mirror of
https://github.com/github/codeql.git
synced 2026-03-20 14:36:46 +01:00
Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions
This commit is contained in:
Alvaro Muñoz
1
.gitignore
vendored
1
.gitignore
vendored
@@ -4,3 +4,4 @@ ql/lib/.codeql/
|
||||
ql/src/.codeql/
|
||||
ql/test/.codeql/
|
||||
db/
|
||||
.cache
|
||||
@@ -8,9 +8,10 @@ private import actions
|
||||
* - action: Fully-qualified action name (NWO)
|
||||
* - version: Either '*' or a specific SHA/Tag
|
||||
* - output arg: To node (prefixed with either `env.` or `output.`)
|
||||
* - provenance: verification of the model
|
||||
*/
|
||||
predicate sourceModel(string action, string version, string output, string kind) {
|
||||
Extensions::sourceModel(action, version, output, kind)
|
||||
predicate sourceModel(string action, string version, string output, string kind, string provenance) {
|
||||
Extensions::sourceModel(action, version, output, kind, provenance)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -21,9 +22,12 @@ predicate sourceModel(string action, string version, string output, string kind)
|
||||
* - input arg: From node (prefixed with either `env.` or `input.`)
|
||||
* - output arg: To node (prefixed with either `env.` or `output.`)
|
||||
* - kind: Either 'Taint' or 'Value'
|
||||
* - provenance: verification of the model
|
||||
*/
|
||||
predicate summaryModel(string action, string version, string input, string output, string kind) {
|
||||
Extensions::summaryModel(action, version, input, output, kind)
|
||||
predicate summaryModel(
|
||||
string action, string version, string input, string output, string kind, string provenance
|
||||
) {
|
||||
Extensions::summaryModel(action, version, input, output, kind, provenance)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -33,14 +37,15 @@ predicate summaryModel(string action, string version, string input, string outpu
|
||||
* - version: Either '*' or a specific SHA/Tag
|
||||
* - input: sink node (prefixed with either `env.` or `input.`)
|
||||
* - kind: sink kind
|
||||
* - provenance: verification of the model
|
||||
*/
|
||||
predicate sinkModel(string action, string version, string input, string kind) {
|
||||
Extensions::sinkModel(action, version, input, kind)
|
||||
predicate sinkModel(string action, string version, string input, string kind, string provenance) {
|
||||
Extensions::sinkModel(action, version, input, kind, provenance)
|
||||
}
|
||||
|
||||
predicate externallyDefinedSource(DataFlow::Node source, string sourceType, string fieldName) {
|
||||
exists(Uses uses, string action, string version, string kind |
|
||||
sourceModel(action, version, fieldName, kind) and
|
||||
sourceModel(action, version, fieldName, kind, _) and
|
||||
uses.getCallee() = action.toLowerCase() and
|
||||
(
|
||||
if version.trim() = "*"
|
||||
@@ -63,7 +68,7 @@ predicate externallyDefinedStoreStep(
|
||||
DataFlow::Node pred, DataFlow::Node succ, DataFlow::ContentSet c
|
||||
) {
|
||||
exists(Uses uses, string action, string version, string input, string output |
|
||||
summaryModel(action, version, input, output, "taint") and
|
||||
summaryModel(action, version, input, output, "taint", _) and
|
||||
c = any(DataFlow::FieldContent ct | ct.getName() = output.replaceAll("output.", "")) and
|
||||
uses.getCallee() = action.toLowerCase() and
|
||||
(
|
||||
@@ -85,7 +90,7 @@ predicate externallyDefinedStoreStep(
|
||||
|
||||
predicate externallyDefinedSink(DataFlow::Node sink, string kind) {
|
||||
exists(Uses uses, string action, string version, string input |
|
||||
sinkModel(action, version, input, kind) and
|
||||
sinkModel(action, version, input, kind, _) and
|
||||
uses.getCallee() = action.toLowerCase() and
|
||||
(
|
||||
if input.trim().matches("env.%")
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
private import actions
|
||||
private import codeql.actions.DataFlow
|
||||
private import codeql.actions.dataflow.ExternalFlow
|
||||
private import codeql.actions.Ast::Utils as Utils
|
||||
private import codeql.actions.security.ArtifactPoisoningQuery
|
||||
|
||||
/**
|
||||
|
||||
@@ -6,7 +6,6 @@ private import actions
|
||||
private import codeql.util.Unit
|
||||
private import codeql.actions.DataFlow
|
||||
private import codeql.actions.dataflow.ExternalFlow
|
||||
private import codeql.actions.Ast::Utils as Utils
|
||||
private import codeql.actions.security.ArtifactPoisoningQuery
|
||||
|
||||
/**
|
||||
|
||||
@@ -5,16 +5,20 @@
|
||||
/**
|
||||
* Holds if a source model exists for the given parameters.
