hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

UntrustedCheckout: Try and differentiate between two versions of the rule

Browse Source
This commit is contained in:
Marco Gario
2025-03-26 12:49:48 +00:00
parent c8a1ad6b28
commit b1737858fa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Checkout of untrusted code in trusted context
* @name Checkout of untrusted code in trusted context with poisonable step
* @description Privileged workflows have read/write access to the base repository and access to secrets.
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
* that is able to push to the base repository and to access secrets.