*", "input.buf_user", "command-injection", "manual"]
--- a/ql/lib/ext/cachix_cachix-action.model.yml
+++ b/ql/lib/ext/cachix_cachix-action.model.yml
@@ -1,12 +1,12 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint", "manual"]
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["cachix/cachix-action", "*", "input.installCommand", "command-injection", "manual"]
      - ["cachix/cachix-action", "*", "input.cachixBin", "command-injection", "manual"]
--- a/ql/lib/ext/changesets_action.model.yml
+++ b/ql/lib/ext/changesets_action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["changesets/action", "*", "input.publish", "command-injection", "manual"]
      - ["changesets/action", "*", "input.version", "command-injection", "manual"]
--- a/ql/lib/ext/cloudflare_wrangler-action.model.yml
+++ b/ql/lib/ext/cloudflare_wrangler-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["cloudflare/wrangler-action", "*", "input.preCommands", "command-injection", "manual"]
      - ["cloudflare/wrangler-action", "*", "input.postCommands", "command-injection", "manual"]
--- a/ql/lib/ext/coursier_cache-action.model.yml
+++ b/ql/lib/ext/coursier_cache-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint", "manual"]
--- a/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml
+++ b/ql/lib/ext/crazy-max_ghaction-chocolatey.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["crazy-max/ghaction-chocolatey", "*", "input.args", "command-injection", "manual"]
--- a/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml
+++ b/ql/lib/ext/crazy-max_ghaction-import-gpg.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint", "manual"]
--- a/ql/lib/ext/csexton_release-asset-action.model.yml
+++ b/ql/lib/ext/csexton_release-asset-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint", "manual"]
--- a/ql/lib/ext/cycjimmy_semantic-release-action.model.yml
+++ b/ql/lib/ext/cycjimmy_semantic-release-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["cycjimmy/semantic-release-action", "*", "input.semantic_version", "command-injection", "manual"]
      - ["cycjimmy/semantic-release-action", "*", "input.extra_plugins", "command-injection", "manual"]
--- a/ql/lib/ext/cypress-io_github-action.model.yml
+++ b/ql/lib/ext/cypress-io_github-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
    data:
      - ["cypress-io/github-action", "*", "env.GH_BRANCH", "branch", "manual"]
--- a/ql/lib/ext/dailydotdev_action-devcard.model.yml
+++ b/ql/lib/ext/dailydotdev_action-devcard.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["dailydotdev/action-devcard", "*", "input.commit_branch", "sql-injection", "manual"]
      - ["dailydotdev/action-devcard", "*", "input.commit_filename", "sql-injection", "manual"]
--- a/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml
+++ b/ql/lib/ext/danielpalme_reportgenerator-github-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["danielpalme/reportgenerator-github-action", "*", "input.toolpath", "command-injection", "manual"]
--- a/ql/lib/ext/daspn_private-actions-checkout.model.yml
+++ b/ql/lib/ext/daspn_private-actions-checkout.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["daspn/private-actions-checkout", "*", "input.actions_list", "command-injection", "manual"]
      - ["daspn/private-actions-checkout", "*", "input.checkout_base_path", "command-injection", "manual"]
--- a/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml
+++ b/ql/lib/ext/dawidd6_action-ansible-playbook.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["dawidd6/action-ansible-playbook", "*", "input.playbook", "command-injection", "manual"]
      - ["dawidd6/action-ansible-playbook", "*", "input.options", "command-injection", "manual"]
--- a/ql/lib/ext/dawidd6_action-download-artifact.model.yml
+++ b/ql/lib/ext/dawidd6_action-download-artifact.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
    data:
      - ["dawidd6/action-download-artifact", "*", "output.artifacts", "artifact", "manual"]
--- a/ql/lib/ext/delaguardo_setup-clojure.model.yml
+++ b/ql/lib/ext/delaguardo_setup-clojure.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint", "manual"]
--- a/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml
+++ b/ql/lib/ext/determinatesystems_magic-nix-cache-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["determinatesystems/magic-nix-cache-action", "*", "input.source-url", "command-injection", "manual"]
      - ["determinatesystems/magic-nix-cache-action", "*", "input.source-tag", "command-injection", "manual"]
--- a/ql/lib/ext/docker-practice_actions-setup-docker.model.yml
+++ b/ql/lib/ext/docker-practice_actions-setup-docker.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["docker-practice/actions-setup-docker", "*", "input.docker_version", "command-injection", "manual"]
      - ["docker-practice/actions-setup-docker", "*", "input.docker_channel", "command-injection", "manual"]
--- a/ql/lib/ext/docker_build-push-action.model.yml
+++ b/ql/lib/ext/docker_build-push-action.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["docker/build-push-action", "*", "input.context", "code-injection", "manual"]
--- a/ql/lib/ext/endbug_latest-tag.model.yml
+++ b/ql/lib/ext/endbug_latest-tag.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["endbug/latest-tag", "*", "input.ref", "command-injection", "manual"]
