CodeQL library for GitHub Actions
codeql/actions-all 0.4.27-dev (changelog, source)
Index
Search

Module EnvPathInjectionQuery

Import path

import codeql.actions.security.EnvPathInjectionQuery

Predicates

getRelevantArtifactEventInPrivilegedContext

Get the relevant event for a sink in EnvPathInjectionCritical.ql where the source type is “artifact”.

getRelevantNonArtifactEventInPrivilegedContext

Get the relevant event for a sink in EnvPathInjectionCritical.ql where the source type is not “artifact”.

Classes

EnvPathInjectionFromCommandSink

Holds if a Run step executes a command that returns untrusted data which flows to GITHUB_ENV e.g. run: | COMMIT_MESSAGE=$(git log –format=%s) echo “${COMMIT_MESSAGE}” >> $GITHUB_PATH

EnvPathInjectionFromEnvVarSink

Holds if a Run step declares an environment variable, uses it to declare a PATH env var. e.g. env: BODY: ${{ github.event.comment.body }} run: | echo “$BODY” >> $GITHUB_PATH

EnvPathInjectionFromFileReadSink

Holds if a Run step declares a PATH environment variable with contents from a local file.

EnvPathInjectionFromMaDSink
EnvPathInjectionSink

Aliases

EnvPathInjectionFlow

Tracks flow of unsafe user input that is used to construct and evaluate the PATH environment variable.