hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 11:10:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reduce FP for actor/association checks that cannot be bypassed this way

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-05-16 10:28:24 +02:00
parent 1b4246e7f1
commit e28ad1d644
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
View File

@@ -15,7 +15,7 @@ import actions
import codeql.actions.security.UntrustedCheckoutQuery
import codeql.actions.security.PoisonableSteps
from ControlCheck check, MutableRefCheckoutStep checkout
from LabelControlCheck check, MutableRefCheckoutStep checkout
where
// the mutable checkout step is protected by an access check
check = [checkout.getIf(), checkout.getEnclosingJob().getIf()] and

2
ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
View File

@@ -15,7 +15,7 @@ import actions
import codeql.actions.security.UntrustedCheckoutQuery
import codeql.actions.security.PoisonableSteps
from ControlCheck check, MutableRefCheckoutStep checkout
from LabelControlCheck check, MutableRefCheckoutStep checkout
where
// the mutable checkout step is protected by an access check
check = [checkout.getIf(), checkout.getEnclosingJob().getIf()] and