hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Minor fixes for Actions query help

Browse Source
This commit is contained in:
Aditya Sharad
2025-04-14 13:25:54 -07:00
parent 32f191cd9d
commit eeb938a76d
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md
View File

@@ -109,7 +109,7 @@ An attacker could craft a malicious artifact that writes dangerous environment v
### Exploitation
An attacker is be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.
An attacker would be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.
## References

4
actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md
View File

@@ -2,11 +2,11 @@
## Description
Secrets derived from other secrets are not know to the workflow runner and therefore not masked unless explicitly registered.
Secrets derived from other secrets are not known to the workflow runner, and therefore are not masked unless explicitly registered.
## Recommendations
Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow since these read values will not be masked by the workflow runner.
Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow, since these read values will not be masked by the workflow runner.
## Examples