Actions

Author: owen-mc

actions/ql/test/query-tests/Models/.github/workflows/reusable_workflow.yml

@@ -3,14 +3,14 @@ name: Reusable workflow example
 on:
   workflow_call:
     inputs:
-      config-path:
+      config-path: # $ Source[actions/reusable-workflow-sinks] Source[actions/reusable-workflow-summaries]
         required: true
         type: string
     outputs:
       workflow-output1:
-        value: ${{ jobs.job1.outputs.job-output1 }}
+        value: ${{ jobs.job1.outputs.job-output1 }} # $ Alert[actions/reusable-workflow-summaries]
       workflow-output2:
-        value: ${{ jobs.job1.outputs.job-output2 }}
+        value: ${{ jobs.job1.outputs.job-output2 }} # $ Alert[actions/reusable-workflow-sources]
     secrets:
       token:
         required: true
@@ -26,9 +26,9 @@ jobs:
         env:
           CONFIG_PATH: ${{ inputs.config-path }}
         run: |
-          echo ${{ inputs.config-path }}
+          echo ${{ inputs.config-path }} # $ Alert[actions/reusable-workflow-sinks]
           echo "::set-output name=step-output::$CONFIG_PATH"
       - name: Get changed files
         id: step2
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v40 # $ Source[actions/reusable-workflow-sources]
 

actions/ql/test/query-tests/Models/CompositeActionsSinks.expected

@@ -1,3 +1,6 @@
+#select
+| action1/action.yml:32:18:32:51 | steps.replace.outputs.value | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:32:18:32:51 | steps.replace.outputs.value | Sink |
+| action1/action.yml:35:25:35:50 | inputs.who-to-greet | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:35:25:35:50 | inputs.who-to-greet | Sink |
 edges
 | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:28:18:28:43 | inputs.who-to-greet | provenance |  |
 | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:35:25:35:50 | inputs.who-to-greet | provenance |  |
@@ -10,6 +13,3 @@ nodes
 | action1/action.yml:32:18:32:51 | steps.replace.outputs.value | semmle.label | steps.replace.outputs.value |
 | action1/action.yml:35:25:35:50 | inputs.who-to-greet | semmle.label | inputs.who-to-greet |
 subpaths
-#select
-| action1/action.yml:32:18:32:51 | steps.replace.outputs.value | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:32:18:32:51 | steps.replace.outputs.value | Sink |
-| action1/action.yml:35:25:35:50 | inputs.who-to-greet | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:35:25:35:50 | inputs.who-to-greet | Sink |

actions/ql/test/query-tests/Models/CompositeActionsSinks.qlref

@@ -1 +1,2 @@
-Models/CompositeActionsSinks.ql
+query: Models/CompositeActionsSinks.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

actions/ql/test/query-tests/Models/CompositeActionsSources.expected

@@ -1,3 +1,9 @@
+#select
+| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Source |
+| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:41:30:41:55 | inputs.who-to-greet | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Source |
+| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |
+| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:42:7:44:4 | Uses Step: changed-files | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |
+| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:48:19:48:70 | steps.changed-files.outputs.all_changed_files | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |
 edges
 | action1/action.yml:37:7:42:4 | Run Step: reflector [reflected] | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | provenance |  |
 | action1/action.yml:41:30:41:55 | inputs.who-to-greet | action1/action.yml:37:7:42:4 | Run Step: reflector [reflected] | provenance |  |
@@ -13,9 +19,3 @@ nodes
 | action1/action.yml:44:7:48:70 | Run Step: source [tainted] | semmle.label | Run Step: source [tainted] |
 | action1/action.yml:48:19:48:70 | steps.changed-files.outputs.all_changed_files | semmle.label | steps.changed-files.outputs.all_changed_files |
 subpaths
-#select
-| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Source |
-| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:41:30:41:55 | inputs.who-to-greet | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Source |
-| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |
-| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:42:7:44:4 | Uses Step: changed-files | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |
-| action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | action1/action.yml:48:19:48:70 | steps.changed-files.outputs.all_changed_files | action1/action.yml:14:13:14:46 | steps.source.outputs.tainted | Source |

actions/ql/test/query-tests/Models/CompositeActionsSources.qlref

@@ -1,2 +1,2 @@
-Models/CompositeActionsSources.ql
-
+query: Models/CompositeActionsSources.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

