CodeQL library for GitHub Actions
codeql/actions-all 0.4.29 (changelog, source)
Index
Search

Module ArgumentInjectionQuery

Import path

import codeql.actions.security.ArgumentInjectionQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

FlowSources

Predicates

getRelevantEventInPrivilegedContext

Gets the event that is relevant for the given node in the context of argument injection.

Classes

ArgumentInjectionFromCommandSink

Holds if a Run step executes a command that returns untrusted data which flows to an unsafe argument e.g. run: | BODY=$(git log –format=%s) sed “s/FOO/$BODY/g” > /tmp/foo

ArgumentInjectionFromEnvVarSink

Holds if a Run step declares an environment variable, uses it as the argument to a command vulnerable to argument injection. e.g. env: BODY: ${{ github.event.comment.body }} run: | sed “s/FOO/$BODY/g” > /tmp/foo

ArgumentInjectionFromMaDSink

Holds if a Run step declares an environment variable, uses it as the argument to a command vulnerable to argument injection.

ArgumentInjectionSink

Aliases

ArgumentInjectionFlow

Tracks flow of unsafe user input that is used to construct and evaluate a code script.