hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-26 21:56:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add CmdI test

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-10-14 12:50:11 +02:00
parent 3b95ae0b53
commit ff17d1dcb1
4 changed files with 284 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ql/src/Debug/partial.ql
View File

@@ -18,7 +18,9 @@ import PartialFlow::PartialPathGraph
private module MyConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource and
source.getLocation().getFile().getBaseName() = "non-existant-test.yml"
//source.getLocation().getFile().getBaseName() = "non-existant-test.yml"
source.getLocation().getFile().getBaseName() = "test16.yml" and
source.getLocation().getStartLine() = 125
}
predicate isSink(DataFlow::Node sink) { none() }

231
ql/test/query-tests/Security/CWE-094/.github/workflows/test16.yml vendored Normal file
View File

@@ -0,0 +1,231 @@
name: 📤 Preview Deploy
on:
workflow_run:
workflows:
- 🎬 Setup
types:
- completed
permissions:
contents: read
pull-requests: write
jobs:
setup:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
outputs:
id: ${{ steps.pr.outputs.value }}
ref: ${{ steps.ref.outputs.value }}
repo: ${{ steps.repo.outputs.value }}
steps:
# Get PR id from artifact
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
run_id: ${{ github.event.workflow_run.id }}
name: pr-id
- name: get PR id
id: pr
run: echo "value=$(<pr-id.txt)" >> $GITHUB_OUTPUT
# Get PR ref from artifact
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
run_id: ${{ github.event.workflow_run.id }}
name: pr-ref
- name: get PR ref
id: ref
run: echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT
# Get PR repo from artifact
- name: download pr artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: ${{ github.event.workflow_run.workflow_id }}
run_id: ${{ github.event.workflow_run.id }}
name: pr-repo
- name: get PR repo
id: repo
run: echo "value=$(<pr-repo.txt)" >> $GITHUB_OUTPUT
prepare:
runs-on: ubuntu-latest
needs: [setup]
steps:
# ================= Create Comment =================
- name: 🧽 Find And Delete Comment
uses: peter-evans/find-comment@v2
if: ${{ needs.setup.outputs.id != '' }}
id: fc
with:
issue-number: ${{ needs.setup.outputs.id }}
comment-author: 'github-actions[bot]'
body-includes: View Deployment
- name: 📝 Create or update comment
uses: peter-evans/create-or-update-comment@v3
if: ${{ needs.setup.outputs.id != '' }}
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ needs.setup.outputs.id }}
body: |
## View Deployment
[#${{ github.run_id }}](https://github.com/dream-num/univer/actions/runs/${{ github.run_id }})
<p align="center">
🥐 🍔 🥓 🥗 🥘 🌯 🍚 🍛 🍖 🍭 🍧 🍝 🥪 🥖 🍪 <br />
Still cooking, please come back later <br />
🥙 🥮 🥨 🌭 🍦 🍙 🍕 🍰 🍮 🍜 🍡 🍱 🍿 🍕 🥟
</p>
edit-mode: replace
build-demo:
runs-on: ubuntu-latest
needs: [setup]
outputs:
preview-url: ${{ steps.vercel-demo-dev.outputs.preview-url == '' && steps.vercel-demo.outputs.preview-url || steps.vercel-demo-dev.outputs.preview-url }}
commit-message: ${{ steps.commit-message.outputs.value }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ needs.setup.outputs.repo }}
ref: ${{ needs.setup.outputs.ref }}
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
- name: Install dependencies
run: pnpm install
- name: Get commit message
id: commit-message
run: echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT
# ================= Deploy Demo =================
- name: 📦 Build demo
run: pnpm build:demo
- name: Copy demo to workspace
run: |
mkdir .workspace
cp -r ./examples/local/* .workspace
- name: 🚀 Deploy to Vercel (demo)
uses: amondnet/vercel-action@v25
if: ${{ needs.setup.outputs.ref == '' }}
id: vercel-demo
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.ORG_ID }}
vercel-project-id: ${{ secrets.PROJECT_ID}}
vercel-args: --prod
- name: 🚀 Deploy to Vercel (demo)
uses: amondnet/vercel-action@v25
if: ${{ needs.setup.outputs.ref != '' }}
id: vercel-demo-dev
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.ORG_ID }}
vercel-project-id: ${{ secrets.PROJECT_ID}}
build-storybook:
runs-on: ubuntu-latest
needs: [setup]
outputs:
preview-url: ${{ steps.vercel-storybook-dev.outputs.preview-url == '' && steps.vercel-storybook.outputs.preview-url || steps.vercel-storybook-dev.outputs.preview-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ needs.setup.outputs.repo }}
ref: ${{ needs.setup.outputs.ref }}
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
- name: Install dependencies
run: pnpm install
# ================= Deploy Storybook =================
- name: 📦 Build storybook
run: pnpm storybook:build
- name: 🚀 Deploy to Vercel (demo)
uses: amondnet/vercel-action@v25
if: ${{ needs.setup.outputs.ref == '' }}
id: vercel-storybook
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.ORG_ID }}
vercel-project-id: ${{ secrets.PROJECT_ID_STORYBOOK}}
vercel-args: --prod
- name: 🚀 Deploy to Vercel (storybook)
uses: amondnet/vercel-action@v25
if: ${{ needs.setup.outputs.ref != '' }}
id: vercel-storybook-dev
with:
vercel-token: ${{ secrets.VERCEL_TOKEN }}
vercel-org-id: ${{ secrets.ORG_ID }}
vercel-project-id: ${{ secrets.PROJECT_ID_STORYBOOK}}
notify:
runs-on: ubuntu-latest
needs: [setup, build-demo, build-storybook]
steps:
- name: Invoke deployment hook
uses: actions/github-script@v3
with:
script: >
{
"type": "build",
"workflow": {
"id": "${{ github.run_id }}"
},
"commit": {
"ref": "${{ needs.setup.outputs.ref }}",
"message": "${{ needs.build-demo.outputs.commit-message }}",
"id": "${{ github.event.workflow_run.head_commit.id }}",
"author": "${{ github.event.workflow_run.head_commit.author.name }}"
},
"preview": {
"📑 Examples": "${{ needs.build-demo.outputs.preview-url }}/",
"📚 Storybook": "${{ needs.build-storybook.outputs.preview-url }}/"
}
}