      - ["endbug/latest-tag", "*", "input.tag-name", "command-injection", "manual"]
--- a/ql/lib/ext/expo_expo-github-action.model.yml
+++ b/ql/lib/ext/expo_expo-github-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["expo/expo-github-action", "*", "input.command", "command-injection", "manual"]
      - ["expo/expo-github-action", "*", "input.packager", "command-injection", "manual"]
--- a/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml
+++ b/ql/lib/ext/firebaseextended_action-hosting-deploy.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["firebaseextended/action-hosting-deploy", "*", "input.firebaseToolsVersion", "command-injection", "manual"]
--- a/ql/lib/ext/frabert_replace-string-action.model.yml
+++ b/ql/lib/ext/frabert_replace-string-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint", "manual"]
      - ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint", "manual"]
--- a/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml
+++ b/ql/lib/ext/franzdiebold_github-env-vars-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sourceModel
+      extensible: actionsSourceModel
    data:
      - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "text", "manual"]
      - ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "title", "manual"]
--- a/ql/lib/ext/gabrielbb_xvfb-action.model.yml
+++ b/ql/lib/ext/gabrielbb_xvfb-action.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["gabrielbb/xvfb-action", "*", "input.run", "command-injection", "manual"]
      - ["gabrielbb/xvfb-action", "*", "input.options", "command-injection", "manual"]
--- a/ql/lib/ext/game-ci_unity-builder.model.yml
+++ b/ql/lib/ext/game-ci_unity-builder.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["game-ci/unity-builder", "*", "input.cacheKey", "command-injection", "manual"]
      - ["game-ci/unity-builder", "*", "input.unityHubVersionOnMac", "command-injection", "manual"]
--- a/ql/lib/ext/game-ci_unity-test-runner.model.yml
+++ b/ql/lib/ext/game-ci_unity-test-runner.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint", "manual"]
--- a/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml
+++ b/ql/lib/ext/gautamkrishnar_blog-post-workflow.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
      - ["gautamkrishnar/blog-post-workflow", "*", "input.item_exec", "code-injection", "manual"]
--- a/ql/lib/ext/generated/composite-actions/actions_actions-runner-controller.model.yml
+++ b/ql/lib/ext/generated/composite-actions/actions_actions-runner-controller.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["actions/actions-runner-controller", "*", "input.image-tag", "code-injection", "generated"]
     - ["actions/actions-runner-controller", "*", "input.image-name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/adap_flower.model.yml
+++ b/ql/lib/ext/generated/composite-actions/adap_flower.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["adap/flower", "*", "input.poetry-version", "code-injection", "generated"]
     - ["adap/flower", "*", "input.setuptools-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/agoric_agoric-sdk.model.yml
+++ b/ql/lib/ext/generated/composite-actions/agoric_agoric-sdk.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["agoric/agoric-sdk", "*", "input.xsnap-random-init", "code-injection", "generated"]
     - ["agoric/agoric-sdk", "*", "input.path", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/airbnb_lottie-ios.model.yml
+++ b/ql/lib/ext/generated/composite-actions/airbnb_lottie-ios.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["airbnb/lottie-ios", "*", "input.xcode", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/airbytehq_airbyte.model.yml
+++ b/ql/lib/ext/generated/composite-actions/airbytehq_airbyte.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["airbytehq/airbyte", "*", "input.options", "code-injection", "generated"]
     - ["airbytehq/airbyte", "*", "input.subcommand", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/amazon-ion_ion-java.model.yml
+++ b/ql/lib/ext/generated/composite-actions/amazon-ion_ion-java.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["amazon-ion/ion-java", "*", "input.project_version", "code-injection", "generated"]
     - ["amazon-ion/ion-java", "*", "input.repo", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/anchore_grype.model.yml
+++ b/ql/lib/ext/generated/composite-actions/anchore_grype.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["anchore/grype", "*", "input.bootstrap-apt-packages", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/anchore_syft.model.yml
+++ b/ql/lib/ext/generated/composite-actions/anchore_syft.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["anchore/syft", "*", "input.bootstrap-apt-packages", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/angular_dev-infra.model.yml
+++ b/ql/lib/ext/generated/composite-actions/angular_dev-infra.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["angular/dev-infra", "*", "input.firebase-public-dir", "code-injection", "generated"]
     - ["angular/dev-infra", "*", "input.workflow-artifact-name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/ansible_ansible-lint.model.yml
+++ b/ql/lib/ext/generated/composite-actions/ansible_ansible-lint.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["ansible/ansible-lint", "*", "input.args", "code-injection", "generated"]