actions/ql/test/query-tests/Models/CompositeActionsSummaries.expected

@@ -1,3 +1,5 @@
+#select
+| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Summary |
 edges
 | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:41:30:41:55 | inputs.who-to-greet | provenance |  |
 | action1/action.yml:37:7:42:4 | Run Step: reflector [reflected] | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | provenance |  |
@@ -8,5 +10,3 @@ nodes
 | action1/action.yml:37:7:42:4 | Run Step: reflector [reflected] | semmle.label | Run Step: reflector [reflected] |
 | action1/action.yml:41:30:41:55 | inputs.who-to-greet | semmle.label | inputs.who-to-greet |
 subpaths
-#select
-| action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | action1/action.yml:4:3:4:14 | input who-to-greet | action1/action.yml:11:13:11:52 | steps.reflector.outputs.reflected | Summary |

actions/ql/test/query-tests/Models/CompositeActionsSummaries.qlref

@@ -1,2 +1,2 @@
-Models/CompositeActionsSummaries.ql
-
+query: Models/CompositeActionsSummaries.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

actions/ql/test/query-tests/Models/ReusableWorkflowsSinks.expected

@@ -1,3 +1,5 @@
+#select
+| .github/workflows/reusable_workflow.yml:29:17:29:41 | inputs.config-path | .github/workflows/reusable_workflow.yml:6:7:6:17 | input config-path | .github/workflows/reusable_workflow.yml:29:17:29:41 | inputs.config-path | Sink |
 edges
 | .github/workflows/calling_workflow.yml:12:5:15:2 | Job: call2 [workflow-output1] | .github/workflows/calling_workflow.yml:35:20:35:62 | needs.call2.outputs.workflow-output1 | provenance |  |
 | .github/workflows/reusable_workflow.yml:6:7:6:17 | input config-path | .github/workflows/reusable_workflow.yml:27:25:27:49 | inputs.config-path | provenance |  |
@@ -20,5 +22,3 @@ nodes
 | .github/workflows/reusable_workflow.yml:27:25:27:49 | inputs.config-path | semmle.label | inputs.config-path |
 | .github/workflows/reusable_workflow.yml:29:17:29:41 | inputs.config-path | semmle.label | inputs.config-path |
 subpaths
-#select
-| .github/workflows/reusable_workflow.yml:29:17:29:41 | inputs.config-path | .github/workflows/reusable_workflow.yml:6:7:6:17 | input config-path | .github/workflows/reusable_workflow.yml:29:17:29:41 | inputs.config-path | Sink |

actions/ql/test/query-tests/Models/ReusableWorkflowsSinks.qlref

@@ -1,2 +1,2 @@
-Models/ReusableWorkflowsSinks.ql
-
+query: Models/ReusableWorkflowsSinks.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

actions/ql/test/query-tests/Models/ReusableWorkflowsSources.expected

@@ -1,3 +1,5 @@
+#select
+| .github/workflows/reusable_workflow.yml:13:17:13:52 | jobs.job1.outputs.job-output2 | .github/workflows/reusable_workflow.yml:31:9:33:43 | Uses Step: step2 | .github/workflows/reusable_workflow.yml:13:17:13:52 | jobs.job1.outputs.job-output2 | Source |
 edges
 | .github/workflows/reusable_workflow.yml:22:7:24:4 | Job outputs node [job-output2] | .github/workflows/reusable_workflow.yml:13:17:13:52 | jobs.job1.outputs.job-output2 | provenance |  |
 | .github/workflows/reusable_workflow.yml:23:21:23:63 | steps.step2.outputs.all_changed_files | .github/workflows/reusable_workflow.yml:22:7:24:4 | Job outputs node [job-output2] | provenance |  |
@@ -8,5 +10,3 @@ nodes
 | .github/workflows/reusable_workflow.yml:23:21:23:63 | steps.step2.outputs.all_changed_files | semmle.label | steps.step2.outputs.all_changed_files |
 | .github/workflows/reusable_workflow.yml:31:9:33:43 | Uses Step: step2 | semmle.label | Uses Step: step2 |
 subpaths
-#select
-| .github/workflows/reusable_workflow.yml:13:17:13:52 | jobs.job1.outputs.job-output2 | .github/workflows/reusable_workflow.yml:31:9:33:43 | Uses Step: step2 | .github/workflows/reusable_workflow.yml:13:17:13:52 | jobs.job1.outputs.job-output2 | Source |