Module Config
Import path
import codeql.actions.config.ConfigPredicates
| actionsPermissionsDataModel | MaD models for permissions needed by actions Fields: - action: action name, e.g. |
| argumentInjectionSinksDataModel | MaD models for arguments to commands that execute the given argument. Fields: - regexp: Regular expression for matching argument injections. - command_group: capture group for the command. - argument_group: capture group for the argument. |
| contextTriggerDataModel | MaD models for context/trigger mapping Fields: - trigger: Trigger for the workflow - context_prefix: Prefix for the context |
| externallyTriggerableEventsDataModel | MaD models for externally triggerable events Fields: - event: Event name |
| immutableActionsDataModel | MaD models for immutable actions Fields: - action: action name |
| poisonableActionsDataModel | MaD models for poisonable actions Fields: - action: action name |
| poisonableCommandsDataModel | MaD models for poisonable commands Fields: - regexp: Regular expression for matching poisonable commands |
| poisonableLocalScriptsDataModel | MaD models for poisonable local scripts Fields: - regexp: Regular expression for matching poisonable local scripts - group: Script capture group number for the regular expression |
| repositoryDataModel | MaD models for repository details Fields: - visibility: Visibility of the repository - default_branch_name: Default branch name |
| trustedActionsOwnerDataModel | MaD models for trusted actions owners Fields: - owner: owner name |
| untrustedEventPropertiesDataModel | MaD models for event properties that can be user-controlled. Fields: - property: event property - kind: property kind |
| untrustedGhCommandDataModel | MaD models for untrusted gh commands Fields: - cmd_regex: Regular expression for matching untrusted gh commands - flag: Flag for the command |
| untrustedGitCommandDataModel | MaD models for untrusted git commands Fields: - cmd_regex: Regular expression for matching untrusted git commands - flag: Flag for the command |
| vulnerableActionsDataModel | MaD models for vulnerable actions Fields: - action: action name - vulnerable_version: vulnerable version - vulnerable_sha: vulnerable sha - fixed_version: fixed version |
| workflowDataModel | MaD models for workflow details Fields: - path: Path to the workflow file - trigger: Trigger for the workflow - job: Job name - secrets_source: Source of secrets - permissions: Permissions for the workflow - runner: Runner info for the workflow |
Aliases
| Extensions | This module provides extensible predicates for defining MaD models. |