jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
main
docs/data/reusables/code-scanning/codeql-query-tables/actions.md
docs-bot b0130235f7 Update CodeQL query tables (#57731) 
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
2025-10-02 10:14:15 +00:00

6.4 KiB
Raw Permalink Blame History

{% rowheaders %}

Query name Related CWEs Default Extended {% data variables.copilot.copilot_autofix_short %}
Artifact poisoning 829 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cache Poisoning via caching of untrusted files 349 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cache Poisoning via execution of untrusted code 349 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cache Poisoning via low-privileged code injection 349, 094 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Checkout of untrusted code in a privileged context 829 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Checkout of untrusted code in trusted context 829 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Code injection 094, 095, 116 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Environment variable built from user-controlled sources 077, 020 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Excessive Secrets Exposure 312 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Improper Access Control 285 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
PATH environment variable built from user-controlled sources 077, 020 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Storage of sensitive information in GitHub Actions artifact 312 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Unmasked Secret Exposure 312 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Untrusted Checkout TOCTOU 367 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Untrusted Checkout TOCTOU 367 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Use of a known vulnerable action 1395 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Workflow does not contain permissions 275 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Artifact poisoning 829 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Checkout of untrusted code in trusted context 829 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Code injection 094, 095, 116 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Environment variable built from user-controlled sources 077, 020 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
PATH environment variable built from user-controlled sources 077, 020 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Unpinned tag for a non-immutable Action in workflow 829 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}

{% endrowheaders %}

Reference in New Issue View Git Blame Copy Permalink