Holds if a 3rd party action declares an environment variable with contents from an untrusted file. e.g.
- name: Load .env file uses: aarcangeli/load-dotenv@v1.0.0 with: path: ‘backend/new’ filenames: | .env .env.test quiet: false if-file-not-found: error
Import path
import codeql.actions.security.EnvVarInjectionQueryDirect supertypes
Inherited predicates
| asExpr | from Node | |
| getLocation | from Node | |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| toString | Gets a textual representation of this element. | from Node |