From 1233d81523e40bec36476573ac2b4dcbcd82dc85 Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Wed, 15 Apr 2026 14:11:17 -0400 Subject: [PATCH 1/8] Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries --- actions/ql/lib/ext/config/poisonable_steps.yml | 4 ++-- .../src/Security/CWE-094/CodeInjectionMedium.ql | 17 +++++++++++------ .../CWE-829/UntrustedCheckoutCritical.md | 3 ++- .../CWE-829/UntrustedCheckoutCritical.ql | 2 +- .../Security/CWE-829/UntrustedCheckoutHigh.md | 3 ++- .../Security/CWE-829/UntrustedCheckoutHigh.ql | 2 +- .../Security/CWE-829/UntrustedCheckoutMedium.md | 3 ++- ...026-04-15-untrusted-checkout-improvements.md | 6 ++++++ 8 files changed, 27 insertions(+), 13 deletions(-) create mode 100644 actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md diff --git a/actions/ql/lib/ext/config/poisonable_steps.yml b/actions/ql/lib/ext/config/poisonable_steps.yml index 3c1aec70a240..d15b8d7a6a5f 100644 --- a/actions/ql/lib/ext/config/poisonable_steps.yml +++ b/actions/ql/lib/ext/config/poisonable_steps.yml @@ -70,7 +70,7 @@ extensions: - ["(source|sh|bash|zsh|fish)\\s+([^\\s]+)\\b", 2] - ["(node)\\s+([^\\s]+)(\\.js|\\.ts)\\b", 2] - ["(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b", 2] + - ["(python[\\d\\.]*)\\s+([\\-m]+)\\s+(\\w+)\\b", 2] # eg: pythonX -m anything(dir or file) - ["(ruby)\\s+([^\\s]+)\\.rb\\b", 2] - - ["(go)\\s+(generate|run)\\s+([^\\s]+)\\.go\\b", 3] + - ["(go)\\s+(generate|run)\\s+([^\\s]+)", 3] - ["(dotnet)\\s+([^\\s]+)\\.csproj\\b", 2] - diff --git a/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql b/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql index 8bc3fe8f51ad..22ab430105a3 100644 --- a/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql @@ -2,7 +2,7 @@ * @name Code injection * @description Interpreting unsanitized user input as code allows a malicious user to perform arbitrary * code execution. - * @kind path-problem + * @ kind path-problem * @problem.severity warning * @security-severity 5.0 * @precision medium @@ -18,8 +18,13 @@ import actions import codeql.actions.security.CodeInjectionQuery import CodeInjectionFlow::PathGraph -from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink -where mediumSeverityCodeInjection(source, sink) -select sink.getNode(), source, sink, - "Potential code injection in $@, which may be controlled by an external user.", sink, - sink.getNode().asExpr().(Expression).getRawExpression() +// from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +// where mediumSeverityCodeInjection(source, sink) +// select sink.getNode(), source, sink, +// "Potential code injection in $@, which may be controlled by an external user.", sink, +// sink.getNode().asExpr().(Expression).getRawExpression() +from string test +where + test.regexpMatch("(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b") and + test = "python -m dir" //go run main/main.go //go run . +select test diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md index 6060354b134a..246e302e85b8 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md @@ -1,6 +1,6 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. ## Recommendation @@ -133,3 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index ad79a1ce776f..8e8882f9cf5f 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -51,5 +51,5 @@ where event.getName() = checkoutTriggers() and not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout")) and not exists(ControlCheck check | check.protects(poisonable, event, "untrusted-checkout")) -select poisonable, checkout, poisonable, +select checkout, checkout, poisonable, "Potential execution of untrusted code on a privileged workflow ($@)", event, event.getName() diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md index 6060354b134a..f412421b7f1d 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md @@ -1,6 +1,6 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. ## Recommendation @@ -133,3 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql index 98b9aee33f77..5c2d4b3d56c8 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in trusted context + * @name Checkout of untrusted code in privileged context without privileged context use * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md index 6060354b134a..246e302e85b8 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md @@ -1,6 +1,6 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed (e.g., due to a modified build script) in a privileged job. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. ## Recommendation @@ -133,3 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md new file mode 100644 index 000000000000..ef16e84e2c21 --- /dev/null +++ b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md @@ -0,0 +1,6 @@ +--- +category: majorAnalysis +--- +* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. Additionally alter 2 patterns in the detection such that now extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. This may lead to more results being detected by all 3 queries. +* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query. +* Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. This will cause the same alerts to re-open for closed alerts of this query. \ No newline at end of file From a342efca0e6e04889b87be3925db7b13d00e3a9a Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Wed, 15 Apr 2026 16:12:52 -0400 Subject: [PATCH 2/8] Revert accidental change --- .../src/Security/CWE-094/CodeInjectionMedium.ql | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql b/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql index 22ab430105a3..8bc3fe8f51ad 100644 --- a/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql +++ b/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql @@ -2,7 +2,7 @@ * @name Code injection * @description Interpreting unsanitized user input as code allows a malicious user to perform arbitrary * code execution. - * @ kind path-problem + * @kind path-problem * @problem.severity warning * @security-severity 5.0 * @precision medium @@ -18,13 +18,8 @@ import actions import codeql.actions.security.CodeInjectionQuery import CodeInjectionFlow::PathGraph -// from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink -// where mediumSeverityCodeInjection(source, sink) -// select sink.getNode(), source, sink, -// "Potential code injection in $@, which may be controlled by an external user.", sink, -// sink.getNode().asExpr().