From b5dfda27fdc7a39e14ff996f034015e4631159a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= <pwntester@github.com>
Date: Mon, 24 Jun 2024 12:45:24 +0200
Subject: [PATCH] Add cargo as poisonable step

---
 ql/lib/codeql/actions/security/PoisonableSteps.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/lib/codeql/actions/security/PoisonableSteps.qll b/ql/lib/codeql/actions/security/PoisonableSteps.qll
index f80f09a32d8..b1d5269d44a 100644
--- a/ql/lib/codeql/actions/security/PoisonableSteps.qll
+++ b/ql/lib/codeql/actions/security/PoisonableSteps.qll
@@ -23,7 +23,7 @@ private string dangerousCommands() {
       "terraform apply", "gomplate ", "pre-commit run", "pre-commit install", "go generate",
       "msbuild ", "mvn ", "gradle ", "bundle install", "bundle exec ", "^ant ", "mkdocs build",
       "pytest", "pip install -r ", "pip install --requirement", "java -jar ", "poetry install",
-      "poetry run"
+      "poetry run", "cargo "
     ]
 }