27
ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
View File

@@ -145,6 +145,16 @@ edges
| .github/workflows/test15.yml:26:14:27:100 | echo "TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:23:5:29:2 | Job: test3 [TITLE] | provenance | |
| .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | .github/workflows/test15.yml:36:21:36:36 | env.TITLE | provenance | |
| .github/workflows/test15.yml:33:14:35:50 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | provenance | |
| .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | provenance | |
| .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | provenance | |
| .github/workflows/test16.yml:26:15:33:12 | Uses Step | .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | provenance | Config |
| .github/workflows/test16.yml:38:15:45:12 | Uses Step | .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | provenance | Config |
| .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | provenance | |
| .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | provenance | |
| .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | provenance | |
| .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | provenance | |
| .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | provenance | |
| .github/workflows/test16.yml:125:20:125:75 | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT | .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | provenance | |
| .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | .github/workflows/test.yml:52:20:52:56 | needs.job1.outputs['job_output'] | provenance | |
| .github/workflows/test.yml:11:20:11:50 | steps.step5.outputs.MSG5 | .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | provenance | |
| .github/workflows/test.yml:17:9:23:6 | Uses Step: step0 [value] | .github/workflows/test.yml:25:18:25:48 | steps.step0.outputs.value | provenance | |
@@ -449,6 +459,19 @@ nodes
| .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | semmle.label | Job: test4 [TITLE] |
| .github/workflows/test15.yml:33:14:35:50 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n | semmle.label | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n |
| .github/workflows/test15.yml:36:21:36:36 | env.TITLE | semmle.label | env.TITLE |
| .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | semmle.label | Job outputs node [ref] |
| .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | semmle.label | steps.ref.outputs.value |
| .github/workflows/test16.yml:26:15:33:12 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test16.yml:38:15:45:12 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | semmle.label | Run Step: ref [value] |
| .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | semmle.label | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT |
| .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | semmle.label | Job outputs node [commit-message] |
| .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | semmle.label | steps.commit-message.outputs.value |
| .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | semmle.label | Run Step: commit-message [value] |
| .github/workflows/test16.yml:125:20:125:75 | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT | semmle.label | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT |
| .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | semmle.label | github.event.workflow_run.head_commit.author.name |
| .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | semmle.label | needs.build-demo.outputs.commit-message |
| .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | semmle.label | needs.setup.outputs.ref |
| .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | semmle.label | Job outputs node [job_output] |
| .github/workflows/test.yml:11:20:11:50 | steps.step5.outputs.MSG5 | semmle.label | steps.step5.outputs.MSG5 |
| .github/workflows/test.yml:17:9:23:6 | Uses Step: step0 [value] | semmle.label | Uses Step: step0 [value] |
@@ -596,6 +619,10 @@ subpaths
| .github/workflows/test15.yml:21:21:21:52 | steps.title.outputs.title | .github/workflows/test15.yml:18:14:20:53 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "title=$PR_TITLE" >> "$GITHUB_OUTPUT"\n | .github/workflows/test15.yml:21:21:21:52 | steps.title.outputs.title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test15.yml:21:21:21:52 | steps.title.outputs.title | ${{ steps.title.outputs.title }} |
| .github/workflows/test15.yml:28:21:28:36 | env.TITLE | .github/workflows/test15.yml:26:14:27:100 | echo "TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:28:21:28:36 | env.TITLE | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test15.yml:28:21:28:36 | env.TITLE | ${{ env.TITLE }} |
| .github/workflows/test15.yml:36:21:36:36 | env.TITLE | .github/workflows/test15.yml:33:14:35:50 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:36:21:36:36 | env.TITLE | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test15.yml:36:21:36:36 | env.TITLE | ${{ env.TITLE }} |
| .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | ${{ github.event.workflow_run.head_commit.author.name }} |
| .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | .github/workflows/test16.yml:125:20:125:75 | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT | .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | ${{ needs.build-demo.outputs.commit-message }} |
| .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | .github/workflows/test16.yml:26:15:33:12 | Uses Step | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | ${{ needs.setup.outputs.ref }} |
| .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | .github/workflows/test16.yml:38:15:45:12 | Uses Step | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | ${{ needs.setup.outputs.ref }} |
| .github/workflows/test.yml:52:20:52:56 | needs.job1.outputs['job_output'] | .github/workflows/test.yml:20:20:20:62 | github.event['pull_request']['body'] | .github/workflows/test.yml:52:20:52:56 | needs.job1.outputs['job_output'] | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test.yml:52:20:52:56 | needs.job1.outputs['job_output'] | ${{needs.job1.outputs['job_output']}} |
| .github/workflows/untrusted_checkout1.yml:15:20:15:58 | steps.artifact.outputs.pr_number | .github/workflows/untrusted_checkout1.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout1.yml:15:20:15:58 | steps.artifact.outputs.pr_number | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/untrusted_checkout1.yml:15:20:15:58 | steps.artifact.outputs.pr_number | ${{ steps.artifact.outputs.pr_number }} |
| .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run.yml:9:19:9:64 | github.event.workflow_run.display_title | ${{ github.event.workflow_run.display_title }} |