|
||||
*/
|
||||
extensible predicate sourceModel(string action, string version, string output, string kind);
|
||||
extensible predicate sourceModel(
|
||||
string action, string version, string output, string kind, string provenance
|
||||
);
|
||||
|
||||
/**
|
||||
* Holds if a summary model exists for the given parameters.
|
||||
*/
|
||||
extensible predicate summaryModel(
|
||||
string action, string version, string input, string output, string kind
|
||||
string action, string version, string input, string output, string kind, string provenance
|
||||
);
|
||||
|
||||
/**
|
||||
* Holds if a sink model exists for the given parameters.
|
||||
*/
|
||||
extensible predicate sinkModel(string action, string version, string input, string kind);
|
||||
extensible predicate sinkModel(
|
||||
string action, string version, string input, string kind, string provenance
|
||||
);
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["8398a7/action-slack", "*", "input.custom_payload", "code-injection"]
|
||||
- ["8398a7/action-slack", "*", "input.custom_payload", "code-injection", "manual"]
|
||||
@@ -3,15 +3,15 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["octo-org/this-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint"]
|
||||
- ["octo-org/summary-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint"]
|
||||
- ["octo-org/this-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint", "manual"]
|
||||
- ["octo-org/summary-repo/.github/workflows/workflow.yml", "*", "input.config-path", "output.workflow-output", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["octo-org/source-repo/.github/workflows/workflow.yml", "*", "output.workflow-output", "Foo"]
|
||||
- ["octo-org/source-repo/.github/workflows/workflow.yml", "*", "output.workflow-output", "Foo", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["octo-org/sink-repo/.github/workflows/workflow.yml", "*", "input.config-path", "code-injection"]
|
||||
- ["octo-org/sink-repo/.github/workflows/workflow.yml", "*", "input.config-path", "code-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["actions/github-script", "*", "input.script", "code-injection"]
|
||||
- ["actions/github-script", "*", "input.script", "code-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["ahmadnassri/action-changed-files", "*", "output.files", "PR changed files"]
|
||||
- ["ahmadnassri/action-changed-files", "*", "output.json", "PR changed files"]
|
||||
- ["ahmadnassri/action-changed-files", "*", "output.files", "PR changed files", "manual"]
|
||||
- ["ahmadnassri/action-changed-files", "*", "output.json", "PR changed files", "manual"]
|
||||
|
||||
@@ -3,19 +3,19 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.branch", "output.status", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.region", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.stack", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.team", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.docker_heroku_process_type", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.docker_build_args", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.branch", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.appdir", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_api_key", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_email", "command-injection"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_app_name", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.buildpack", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.region", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.stack", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.team", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.docker_heroku_process_type", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.docker_build_args", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.branch", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.appdir", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_api_key", "command-injection", "manual"]
|
||||
- ["akhileshns/heroku-deploy", "*", "input.heroku_email", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["amannn/action-semantic-pull-request", "*", "output.error_message", "PR title"]
|
||||
- ["amannn/action-semantic-pull-request", "*", "output.error_message", "PR title", "manual"]
|
||||
|
||||
@@ -3,8 +3,8 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["anchore/sbom-action", "*", "input.syft-version", "command-injection"]
|
||||
- ["anchore/sbom-action", "*", "input.format", "command-injection"]
|
||||
- ["anchore/sbom-action", "*", "input.path", "command-injection"]
|
||||
- ["anchore/sbom-action", "*", "input.file", "command-injection"]
|
||||
- ["anchore/sbom-action", "*", "input.image", "command-injection"]
