Merge pull request #19849 from asgerf/js/remove-legacy-actions-queries

JS: Remove legacy actions queries

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml

@@ -1,28 +0,0 @@
-on: issue_comment
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: |
-        echo '${{ github.event.comment.body }}'
-
-  echo-chamber2:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.comment.body }}'
-    - run: echo '${{ github.event.issue.body }}'
-    - run: echo '${{ github.event.issue.title }}'
-
-  echo-chamber3:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/github-script@v3
-      with:
-        script: console.log('${{ github.event.comment.body }}')
-    - uses: actions/github-script@v3
-      with:
-        script: console.log('${{ github.event.issue.body }}')
-    - uses: actions/github-script@v3
-      with:
-        script: console.log('${{ github.event.issue.title }}')

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue_newline.yml

@@ -1,10 +0,0 @@
-on: issue_comment
-
-# same as comment_issue but this file ends with a line break
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-      - run: |
-          echo '${{ github.event.comment.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion.yml

@@ -1,8 +0,0 @@
-on: discussion
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.discussion.title }}'
-    - run: echo '${{ github.event.discussion.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion_comment.yml

@@ -1,9 +0,0 @@
-on: discussion_comment
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.discussion.title }}'
-    - run: echo '${{ github.event.discussion.body }}'
-    - run: echo '${{ github.event.comment.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/gollum.yml

@@ -1,11 +0,0 @@
-on: gollum
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.pages[1].title }}'
-    - run: echo '${{ github.event.pages[11].title }}'
-    - run: echo '${{ github.event.pages[0].page_name }}'
-    - run: echo '${{ github.event.pages[2222].page_name }}'
-    - run: echo '${{ toJSON(github.event.pages.*.title) }}' # safe

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yaml

@@ -1,20 +0,0 @@
-on: issues
-
-env:
-  global_env: ${{ github.event.issue.title }}
-  test: test
-
-jobs:
-  echo-chamber:
-    env:
-      job_env: ${{ github.event.issue.title }}
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.issue.title }}'
-    - run: echo '${{ github.event.issue.body }}'
-    - run: echo '${{ env.global_env }}'
-    - run: echo '${{ env.test }}'
-    - run: echo '${{ env.job_env }}'
-    - run: echo '${{ env.step_env }}'
-      env:
-        step_env: ${{ github.event.issue.title }}

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review.yml

@@ -1,14 +0,0 @@
-on: pull_request_review
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.pull_request.title }}'
-    - run: echo '${{ github.event.pull_request.body }}'
-    - run: echo '${{ github.event.pull_request.head.label }}'
-    - run: echo '${{ github.event.pull_request.head.repo.default_branch }}'
-    - run: echo '${{ github.event.pull_request.head.repo.description }}'
-    - run: echo '${{ github.event.pull_request.head.repo.homepage }}'
-    - run: echo '${{ github.event.pull_request.head.ref }}'
-    - run: echo '${{ github.event.review.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review_comment.yml

@@ -1,14 +0,0 @@
-on: pull_request_review_comment
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.pull_request.title }}'
-    - run: echo '${{ github.event.pull_request.body }}'
-    - run: echo '${{ github.event.pull_request.head.label }}'
-    - run: echo '${{ github.event.pull_request.head.repo.default_branch }}'
-    - run: echo '${{ github.event.pull_request.head.repo.description }}'
-    - run: echo '${{ github.event.pull_request.head.repo.homepage }}'
-    - run: echo '${{ github.event.pull_request.head.ref }}'
-    - run: echo '${{ github.event.comment.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_target.yml

@@ -1,16 +0,0 @@
-on: pull_request_target
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.issue.title }}' # not defined
-    - run: echo '${{ github.event.issue.body }}' # not defined
-    - run: echo '${{ github.event.pull_request.title }}'
-    - run: echo '${{ github.event.pull_request.body }}'
-    - run: echo '${{ github.event.pull_request.head.label }}'
-    - run: echo '${{ github.event.pull_request.head.repo.default_branch }}'
-    - run: echo '${{ github.event.pull_request.head.repo.description }}'
-    - run: echo '${{ github.event.pull_request.head.repo.homepage }}'
-    - run: echo '${{ github.event.pull_request.head.ref }}'
-    - run: echo '${{ github.head_ref }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/push.yml

@@ -1,16 +0,0 @@
-on: push
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.commits[11].message }}'
-    - run: echo '${{ github.event.commits[11].author.email }}'
-    - run: echo '${{ github.event.commits[11].author.name }}'
-    - run: echo '${{ github.event.head_commit.message }}'
-    - run: echo '${{ github.event.head_commit.author.email }}'
-    - run: echo '${{ github.event.head_commit.author.name }}'
-    - run: echo '${{ github.event.head_commit.committer.email }}'
-    - run: echo '${{ github.event.head_commit.committer.name }}'
-    - run: echo '${{ github.event.commits[11].committer.email }}'
-    - run: echo '${{ github.event.commits[11].committer.name }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/workflow_run.yml