23
ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
View File

@@ -145,6 +145,16 @@ edges
| .github/workflows/test15.yml:26:14:27:100 | echo "TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:23:5:29:2 | Job: test3 [TITLE] | provenance | |
| .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | .github/workflows/test15.yml:36:21:36:36 | env.TITLE | provenance | |
| .github/workflows/test15.yml:33:14:35:50 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n | .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | provenance | |
| .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | provenance | |
| .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | provenance | |
| .github/workflows/test16.yml:26:15:33:12 | Uses Step | .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | provenance | Config |
| .github/workflows/test16.yml:38:15:45:12 | Uses Step | .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | provenance | Config |
| .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | provenance | |
| .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | provenance | |
| .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | provenance | |
| .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | provenance | |
| .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | provenance | |
| .github/workflows/test16.yml:125:20:125:75 | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT | .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | provenance | |
| .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | .github/workflows/test.yml:52:20:52:56 | needs.job1.outputs['job_output'] | provenance | |
| .github/workflows/test.yml:11:20:11:50 | steps.step5.outputs.MSG5 | .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | provenance | |
| .github/workflows/test.yml:17:9:23:6 | Uses Step: step0 [value] | .github/workflows/test.yml:25:18:25:48 | steps.step0.outputs.value | provenance | |
@@ -449,6 +459,19 @@ nodes
| .github/workflows/test15.yml:30:5:36:37 | Job: test4 [TITLE] | semmle.label | Job: test4 [TITLE] |
| .github/workflows/test15.yml:33:14:35:50 | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n | semmle.label | PR_TITLE=$(jq --raw-output .pull_request.title ${GITHUB_EVENT_PATH})\necho "TITLE=$PR_TITLE" >> "$GITHUB_ENV"\n |
| .github/workflows/test15.yml:36:21:36:36 | env.TITLE | semmle.label | env.TITLE |
| .github/workflows/test16.yml:20:13:24:8 | Job outputs node [ref] | semmle.label | Job outputs node [ref] |
| .github/workflows/test16.yml:21:19:21:48 | steps.ref.outputs.value | semmle.label | steps.ref.outputs.value |
| .github/workflows/test16.yml:26:15:33:12 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test16.yml:38:15:45:12 | Uses Step | semmle.label | Uses Step |
| .github/workflows/test16.yml:45:15:50:12 | Run Step: ref [value] | semmle.label | Run Step: ref [value] |
| .github/workflows/test16.yml:47:20:47:64 | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT | semmle.label | echo "value=$(<pr-ref.txt)" >> $GITHUB_OUTPUT |
| .github/workflows/test16.yml:99:13:102:8 | Job outputs node [commit-message] | semmle.label | Job outputs node [commit-message] |
| .github/workflows/test16.yml:100:30:100:70 | steps.commit-message.outputs.value | semmle.label | steps.commit-message.outputs.value |
| .github/workflows/test16.yml:123:15:128:12 | Run Step: commit-message [value] | semmle.label | Run Step: commit-message [value] |
| .github/workflows/test16.yml:125:20:125:75 | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT | semmle.label | echo "value=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT |
| .github/workflows/test16.yml:215:19:230:24 | github.event.workflow_run.head_commit.author.name | semmle.label | github.event.workflow_run.head_commit.author.name |
| .github/workflows/test16.yml:215:19:230:24 | needs.build-demo.outputs.commit-message | semmle.label | needs.build-demo.outputs.commit-message |
| .github/workflows/test16.yml:215:19:230:24 | needs.setup.outputs.ref | semmle.label | needs.setup.outputs.ref |
| .github/workflows/test.yml:11:7:13:4 | Job outputs node [job_output] | semmle.label | Job outputs node [job_output] |
| .github/workflows/test.yml:11:20:11:50 | steps.step5.outputs.MSG5 | semmle.label | steps.step5.outputs.MSG5 |
| .github/workflows/test.yml:17:9:23:6 | Uses Step: step0 [value] | semmle.label | Uses Step: step0 [value] |