|
||||
- ["anchore/sbom-action", "*", "input.syft-version", "command-injection", "manual"]
|
||||
- ["anchore/sbom-action", "*", "input.format", "command-injection", "manual"]
|
||||
- ["anchore/sbom-action", "*", "input.path", "command-injection", "manual"]
|
||||
- ["anchore/sbom-action", "*", "input.file", "command-injection", "manual"]
|
||||
- ["anchore/sbom-action", "*", "input.image", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["anchore/scan-action", "*", "input.grype-version", "command-injection"]
|
||||
- ["anchore/scan-action", "*", "input.grype-version", "command-injection", "manual"]
|
||||
|
||||
@@ -3,7 +3,7 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["andresz1/size-limit-action", "*", "input.package_manager", "command-injection"]
|
||||
- ["andresz1/size-limit-action", "*", "input.build_script", "command-injection"]
|
||||
- ["andresz1/size-limit-action", "*", "input.script", "command-injection"]
|
||||
- ["andresz1/size-limit-action", "*", "input.clean_script", "command-injection"]
|
||||
- ["andresz1/size-limit-action", "*", "input.package_manager", "command-injection", "manual"]
|
||||
- ["andresz1/size-limit-action", "*", "input.build_script", "command-injection", "manual"]
|
||||
- ["andresz1/size-limit-action", "*", "input.script", "command-injection", "manual"]
|
||||
- ["andresz1/size-limit-action", "*", "input.clean_script", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint"]
|
||||
- ["android-actions/setup-android", "*", "input.cmdline-tools-version", "output.ANDROID_COMMANDLINE_TOOLS_VERSION", "taint", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint"]
|
||||
- ["apple-actions/import-codesign-certs", "*", "input.keychain-password", "output.keychain-password", "taint", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["asdf-vm/actions", "*", "input.before_install", "command-injection"]
|
||||
- ["asdf-vm/actions", "*", "input.before_install", "command-injection", "manual"]
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint"]
|
||||
- ["ashley-taylor/read-json-property-action", "*", "input.json", "output.value", "taint", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint"]
|
||||
- ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint"]
|
||||
- ["ashley-taylor/regex-property-action", "*", "input.replacement", "output.value", "taint", "manual"]
|
||||
- ["ashley-taylor/regex-property-action", "*", "input.value", "output.value", "taint", "manual"]
|
||||
|
||||
@@ -3,6 +3,6 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint"]
|
||||
- ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint"]
|
||||
- ["aszc/change-string-case-action", "*", "input.replace-with", "output.lowercase", "taint"]
|
||||
- ["aszc/change-string-case-action", "*", "input.string", "output.capitalized", "taint", "manual"]
|
||||
- ["aszc/change-string-case-action", "*", "input.replace-with", "output.uppercase", "taint", "manual"]
|
||||
- ["aszc/change-string-case-action", "*", "input.replace-with", "output.lowercase", "taint", "manual"]
|
||||
|
||||
@@ -3,9 +3,9 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "env.AWS_SECRET_ACCESS_KEY", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "secret.AWS_SECRET_ACCESS_KEY", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "env.AWS_SESSION_TOKEN", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "secret.AWS_SESSION_TOKEN", "taint"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "env.AWS_ACCESS_KEY_ID", "taint", "manual"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-access-key-id", "secret.AWS_ACCESS_KEY_ID", "taint", "manual"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "env.AWS_SECRET_ACCESS_KEY", "taint", "manual"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-secret-access-key", "secret.AWS_SECRET_ACCESS_KEY", "taint", "manual"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "env.AWS_SESSION_TOKEN", "taint", "manual"]
|
||||
- ["aws-actions/configure-aws-credentials", "*", "input.aws-session-token", "secret.AWS_SESSION_TOKEN", "taint", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["axel-op/googlejavaformat-action", "*", "input.commitMessage", "command-injection"]
|
||||
- ["axel-op/googlejavaformat-action", "*", "input.commit-message", "command-injection"]
|
||||
- ["axel-op/googlejavaformat-action", "*", "input.commitMessage", "command-injection", "manual"]
|
||||
- ["axel-op/googlejavaformat-action", "*", "input.commit-message", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["azure/powershell", "*", "input.azPSVersion", "command-injection"]
|
||||
- ["azure/powershell", "*", "input.azPSVersion", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["bahmutov/npm-install", "*", "input.install-command", "command-injection"]
|