     - ["ansible/ansible-lint", "*", "input.working_directory", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/ansible_awx.model.yml
+++ b/ql/lib/ext/generated/composite-actions/ansible_awx.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["ansible/awx", "*", "input.log-filename", "code-injection", "generated"]
     - ["ansible/awx", "*", "input.github-token", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_arrow-datafusion.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_arrow-datafusion.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/arrow-datafusion", "*", "input.rust-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_arrow-rs.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_arrow-rs.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/arrow-rs", "*", "input.target", "code-injection", "generated"]
     - ["apache/arrow-rs", "*", "input.rust-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_arrow.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_arrow.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/arrow", "*", "input.upload", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_bookkeeper.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_bookkeeper.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/bookkeeper", "*", "input.mode", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_brpc.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_brpc.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/brpc", "*", "input.options", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_camel-k.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_camel-k.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/camel-k", "*", "input.test-suite", "code-injection", "generated"]
     - ["apache/camel-k", "*", "input.image-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_camel.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_camel.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/camel", "*", "input.end-commit", "code-injection", "generated"]
     - ["apache/camel", "*", "input.start-commit", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_flink.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_flink.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/flink", "*", "input.maven-parameters", "code-injection", "generated"]
     - ["apache/flink", "*", "input.env", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_incubator-kie-tools.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_incubator-kie-tools.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
     - ["apache/incubator-kie-tools", "*", "input.pnpm_filter_string", "output.pnpm_filter_string", "taint", "manual"]
--- a/ql/lib/ext/generated/composite-actions/apache_nuttx.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_nuttx.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/nuttx", "*", "input.haskell", "code-injection", "generated"]
     - ["apache/nuttx", "*", "input.dotnet", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_opendal.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_opendal.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/opendal", "*", "input.feature", "code-injection", "generated"]
     - ["apache/opendal", "*", "input.setup", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_pekko.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_pekko.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/pekko", "*", "input.upload", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_pulsar-helm-chart.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_pulsar-helm-chart.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/pulsar-helm-chart", "*", "input.limit-access-to-users", "code-injection", "generated"]
     - ["apache/pulsar-helm-chart", "*", "input.limit-access-to-actor", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/apache_superset.model.yml
+++ b/ql/lib/ext/generated/composite-actions/apache_superset.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["apache/superset", "*", "input.requirements-type", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/appflowy-io_appflowy.model.yml
+++ b/ql/lib/ext/generated/composite-actions/appflowy-io_appflowy.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["appflowy-io/appflowy", "*", "input.test_path", "code-injection", "generated"]
     - ["appflowy-io/appflowy", "*", "input.flutter_profile", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/aptos-labs_aptos-core.model.yml
+++ b/ql/lib/ext/generated/composite-actions/aptos-labs_aptos-core.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["aptos-labs/aptos-core", "*", "input.GIT_CREDENTIALS", "code-injection", "generated"]
     - ["aptos-labs/aptos-core", "*", "input.GCP_DOCKER_ARTIFACT_REPO", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/archivesspace_archivesspace.model.yml
+++ b/ql/lib/ext/generated/composite-actions/archivesspace_archivesspace.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["archivesspace/archivesspace", "*", "input.mysql-connector-url", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/armadaproject_armada.model.yml
