From abd49d5b110a37fcf311586179b0553790eee87f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= <pwntester@github.com>
Date: Tue, 24 Sep 2024 12:12:29 +0200
Subject: [PATCH] Improve privilege workflow detection

---
 ql/lib/codeql/actions/Helper.qll | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/ql/lib/codeql/actions/Helper.qll b/ql/lib/codeql/actions/Helper.qll
index f6c31a6e8ea..9ac67575b8b 100644
--- a/ql/lib/codeql/actions/Helper.qll
+++ b/ql/lib/codeql/actions/Helper.qll
@@ -252,26 +252,10 @@ predicate inPrivilegedExternallyTriggerableJob(AstNode node) {
   )
 }
 
-predicate calledByPrivilegedExternallyTriggerableJob(AstNode node) {
-  exists(ReusableWorkflow rw, ExternalJob caller, Job callee |
-    callee = node.getEnclosingJob() and
-    rw.getACaller() = caller and
-    rw.getAJob() = callee and
-    caller.isPrivilegedExternallyTriggerable()
-  )
-  or
-  exists(LocalJob caller |
-    caller = node.getEnclosingCompositeAction().getACallerJob() and
-    caller.isPrivilegedExternallyTriggerable()
-  )
-}
-
 predicate inPrivilegedContext(AstNode node) {
   inPrivilegedCompositeAction(node)
   or
   inPrivilegedExternallyTriggerableJob(node)
-  or
-  calledByPrivilegedExternallyTriggerableJob(node)
 }
 
 predicate inNonPrivilegedCompositeAction(AstNode node) {