||||
- ["bahmutov/npm-install", "*", "input.install-command", "command-injection", "manual"]
|
||||
|
||||
@@ -3,6 +3,6 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["blackducksoftware/github-action", "*", "input.args", "command-injection"]
|
||||
- ["blackducksoftware/github-action", "*", "input.blackduck.url", "command-injection"]
|
||||
- ["blackducksoftware/github-action", "*", "input.blackduck.api.token", "command-injection"]
|
||||
- ["blackducksoftware/github-action", "*", "input.args", "command-injection", "manual"]
|
||||
- ["blackducksoftware/github-action", "*", "input.blackduck.url", "command-injection", "manual"]
|
||||
- ["blackducksoftware/github-action", "*", "input.blackduck.api.token", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["bobheadxi/deployments", "*", "input.env", "output.env", "taint"]
|
||||
- ["bobheadxi/deployments", "*", "input.env", "output.env", "taint", "manual"]
|
||||
|
||||
@@ -3,10 +3,10 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"]
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.input", "command-injection"]
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.against", "command-injection"]
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.input", "command-injection", "manual"]
|
||||
- ["bufbuild/buf-breaking-action", "*", "input.against", "command-injection", "manual"]
|
||||
|
||||
@@ -3,9 +3,9 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint"]
|
||||
- ["bufbuild/buf-lint-action", "*", "input.buf_token", "env.BUF_TOKEN", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["bufbuild/buf-lint-action", "*", "input.input", "command-injection"]
|
||||
- ["bufbuild/buf-lint-action", "*", "input.input", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["bufbuild/buf-setup-action", "*", "input.buf_domain", "command-injection"]
|
||||
- ["bufbuild/buf-setup-action", "*", "input.buf_user", "command-injection"]
|
||||
- ["bufbuild/buf-setup-action", "*", "input.buf_domain", "command-injection", "manual"]
|
||||
- ["bufbuild/buf-setup-action", "*", "input.buf_user", "command-injection", "manual"]
|
||||
|
||||
@@ -3,10 +3,10 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint"]
|
||||
- ["cachix/cachix-action", "*", "input.signingKey", "env.CACHIX_SIGNING_KEY", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["cachix/cachix-action", "*", "input.installCommand", "command-injection"]
|
||||
- ["cachix/cachix-action", "*", "input.cachixBin", "command-injection"]
|
||||
- ["cachix/cachix-action", "*", "input.installCommand", "command-injection", "manual"]
|
||||
- ["cachix/cachix-action", "*", "input.cachixBin", "command-injection", "manual"]
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["changesets/action", "*", "input.publish", "command-injection"]
|
||||
- ["changesets/action", "*", "input.version", "command-injection"]
|
||||
- ["changesets/action", "*", "input.publish", "command-injection", "manual"]
|
||||
- ["changesets/action", "*", "input.version", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["cloudflare/wrangler-action", "*", "input.preCommands", "command-injection"]
|
||||
- ["cloudflare/wrangler-action", "*", "input.postCommands", "command-injection"]
|
||||
- ["cloudflare/wrangler-action", "*", "input.preCommands", "command-injection", "manual"]
|
||||
- ["cloudflare/wrangler-action", "*", "input.postCommands", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint"]
|
||||
- ["coursier/cache-action", "*", "input.path", "env.COURSIER_CACHE", "taint", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["crazy-max/ghaction-chocolatey", "*", "input.args", "command-injection"]
|
||||
- ["crazy-max/ghaction-chocolatey", "*", "input.args", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint"]
|
||||
- ["crazy-max/ghaction-import-gpg", "*", "input.fingerprint", "output.fingerprint", "taint", "manual"]
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint"]
|
||||
- ["csexton/release-asset-action", "*", "input.release-url", "output.url", "taint", "manual"]
|
||||
|
||||
@@ -3,6 +3,6 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.semantic_version", "command-injection"]
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.extra_plugins", "command-injection"]
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.extends", "command-injection"]
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.semantic_version", "command-injection", "manual"]
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.extra_plugins", "command-injection", "manual"]
|
||||
- ["cycjimmy/semantic-release-action", "*", "input.extends", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["cypress-io/github-action", "*", "env.GH_BRANCH", "PR branch"]
|
||||
- ["cypress-io/github-action", "*", "env.GH_BRANCH", "PR branch", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["dailydotdev/action-devcard", "*", "input.commit_branch", "sql-injection"]
|
||||
- ["dailydotdev/action-devcard", "*", "input.commit_filename", "sql-injection"]
|
||||
- ["dailydotdev/action-devcard", "*", "input.commit_branch", "sql-injection", "manual"]
|
||||
- ["dailydotdev/action-devcard", "*", "input.commit_filename", "sql-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["danielpalme/reportgenerator-github-action", "*", "input.toolpath", "command-injection"]
|
||||
- ["danielpalme/reportgenerator-github-action", "*", "input.toolpath", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["daspn/private-actions-checkout", "*", "input.actions_list", "command-injection"]
|
||||
- ["daspn/private-actions-checkout", "*", "input.checkout_base_path", "command-injection"]
|
||||
- ["daspn/private-actions-checkout", "*", "input.actions_list", "command-injection", "manual"]
|
||||
- ["daspn/private-actions-checkout", "*", "input.checkout_base_path", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["dawidd6/action-ansible-playbook", "*", "input.playbook", "command-injection"]
|
||||
- ["dawidd6/action-ansible-playbook", "*", "input.options", "command-injection"]
|
||||
- ["dawidd6/action-ansible-playbook", "*", "input.playbook", "command-injection", "manual"]
|
||||
- ["dawidd6/action-ansible-playbook", "*", "input.options", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["dawidd6/action-download-artifact", "*", "output.artifacts", "Artifact details"]
|
||||
- ["dawidd6/action-download-artifact", "*", "output.artifacts", "Artifact details", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint"]
|
||||
- ["delaguardo/setup-clojure", "*", "input.boot", "env.BOOT_VERSION", "taint", "manual"]
|
||||
@@ -3,9 +3,9 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-url", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-tag", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-pr", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-branch", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-revision", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-binary", "command-injection"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-url", "command-injection", "manual"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-tag", "command-injection", "manual"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-pr", "command-injection", "manual"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-branch", "command-injection", "manual"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-revision", "command-injection", "manual"]
|
||||
- ["determinatesystems/magic-nix-cache-action", "*", "input.source-binary", "command-injection", "manual"]
|
||||
@@ -3,6 +3,6 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_version", "command-injection"]
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_channel", "command-injection"]
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_daemon_json", "command-injection"]
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_version", "command-injection", "manual"]
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_channel", "command-injection", "manual"]
|
||||
- ["docker-practice/actions-setup-docker", "*", "input.docker_daemon_json", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["docker/build-push-action", "*", "input.context", "code-injection"]
|
||||
- ["docker/build-push-action", "*", "input.context", "code-injection", "manual"]
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["dorny/paths-filter", "*", "output.changes", "PR changed files"]
|
||||
- ["dorny/paths-filter", "*", "output.changes", "PR changed files", "manual"]
|
||||
|
||||
@@ -3,7 +3,7 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["endbug/latest-tag", "*", "input.ref", "command-injection"]
|
||||
- ["endbug/latest-tag", "*", "input.tag-name", "command-injection"]
|
||||
- ["endbug/latest-tag", "*", "input.git-directory", "command-injection"]
|
||||
- ["endbug/latest-tag", "*", "input.description", "command-injection"]
|
||||
- ["endbug/latest-tag", "*", "input.ref", "command-injection", "manual"]
|
||||
- ["endbug/latest-tag", "*", "input.tag-name", "command-injection", "manual"]
|
||||
- ["endbug/latest-tag", "*", "input.git-directory", "command-injection", "manual"]
|
||||
- ["endbug/latest-tag", "*", "input.description", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["expo/expo-github-action", "*", "input.command", "command-injection"]
|
||||
- ["expo/expo-github-action", "*", "input.packager", "command-injection"]
|
||||
- ["expo/expo-github-action", "*", "input.command", "command-injection", "manual"]
|
||||
