Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 3d208c0 commit cb9b01cCopy full SHA for cb9b01c
1 file changed
javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll
@@ -26,11 +26,13 @@ private API::Node taintSource() {
26
or
27
result = payload().getMember(["review", "review_comment", "comment"]).getMember("body")
28
29
- result = workflowRun().getMember("head_branch")
+ result = workflowRun().getMember(["head_branch", "display_title"])
30
+ or
31
+ result = workflowRun().getMember("head_repository").getMember("description")
32
33
result = commitObj().getMember("message")
34
- result = commitObj().getMember("author").getMember(["name", "email"])
35
+ result = commitObj().getMember(["author", "committer"]).getMember(["name", "email"])
36
}
37
38
private class GitHubActionsSource extends RemoteFlowSource {
0 commit comments