hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 22:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only triggered on non-pull_request events

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-04-01 10:51:26 +02:00
parent 822e9bcaab
commit bdfd46111f
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql
View File

@@ -16,11 +16,16 @@ import actions
import codeql.actions.security.EnvVarInjectionQuery
import EnvVarInjectionFlow::PathGraph
predicate isSingleTriggerWorkflow(Workflow w, string trigger) {
w.getATriggerEvent() = trigger and
count(string t | w.getATriggerEvent() = t | t) = 1
}
from EnvVarInjectionFlow::PathNode source, EnvVarInjectionFlow::PathNode sink, Workflow w
where
EnvVarInjectionFlow::flowPath(source, sink) and
w = source.getNode().asExpr().getEnclosingWorkflow() and
w.hasTriggerEvent(source.getNode().(RemoteFlowSource).getATriggerEvent())
not isSingleTriggerWorkflow(w, "pull_request")
select sink.getNode(), source, sink,
"Potential privileged environment variable injection in $@, which may be controlled by an external user.",
sink, sink.getNode().asExpr().(Expression).getRawExpression()