codeql/actions.js at aeisenberg/add-immutable-actions - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00

Files

Asger F 1a9956354e JS: Restrict getInput to indirect command injection query

2023-05-03 16:10:03 +02:00

6 lines

127 B

JavaScript

Raw Permalink Blame History

 const github = require('@actions/github');
 function test() {
     eval(github.context.payload.commits[1].message); // NOT OK
 }