Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Actions] CWE-285/ImproperAccessControl.ql Not Currently Working #20706

New issue
New issue
Open
Open
[Actions] CWE-285/ImproperAccessControl.ql Not Currently Working#20706
Labels
questionFurther information is requested
@AdnaneKhan

Description

@AdnaneKhan
AdnaneKhan
opened on Oct 28, 2025

Description of the issue

The Actions ImproperAccessControl query is not working even for trivial workflows. This is an example from https://github.com/github/codeql/blob/main/actions/ql/src/Security/CWE-285/ImproperAccessControl.md and does not trigger a detection.

on:
  pull_request_target:
    types: [opened, synchronize]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo for OWNER TEST
        uses: actions/checkout@v3
        if: contains(github.event.pull_request.labels.*.name, 'safe to test')
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - run: ./cmd

All my attempts to try variations that did trigger a finding also failed. Is this detection enabled as part of the default suite (it appears to be)?

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions