Improve extraction of Output/Env assignments

2026-01-06 19:20:25 +01:00 · 2024-10-25 10:25:47 +02:00
parent 6802cd2398
commit d8f79818d6
1 changed files with 8 additions and 8 deletions
--- a/ql/lib/codeql/actions/Bash.qll
+++ b/ql/lib/codeql/actions/Bash.qll
@@ -256,20 +256,20 @@ class BashShellScript extends ShellScript {

  override predicate getAWriteToGitHubEnv(string name, string data) {
    exists(string raw |
-      Bash::extractFileWrite(this.getRawScript(), "GITHUB_ENV", raw) and
+      Bash::extractFileWrite(this, "GITHUB_ENV", raw) and
      Bash::extractVariableAndValue(raw, name, data)
    )
  }

  override predicate getAWriteToGitHubOutput(string name, string data) {
    exists(string raw |
-      Bash::extractFileWrite(this.getRawScript(), "GITHUB_OUTPUT", raw) and
+      Bash::extractFileWrite(this, "GITHUB_OUTPUT", raw) and
      Bash::extractVariableAndValue(raw, name, data)
    )
  }

  override predicate getAWriteToGitHubPath(string data) {
-    Bash::extractFileWrite(this.getRawScript(), "GITHUB_PATH", data)
+    Bash::extractFileWrite(this, "GITHUB_PATH", data)
  }

  override predicate getAnEnvReachingGitHubOutputWrite(string var, string output_field) {
@@ -542,12 +542,12 @@ module Bash {
    blockFileWrite(script, cmd, file, content, filters)
  }

-  bindingset[script, file_var]
-  predicate extractFileWrite(string script, string file_var, string content) {
+  bindingset[file_var]
+  predicate extractFileWrite(BashShellScript script, string file_var, string content) {
    // single line assignment
    exists(string file_expr, string raw_content |
      isParameterExpansion(file_expr, file_var, _, _) and
-      singleLineFileWrite(script.splitAt("\n"), _, file_expr, raw_content, _) and
+      singleLineFileWrite(script.getAStmt(), _, file_expr, raw_content, _) and
      content = trimQuotes(raw_content)
    )
    or
@@ -566,12 +566,12 @@ module Bash {
        cmd = "add-path" and
        content = value
      ) and
-      singleLineWorkflowCmd(script.splitAt("\n"), cmd, key, value)
+      singleLineWorkflowCmd(script.getAStmt(), cmd, key, value)
    )
    or
    // multiline assignment
    exists(string file_expr, string raw_content |
-      multiLineFileWrite(script, _, file_expr, raw_content, _) and
+      multiLineFileWrite(script.getRawScript(), _, file_expr, raw_content, _) and
      isParameterExpansion(file_expr, file_var, _, _) and
      content = trimQuotes(raw_content)
    )