@@ -1,16 +0,0 @@
-on:
-  workflow_run:
-    workflows: [test]
-
-jobs:
-  echo-chamber:
-    runs-on: ubuntu-latest
-    steps:
-    - run: echo '${{ github.event.workflow_run.display_title }}'
-    - run: echo '${{ github.event.workflow_run.head_commit.message }}'
-    - run: echo '${{ github.event.workflow_run.head_commit.author.email }}'
-    - run: echo '${{ github.event.workflow_run.head_commit.author.name }}'
-    - run: echo '${{ github.event.workflow_run.head_commit.committer.email }}'
-    - run: echo '${{ github.event.workflow_run.head_commit.committer.name }}'
-    - run: echo '${{ github.event.workflow_run.head_branch }}'
-    - run: echo '${{ github.event.workflow_run.head_repository.description }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected

@@ -1,65 +0,0 @@
-| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. |
-| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.discussion.title }}, which may be controlled by an external user. |
-| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.discussion.body }}, which may be controlled by an external user. |
-| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.discussion.title }}, which may be controlled by an external user. |
-| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.discussion.body }}, which may be controlled by an external user. |
-| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pages[1].title }}, which may be controlled by an external user. |
-| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pages[11].title }}, which may be controlled by an external user. |
-| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.pages[0].page_name }}, which may be controlled by an external user. |
-| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.pages[2222].page_name }}, which may be controlled by an external user. |
-| .github/workflows/issues.yaml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. |
-| .github/workflows/issues.yaml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. |
-| .github/workflows/issues.yaml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${{ env.global_env }}, which may be controlled by an external user. |
-| .github/workflows/issues.yaml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${{ env.job_env }}, which may be controlled by an external user. |
-| .github/workflows/issues.yaml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${{ env.step_env }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.review.body }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. |
-| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the ${{ github.head_ref }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the ${{ github.event.commits[11].message }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.commits[11].author.email }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.commits[11].author.name }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the ${{ github.event.head_commit.message }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.head_commit.author.email }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.head_commit.author.name }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.head_commit.committer.email }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.head_commit.committer.name }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.commits[11].committer.email }}, which may be controlled by an external user. |
-| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.commits[11].committer.name }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.workflow_run.display_title }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.message }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.author.email }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.author.name }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.committer.email }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.committer.name }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.workflow_run.head_branch }}, which may be controlled by an external user. |
-| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.workflow_run.head_repository.description }}, which may be controlled by an external user. |
-| action1/action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. |

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.qlref

@@ -1 +0,0 @@
-query: Security/CWE-094/ExpressionInjection.ql

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action1/action.yml

@@ -1,14 +0,0 @@
-name: 'test'
-description: 'test'
-branding:
-  icon: 'test'
-  color: 'test'
-inputs:
-  test:
-    description: test
-    required: false
-    default: 'test'
-runs:
-  using: "composite"
-  steps:
-    - run: echo '${{ github.event.comment.body }}'

javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action2/action.yml

@@ -1,17 +0,0 @@
-name: 'Hello World'
-description: 'Greet someone and record the time'
-inputs:
-  who-to-greet:  # id of input
-    description: 'Who to greet'
-    required: true
-    default: 'World'
-outputs:
-  time: # id of output
-    description: 'The time we greeted you'
-runs:
-  using: 'docker'
-  steps: # this is actually invalid, used to test we correctly identify composite actions
-    - run: echo '${{ github.event.comment.body }}'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.who-to-greet }}

javascript/ql/test/query-tests/Security/CWE-312/.github/workflows/test.yml

@@ -1,87 +0,0 @@
-name: secrets-in-artifacts
-on:
-  pull_request:
-jobs:
-  test1: # VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: .
-  test2: # NOT VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@v4
-        with:
-          name: file
-          path: .
-  test3: # VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: "*"
-  test4: # VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: foo
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: foo
-  test5: # VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: foo
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: foo/*
-  test6: # NOT VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: pr 
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: foo
-  test7: # NOT VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: .
-  test8: # VULNERABLE
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: true
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
-        with:
-          name: file
-          path: .
-

javascript/ql/test/query-tests/Security/CWE-312/ActionsArtifactLeak.expected

@@ -1,5 +0,0 @@
-| .github/workflows/test.yml:9:9:14:2 | name: " ... tifact" | A secret may be exposed in an artifact. |
-| .github/workflows/test.yml:27:9:32:2 | name: " ... tifact" | A secret may be exposed in an artifact. |
-| .github/workflows/test.yml:38:9:43:2 | name: " ... tifact" | A secret may be exposed in an artifact. |
-| .github/workflows/test.yml:49:9:54:2 | name: " ... tifact" | A secret may be exposed in an artifact. |
-| .github/workflows/test.yml:82:9:86:18 | name: " ... tifact" | A secret may be exposed in an artifact. |

javascript/ql/test/query-tests/Security/CWE-312/ActionsArtifactLeak.qlref

@@ -1 +0,0 @@
-query: Security/CWE-312/ActionsArtifactLeak.ql