- ["expo/expo-github-action", "*", "input.packager", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["firebaseextended/action-hosting-deploy", "*", "input.firebaseToolsVersion", "command-injection"]
|
||||
- ["firebaseextended/action-hosting-deploy", "*", "input.firebaseToolsVersion", "command-injection", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint"]
|
||||
- ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint"]
|
||||
- ["frabert/replace-string-action", "*", "input.string", "output.replaced", "taint", "manual"]
|
||||
- ["frabert/replace-string-action", "*", "input.replace-with", "output.replaced", "taint", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "PR body"]
|
||||
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "PR title"]
|
||||
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_DESCRIPTION", "PR body", "manual"]
|
||||
- ["franzdiebold/github-env-vars-action", "*", "output.CI_PR_TITLE", "PR title", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["gabrielbb/xvfb-action", "*", "input.run", "command-injection"]
|
||||
- ["gabrielbb/xvfb-action", "*", "input.options", "command-injection"]
|
||||
- ["gabrielbb/xvfb-action", "*", "input.run", "command-injection", "manual"]
|
||||
- ["gabrielbb/xvfb-action", "*", "input.options", "command-injection", "manual"]
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["game-ci/unity-builder", "*", "input.cacheKey", "command-injection"]
|
||||
- ["game-ci/unity-builder", "*", "input.unityHubVersionOnMac", "command-injection"]
|
||||
- ["game-ci/unity-builder", "*", "input.cacheKey", "command-injection", "manual"]
|
||||
- ["game-ci/unity-builder", "*", "input.unityHubVersionOnMac", "command-injection", "manual"]
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint"]
|
||||
- ["game-ci/unity-test-runner", "*", "input.artifactsPath", "output.artifactsPath", "taint", "manual"]
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["gautamkrishnar/blog-post-workflow", "*", "input.item_exec", "code-injection"]
|
||||
- ["gautamkrishnar/blog-post-workflow", "*", "input.item_exec", "code-injection", "manual"]
|
||||
@@ -0,0 +1,14 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["actions/actions-runner-controller", "*", "inputs.image-tag", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.image-name", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.arc-controller-namespace", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.arc-namespace", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.arc-name", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.repo-name", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.repo-owner", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.workflow-file", "code-injection", "generated"]
|
||||
- ["actions/actions-runner-controller", "*", "inputs.auth-token", "code-injection", "generated"]
|
||||
@@ -0,0 +1,9 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["adap/flower", "*", "inputs.poetry-version", "code-injection", "generated"]
|
||||
- ["adap/flower", "*", "inputs.setuptools-version", "code-injection", "generated"]
|
||||
- ["adap/flower", "*", "inputs.pip-version", "code-injection", "generated"]
|
||||
- ["adap/flower", "*", "inputs.python-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,11 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["agoric/agoric-sdk", "*", "inputs.xsnap-random-init", "code-injection", "generated"]
|
||||
- ["agoric/agoric-sdk", "*", "inputs.path", "code-injection", "generated"]
|
||||
- ["agoric/agoric-sdk", "*", "inputs.ignore-endo-branch", "code-injection", "generated"]
|
||||
- ["agoric/agoric-sdk", "*", "inputs.codecov-token", "code-injection", "generated"]
|
||||
- ["agoric/agoric-sdk", "*", "inputs.datadog-token", "code-injection", "generated"]
|
||||
- ["agoric/agoric-sdk", "*", "inputs.datadog-site", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["airbnb/lottie-ios", "*", "inputs.xcode", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["airbytehq/airbyte", "*", "inputs.options", "code-injection", "generated"]
|
||||
- ["airbytehq/airbyte", "*", "inputs.subcommand", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["amazon-ion/ion-java", "*", "inputs.project_version", "code-injection", "generated"]
|
||||
- ["amazon-ion/ion-java", "*", "inputs.repo", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["anchore/grype", "*", "inputs.bootstrap-apt-packages", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["anchore/syft", "*", "inputs.bootstrap-apt-packages", "code-injection", "generated"]
|
||||
@@ -0,0 +1,10 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["angular/dev-infra", "*", "inputs.firebase-public-dir", "code-injection", "generated"]
|
||||
- ["angular/dev-infra", "*", "inputs.workflow-artifact-name", "code-injection", "generated"]
