Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]

2026-04-11 18:14:01 +02:00 · 2026-04-02 11:32:37 -04:00
parent cedacc91db
commit e69e30aa84
3 changed files with 7 additions and 4 deletions
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
@@ -21,5 +21,5 @@ where
  ArtifactPoisoningFlow::flowPath(source, sink) and
  event = getRelevantEventInPrivilegedContext(sink.getNode())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user ($@).", sink,
-  sink.getNode().toString(), event, event.getName()
+  "Potential artifact poisoning, which may be controlled by an external user ($@).", event,
+  event.getName()
--- a/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
+++ b/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
@@ -21,5 +21,4 @@ where
  ArtifactPoisoningFlow::flowPath(source, sink) and
  inNonPrivilegedContext(sink.getNode().asExpr())
 select sink.getNode(), source, sink,
-  "Potential artifact poisoning in $@, which may be controlled by an external user.", sink,
-  sink.getNode().toString()
+  "Potential artifact poisoning, which may be controlled by an external user."
--- a/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
+++ b/actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Fixed alert messages in `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` as they previously included a redundant placeholder in the alert message that would on occasion contain a long block of yml that makes the alert difficult to understand.