Class EnvVarInjectionFromEnvVarSink

Holds if a Run step declares an environment variable, uses it to declare env var. e.g. env: BODY: ${{ github.event.comment.body }} run: | echo “FOO=$BODY” >> $GITHUB_ENV

Import path

import codeql.actions.security.EnvVarInjectionQuery

Direct supertypes

EnvVarInjectionSink

Indirect supertypes

Node
TNode

Fields

command
inVar
injectedVar

Inherited predicates

asExpr		from Node
getLocation		from Node
hasLocationInfo	Holds if this element is at the specified location. The location spans column `startcolumn` of line `startline` to column `endcolumn` of line `endline` in file `filepath`. For more information, see Locations.	from Node
toString	Gets a textual representation of this element.	from Node

Charpred

EnvVarInjectionFromEnvVarSink