|
||||
- ["angular/dev-infra", "*", "inputs.artifact-build-revision", "code-injection", "generated"]
|
||||
- ["angular/dev-infra", "*", "inputs.pull-number", "code-injection", "generated"]
|
||||
- ["angular/dev-infra", "*", "inputs.deploy-directory", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["ansible/ansible-lint", "*", "inputs.args", "code-injection", "generated"]
|
||||
- ["ansible/ansible-lint", "*", "inputs.working_directory", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["ansible/awx", "*", "inputs.log-filename", "code-injection", "generated"]
|
||||
- ["ansible/awx", "*", "inputs.github-token", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/arrow-datafusion", "*", "inputs.rust-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/arrow-rs", "*", "inputs.target", "code-injection", "generated"]
|
||||
- ["apache/arrow-rs", "*", "inputs.rust-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/arrow", "*", "inputs.upload", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/bookkeeper", "*", "inputs.mode", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/brpc", "*", "inputs.options", "code-injection", "generated"]
|
||||
@@ -0,0 +1,17 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/camel-k", "*", "inputs.test-suite", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.image-version", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.image-registry-insecure", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.image-name", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.image-registry-host", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.catalog-source-namespace", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.catalog-source-name", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.image-namespace", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.version", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.otlp-collector-image-version", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.otlp-collector-image-name", "code-injection", "generated"]
|
||||
- ["apache/camel-k", "*", "inputs.global-operator-namespace", "code-injection", "generated"]
|
||||
@@ -0,0 +1,11 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/camel", "*", "inputs.end-commit", "code-injection", "generated"]
|
||||
- ["apache/camel", "*", "inputs.start-commit", "code-injection", "generated"]
|
||||
- ["apache/camel", "*", "inputs.distribution", "code-injection", "generated"]
|
||||
- ["apache/camel", "*", "inputs.version", "code-injection", "generated"]
|
||||
- ["apache/camel", "*", "inputs.pr-id", "code-injection", "generated"]
|
||||
- ["apache/camel", "*", "inputs.mode", "code-injection", "generated"]
|
||||
@@ -0,0 +1,10 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/flink", "*", "inputs.maven-parameters", "code-injection", "generated"]
|
||||
- ["apache/flink", "*", "inputs.env", "code-injection", "generated"]
|
||||
- ["apache/flink", "*", "inputs.target_directory", "code-injection", "generated"]
|
||||
- ["apache/flink", "*", "inputs.source_directory", "code-injection", "generated"]
|
||||
- ["apache/flink", "*", "inputs.jdk_version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,8 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/nuttx", "*", "inputs.haskell", "code-injection", "generated"]
|
||||
- ["apache/nuttx", "*", "inputs.dotnet", "code-injection", "generated"]
|
||||
- ["apache/nuttx", "*", "inputs.android", "code-injection", "generated"]
|
||||
@@ -0,0 +1,9 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/opendal", "*", "inputs.feature", "code-injection", "generated"]
|
||||
- ["apache/opendal", "*", "inputs.setup", "code-injection", "generated"]
|
||||
- ["apache/opendal", "*", "inputs.service", "code-injection", "generated"]
|
||||
- ["apache/opendal", "*", "inputs.target", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/pekko", "*", "inputs.upload", "code-injection", "generated"]
|
||||
@@ -0,0 +1,12 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.limit-access-to-users", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.limit-access-to-actor", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.secure-access", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.action", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.yamale_version", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.yamllint_version", "code-injection", "generated"]
|
||||
- ["apache/pulsar-helm-chart", "*", "inputs.version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["apache/superset", "*", "inputs.requirements-type", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["appflowy-io/appflowy", "*", "inputs.test_path", "code-injection", "generated"]
|
||||
- ["appflowy-io/appflowy", "*", "inputs.flutter_profile", "code-injection", "generated"]
|
||||
@@ -0,0 +1,8 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["aptos-labs/aptos-core", "*", "inputs.GIT_CREDENTIALS", "code-injection", "generated"]
|
||||
- ["aptos-labs/aptos-core", "*", "inputs.GCP_DOCKER_ARTIFACT_REPO", "code-injection", "generated"]
|
||||
- ["aptos-labs/aptos-core", "*", "inputs.IMAGE_TAG", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["archivesspace/archivesspace", "*", "inputs.mysql-connector-url", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["armadaproject/armada", "*", "inputs.tox-env", "code-injection", "generated"]
|
||||
@@ -0,0 +1,14 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["armbian/build", "*", "inputs.armbian_pgp_password", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_extensions", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_release", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_kernel_branch", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_board", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_target", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_branch", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_ui", "code-injection", "generated"]
|
||||
- ["armbian/build", "*", "inputs.armbian_version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,9 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["auth0/auth0-java", "*", "inputs.signing-password", "code-injection", "generated"]
|
||||
- ["auth0/auth0-java", "*", "inputs.signing-key", "code-injection", "generated"]
|
||||
- ["auth0/auth0-java", "*", "inputs.ossr-password", "code-injection", "generated"]
|
||||
- ["auth0/auth0-java", "*", "inputs.ossr-username", "code-injection", "generated"]
|
||||
@@ -0,0 +1,8 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["auth0/auth0.net", "*", "inputs.nuget-token", "code-injection", "generated"]
|
||||
- ["auth0/auth0.net", "*", "inputs.nuget-directory", "code-injection", "generated"]
|
||||
- ["auth0/auth0.net", "*", "inputs.project-paths", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["auth0/auth0.swift", "*", "inputs.platform", "code-injection", "generated"]
|
||||
@@ -0,0 +1,10 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["autogluon/autogluon", "*", "inputs.submodule-to-test", "code-injection", "generated"]
|
||||
- ["autogluon/autogluon", "*", "inputs.command", "code-injection", "generated"]
|
||||
- ["autogluon/autogluon", "*", "inputs.work-dir", "code-injection", "generated"]
|
||||
- ["autogluon/autogluon", "*", "inputs.job-name", "code-injection", "generated"]
|
||||
- ["autogluon/autogluon", "*", "inputs.job-type", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["avaiga/taipy", "*", "inputs.python-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["aws-amplify/amplify-cli", "*", "inputs.cli-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["aws/amazon-vpc-cni-k8s", "*", "inputs.go-package", "code-injection", "generated"]
|
||||
- ["aws/amazon-vpc-cni-k8s", "*", "inputs.work-dir", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["aws/karpenter-provider-aws", "*", "inputs.account_id", "code-injection", "generated"]
|
||||
- ["aws/karpenter-provider-aws", "*", "inputs.cluster_name", "code-injection", "generated"]
|
||||
@@ -0,0 +1,12 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.max_resource_age_duration", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.aws_region", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.ami_id", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.k8s_version", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.os_distro", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.additional_arguments", "code-injection", "generated"]
|
||||
- ["awslabs/amazon-eks-ami", "*", "inputs.build_id", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["awslabs/aws-lambda-rust-runtime", "*", "inputs.package", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["azerothcore/azerothcore-wotlk", "*", "inputs.CXX", "code-injection", "generated"]
|
||||
- ["azerothcore/azerothcore-wotlk", "*", "inputs.CC", "code-injection", "generated"]
|
||||
@@ -0,0 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["azure/azure-datafactory", "*", "inputs.directory", "code-injection", "generated"]
|
||||
- ["azure/azure-datafactory", "*", "inputs.path", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["badges/shields", "*", "inputs.npm-version", "code-injection", "generated"]
|
||||
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: githubsecuritylab/actions-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["balena-io/etcher", "*", "inputs.VERBOSE", "code-injection", "generated"]
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user