+++ b/ql/lib/ext/generated/composite-actions/armadaproject_armada.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["armadaproject/armada", "*", "input.tox-env", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/armbian_build.model.yml
+++ b/ql/lib/ext/generated/composite-actions/armbian_build.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["armbian/build", "*", "input.armbian_pgp_password", "code-injection", "generated"]
     - ["armbian/build", "*", "input.armbian_extensions", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/auth0_auth0-java.model.yml
+++ b/ql/lib/ext/generated/composite-actions/auth0_auth0-java.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["auth0/auth0-java", "*", "input.signing-password", "code-injection", "generated"]
     - ["auth0/auth0-java", "*", "input.signing-key", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/auth0_auth0.net.model.yml
+++ b/ql/lib/ext/generated/composite-actions/auth0_auth0.net.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["auth0/auth0.net", "*", "input.nuget-token", "code-injection", "generated"]
     - ["auth0/auth0.net", "*", "input.nuget-directory", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/auth0_auth0.swift.model.yml
+++ b/ql/lib/ext/generated/composite-actions/auth0_auth0.swift.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["auth0/auth0.swift", "*", "input.platform", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/autogluon_autogluon.model.yml
+++ b/ql/lib/ext/generated/composite-actions/autogluon_autogluon.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["autogluon/autogluon", "*", "input.submodule-to-test", "code-injection", "generated"]
     - ["autogluon/autogluon", "*", "input.command", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/avaiga_taipy.model.yml
+++ b/ql/lib/ext/generated/composite-actions/avaiga_taipy.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["avaiga/taipy", "*", "input.python-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/aws-amplify_amplify-cli.model.yml
+++ b/ql/lib/ext/generated/composite-actions/aws-amplify_amplify-cli.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["aws-amplify/amplify-cli", "*", "input.cli-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/aws-powertools_powertools-lambda-python.model.yml
+++ b/ql/lib/ext/generated/composite-actions/aws-powertools_powertools-lambda-python.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: summaryModel
+      extensible: actionsSummaryModel
    data:
      - ["aws-powertools/powertools-lambda-python", "*", "input.artifact_name_prefix", "output.artifact_name", "taint", "manual"]
--- a/ql/lib/ext/generated/composite-actions/aws_amazon-vpc-cni-k8s.model.yml
+++ b/ql/lib/ext/generated/composite-actions/aws_amazon-vpc-cni-k8s.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["aws/amazon-vpc-cni-k8s", "*", "input.go-package", "code-injection", "generated"]
     - ["aws/amazon-vpc-cni-k8s", "*", "input.work-dir", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/aws_karpenter-provider-aws.model.yml
+++ b/ql/lib/ext/generated/composite-actions/aws_karpenter-provider-aws.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["aws/karpenter-provider-aws", "*", "input.account_id", "code-injection", "generated"]
     - ["aws/karpenter-provider-aws", "*", "input.cluster_name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/awslabs_amazon-eks-ami.model.yml
+++ b/ql/lib/ext/generated/composite-actions/awslabs_amazon-eks-ami.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["awslabs/amazon-eks-ami", "*", "input.max_resource_age_duration", "code-injection", "generated"]
     - ["awslabs/amazon-eks-ami", "*", "input.aws_region", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/awslabs_aws-lambda-rust-runtime.model.yml
+++ b/ql/lib/ext/generated/composite-actions/awslabs_aws-lambda-rust-runtime.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["awslabs/aws-lambda-rust-runtime", "*", "input.package", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/azerothcore_azerothcore-wotlk.model.yml
+++ b/ql/lib/ext/generated/composite-actions/azerothcore_azerothcore-wotlk.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["azerothcore/azerothcore-wotlk", "*", "input.CXX", "code-injection", "generated"]
     - ["azerothcore/azerothcore-wotlk", "*", "input.CC", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/azure_azure-datafactory.model.yml
+++ b/ql/lib/ext/generated/composite-actions/azure_azure-datafactory.model.yml
@@ -1,7 +1,7 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["azure/azure-datafactory", "*", "input.directory", "code-injection", "generated"]
     - ["azure/azure-datafactory", "*", "input.path", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/badges_shields.model.yml
+++ b/ql/lib/ext/generated/composite-actions/badges_shields.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["badges/shields", "*", "input.npm-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/composite-actions/balena-io_etcher.model.yml
+++ b/ql/lib/ext/generated/composite-actions/balena-io_etcher.model.yml
@@ -1,6 +1,6 @@
 extensions:
  - addsTo:
      pack: githubsecuritylab/actions-all
-      extensible: sinkModel
+      extensible: actionsSinkModel
    data:
     - ["balena-io/etcher", "*", "input.VERBOSE", "code-injection", "generated"]
--- a/Show More
+++ b/Show More