Class WorkflowCommandClobberingFromEnvVarSink

  - id: clob1
    env:
      BODY: ${{ github.event.comment.body }}
    run: |
      # VULNERABLE
      echo $BODY
      echo "::set-output name=OUTPUT::SAFE"
  - id: clob2
    env:
      BODY: ${{ github.event.comment.body }}
    run: |
      # VULNERABLE
      echo "::set-output name=OUTPUT::SAFE"
      echo $BODY

Import path

import codeql.actions.security.OutputClobberingQuery

Direct supertypes

OutputClobberingSink

Indirect supertypes

Node
TNode

Inherited predicates

asExpr		from Node
getLocation		from Node
hasLocationInfo	Holds if this element is at the specified location. The location spans column `startcolumn` of line `startline` to column `endcolumn` of line `endline` in file `filepath`. For more information, see Locations.	from Node
toString	Gets a textual representation of this element.	from Node

Charpred

WorkflowCommandClobberingFromEnvVarSink