(Expression).getRawExpression() -from string test -where - test.regexpMatch("(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b") and - test = "python -m dir" //go run main/main.go //go run . -select test +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where mediumSeverityCodeInjection(source, sink) +select sink.getNode(), source, sink, + "Potential code injection in $@, which may be controlled by an external user.", sink, + sink.getNode().asExpr().(Expression).getRawExpression() From c9e5dbda782fea39790bd736bebaa8a15d59226d Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Wed, 15 Apr 2026 16:26:38 -0400 Subject: [PATCH 3/8] Update actions/ql/lib/ext/config/poisonable_steps.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- actions/ql/lib/ext/config/poisonable_steps.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/lib/ext/config/poisonable_steps.yml b/actions/ql/lib/ext/config/poisonable_steps.yml index d15b8d7a6a5f..cf7f71dccc94 100644 --- a/actions/ql/lib/ext/config/poisonable_steps.yml +++ b/actions/ql/lib/ext/config/poisonable_steps.yml @@ -72,5 +72,5 @@ extensions: - ["(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b", 2] - ["(python[\\d\\.]*)\\s+([\\-m]+)\\s+(\\w+)\\b", 2] # eg: pythonX -m anything(dir or file) - ["(ruby)\\s+([^\\s]+)\\.rb\\b", 2] - - ["(go)\\s+(generate|run)\\s+([^\\s]+)", 3] + - ["(go)\\s+(generate|run)(?:\\s+-[^\\s]+)*\\s+([^\\s]+)", 3] - ["(dotnet)\\s+([^\\s]+)\\.csproj\\b", 2] From 589e1e5c197483f4ff8d31d70c12dda8a016c2d3 Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Wed, 15 Apr 2026 16:27:06 -0400 Subject: [PATCH 4/8] Update actions/ql/lib/ext/config/poisonable_steps.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- actions/ql/lib/ext/config/poisonable_steps.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/lib/ext/config/poisonable_steps.yml b/actions/ql/lib/ext/config/poisonable_steps.yml index cf7f71dccc94..17b1408fa7c3 100644 --- a/actions/ql/lib/ext/config/poisonable_steps.yml +++ b/actions/ql/lib/ext/config/poisonable_steps.yml @@ -70,7 +70,7 @@ extensions: - ["(source|sh|bash|zsh|fish)\\s+([^\\s]+)\\b", 2] - ["(node)\\s+([^\\s]+)(\\.js|\\.ts)\\b", 2] - ["(python[\\d\\.]*)\\s+([^\\s]+)\\.py\\b", 2] - - ["(python[\\d\\.]*)\\s+([\\-m]+)\\s+(\\w+)\\b", 2] # eg: pythonX -m anything(dir or file) + - ["(python[\\d\\.]*)\\s+-m\\s+([A-Za-z_][\\w\\.]*)\\b", 2] # eg: pythonX -m anything(dir or file) - ["(ruby)\\s+([^\\s]+)\\.rb\\b", 2] - ["(go)\\s+(generate|run)(?:\\s+-[^\\s]+)*\\s+([^\\s]+)", 3] - ["(dotnet)\\s+([^\\s]+)\\.csproj\\b", 2] From ed4e2bc5b93ae618ec07dff2c4ba0aa5f853555d Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Wed, 15 Apr 2026 16:29:57 -0400 Subject: [PATCH 5/8] Improve formatting helpfiles --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md | 2 +- actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md | 2 +- actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md index 246e302e85b8..a4fceb1f8da3 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md @@ -133,4 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). -- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md index f412421b7f1d..a4fceb1f8da3 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md @@ -133,4 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). -- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md index 246e302e85b8..a4fceb1f8da3 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md @@ -133,4 +133,4 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). -- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). \ No newline at end of file +- Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). From 81532c7ce672ecaa27077049278c8d9b82529bed Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Thu, 16 Apr 2026 11:37:03 -0400 Subject: [PATCH 6/8] Fix outstanding expected file --- .../UntrustedCheckoutCritical.expected | 78 +++++++++---------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected b/actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected index 39e54b2bbaed..e7c208d1bdbe 100644 --- a/actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected +++ b/actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected @@ -334,42 +334,42 @@ edges | .github/workflows/workflow_run_untrusted_checkout_2.yml:13:9:16:6 | Uses Step | .github/workflows/workflow_run_untrusted_checkout_2.yml:16:9:18:31 | Uses Step | | .github/workflows/workflow_run_untrusted_checkout_3.yml:13:9:16:6 | Uses Step | .github/workflows/workflow_run_untrusted_checkout_3.yml:16:9:18:31 | Uses Step | #select -| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | -| .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | -| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | -| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | -| .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/dependabot3.yml:3:5:3:23 | pull_request_target | pull_request_target | -| .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller1.yaml:4:3:4:21 | pull_request_target | pull_request_target | -| .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/gitcheckout.yml:2:3:2:21 | pull_request_target | pull_request_target | -| .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/label_trusted_checkout2.yml:2:3:2:21 | pull_request_target | pull_request_target | -| .github/workflows/level0.yml:107:9:112:2 | Run Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment | -| .github/workflows/level0.yml:107:9:112:2 | Run Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/level0.yml:133:9:135:23 | Run Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment | -| .github/workflows/level0.yml:133:9:135:23 | Run Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/poc2.yml:42:9:47:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:42:9:47:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/poc2.yml:52:9:58:24 | Run Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:52:9:58:24 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | -| .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller3.yaml:4:3:4:21 | pull_request_target | pull_request_target | -| .github/workflows/test7.yml:33:9:36:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:33:9:36:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/test7.yml:36:9:39:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:36:9:39:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/test7.yml:59:9:60:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:59:9:60:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/test7.yml:60:9:60:37 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:60:9:60:37 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | -| .github/workflows/test10.yml:25:9:30:2 | Run Step | .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:25:9:30:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test10.yml:8:3:8:21 | pull_request_target | pull_request_target | -| .github/workflows/test11.yml:90:7:93:54 | Uses Step | .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:90:7:93:54 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test11.yml:5:3:5:15 | issue_comment | issue_comment | -| .github/workflows/test17.yml:19:15:23:58 | Uses Step | .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test17.yml:3:5:3:16 | workflow_run | workflow_run | -| .github/workflows/test27.yml:21:9:22:16 | Run Step | .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:21:9:22:16 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test26.yml:4:3:4:14 | workflow_run | workflow_run | -| .github/workflows/test29.yml:14:7:21:11 | Uses Step | .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:14:7:21:11 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test29.yml:1:5:1:23 | pull_request_target | pull_request_target | -| .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout3.yml:4:3:4:14 | workflow_run | workflow_run | -| .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | -| .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | -| .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | -| .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target | -| .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target | +| .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout3.yml:4:3:4:14 | workflow_run | workflow_run | +| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | +| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | +| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | +| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target | +| .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/dependabot3.yml:3:5:3:23 | pull_request_target | pull_request_target | +| .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller1.yaml:4:3:4:21 | pull_request_target | pull_request_target | +| .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/gitcheckout.yml:2:3:2:21 | pull_request_target | pull_request_target | +| .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/label_trusted_checkout2.yml:2:3:2:21 | pull_request_target | pull_request_target | +| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment | +| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment | +| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:42:9:47:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:52:9:58:24 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target | +| .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller3.yaml:4:3:4:21 | pull_request_target | pull_request_target | +| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:33:9:36:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:36:9:39:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:59:9:60:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:60:9:60:37 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment | +| .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:25:9:30:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test10.yml:8:3:8:21 | pull_request_target | pull_request_target | +| .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:90:7:93:54 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test11.yml:5:3:5:15 | issue_comment | issue_comment | +| .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test17.yml:3:5:3:16 | workflow_run | workflow_run | +| .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:21:9:22:16 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test26.yml:4:3:4:14 | workflow_run | workflow_run | +| .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:14:7:21:11 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test29.yml:1:5:1:23 | pull_request_target | pull_request_target | +| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | +| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | +| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment | +| .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target | +| .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target | From 4fd02220c783468ead2c2bc110c172a7d19f506f Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Thu, 30 Apr 2026 10:50:06 -0400 Subject: [PATCH 7/8] Update help files CWE-829/UntrustedCheckoutX --- .../CWE-829/UntrustedCheckoutCritical.md | 32 ++++++++++++++++++- .../Security/CWE-829/UntrustedCheckoutHigh.md | 32 ++++++++++++++++++- .../CWE-829/UntrustedCheckoutMedium.md | 32 ++++++++++++++++++- 3 files changed, 93 insertions(+), 3 deletions(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md index a4fceb1f8da3..a6dd437c1baf 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md @@ -1,6 +1,35 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems. + +## Workflow Security Model + +In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged. + +This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone. + +On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow: + + * Runs in the context of the base repository + * Has access to organization and repository secrets (e.g., API keys, deployment tokens) + * Has a read/write `GITHUB_TOKEN` by default + * Can access private resources + +Certain triggers automatically grant a workflow elevated privileges: + + * `pull_request_target` as described above + * `workflow_run`: Triggered when another workflow completes. + * `issue_comment`: Triggered when a comment is made on an issue or PR. + +## Attack Details + + * A repository has a privileged workflow + * An attacker forks the repository and adds malicious code (e.g., in the build script) + * The attacker opens a PR from the fork, and, if needed, comments on the PR + * The workflow in the base repository checks out the forked code + * The workflow runs, (e.g. the build script etc.), which contains the malicious code + +Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog. ## Recommendation @@ -133,4 +162,5 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout). - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md index a4fceb1f8da3..a6dd437c1baf 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md @@ -1,6 +1,35 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems. + +## Workflow Security Model + +In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged. + +This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone. + +On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow: + + * Runs in the context of the base repository + * Has access to organization and repository secrets (e.g., API keys, deployment tokens) + * Has a read/write `GITHUB_TOKEN` by default + * Can access private resources + +Certain triggers automatically grant a workflow elevated privileges: + + * `pull_request_target` as described above + * `workflow_run`: Triggered when another workflow completes. + * `issue_comment`: Triggered when a comment is made on an issue or PR. + +## Attack Details + + * A repository has a privileged workflow + * An attacker forks the repository and adds malicious code (e.g., in the build script) + * The attacker opens a PR from the fork, and, if needed, comments on the PR + * The workflow in the base repository checks out the forked code + * The workflow runs, (e.g. the build script etc.), which contains the malicious code + +Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog. ## Recommendation @@ -133,4 +162,5 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout). - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md index a4fceb1f8da3..a6dd437c1baf 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md @@ -1,6 +1,35 @@ ## Overview -GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A dangerous misuse of event triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted input from the PR may lead to repository compromise if untrusted code gets executed in a privileged job. Untrusted code may get executed due to a modified build script, workflow injection, or registry hijacking. **Carefully review** whether least privileges is used and whether input is taken from untrusted sources. +GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. Under certain conditions described below, attackers can take over a repository by opening malicious PRs from forks. The attacks can result in malicious code execution causing unauthorized changes to the repository or exfiltration of repository secrets and a compromise of connected systems. + +## Workflow Security Model + +In GitHub Actions, there is a distinction between unprivileged and privileged workflows. For example, a workflow with a `pull_request` trigger is unprivileged while a workflow with `pull_request_target` is privileged. + +This is relevant especially for PRs from forks. Normal PRs can only be submitted by people who have write access to a repository, while PRs from forks can be submitted by anyone. + +On a PR from a fork, an unprivileged `pull_request` workflow has only limited capabilities but a privileged `pull_request_target` workflow is much more dangerous. A privileged workflow: + + * Runs in the context of the base repository + * Has access to organization and repository secrets (e.g., API keys, deployment tokens) + * Has a read/write `GITHUB_TOKEN` by default + * Can access private resources + +Certain triggers automatically grant a workflow elevated privileges: + + * `pull_request_target` as described above + * `workflow_run`: Triggered when another workflow completes. + * `issue_comment`: Triggered when a comment is made on an issue or PR. + +## Attack Details + + * A repository has a privileged workflow + * An attacker forks the repository and adds malicious code (e.g., in the build script) + * The attacker opens a PR from the fork, and, if needed, comments on the PR + * The workflow in the base repository checks out the forked code + * The workflow runs, (e.g. the build script etc.), which contains the malicious code + +Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog. ## Recommendation @@ -133,4 +162,5 @@ jobs: ## References - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/). +- Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout). - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/). From b0bc0fdd61f15a4a8b5bc00a1f7c025df73de658 Mon Sep 17 00:00:00 2001 From: Kristen Newbury Date: Thu, 30 Apr 2026 12:28:06 -0400 Subject: [PATCH 8/8] Adjust changenotes actions queries --- .../2026-04-15-poisonable-steps-additions-alterations.md | 4 ++++ .../2026-04-15-untrusted-checkout-improvements.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md diff --git a/actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md b/actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md new file mode 100644 index 000000000000..1d6a8a49a2ce --- /dev/null +++ b/actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Altered 2 patterns in the `poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by any queries that use that library. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md index ef16e84e2c21..b78cc74e089b 100644 --- a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md +++ b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md @@ -1,6 +1,6 @@ --- category: majorAnalysis --- -* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. Additionally alter 2 patterns in the detection such that now extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. This may lead to more results being detected by all 3 queries. +* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. * Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query. * Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. This will cause the same alerts to re-open for closed alerts of this query. \ No newline at end of file