Skip to content

Commit f9f1349

Browse files
knewbury01knewbury01
committed
Undo larger change in this PR
1 parent 39b6cf9 commit f9f1349

2 files changed

Lines changed: 1 addition & 5 deletions

File tree

actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,5 +51,5 @@ where
5151
event.getName() = checkoutTriggers() and
5252
not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout")) and
5353
not exists(ControlCheck check | check.protects(poisonable, event, "untrusted-checkout"))
54-
select checkout, checkout, poisonable,
54+
select poisonable, checkout, poisonable,
5555
"Potential execution of untrusted code on a privileged workflow ($@)", event, event.getName()

actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements.md

Lines changed: 0 additions & 4 deletions
This file was deleted.

0 commit comments

Comments
 (0)