Skip to content

Commit 2cd9220

Browse files
committed
Format
1 parent 059aa2d commit 2cd9220

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

actions/ql/lib/codeql/actions/security/ControlChecks.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,8 @@ class EnvironmentCheck extends ControlCheck instanceof Environment {
144144
// Environment checks are not effective against any mutable attacks
145145
// they do actually protect against untrusted code execution (sha)
146146
override predicate protectsCategoryAndEvent(string category, string event) {
147-
event = [actor_is_attacker_event(), actor_not_attacker_event()] and category = non_toctou_category()
147+
event = [actor_is_attacker_event(), actor_not_attacker_event()] and
148+
category = non_toctou_category()
148149
}
149150
}
150151

actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,7 @@ where
2323
// the checked-out code may lead to arbitrary code execution
2424
checkout.getAFollowingStep() = step and
2525
// the checkout occurs in a privileged context
26-
inPrivilegedContext(checkout, event)
27-
and
26+
inPrivilegedContext(checkout, event) and
2827
// the mutable checkout step is protected by an Insufficient access check
2928
exists(ControlCheck check1 | check1.protects(checkout, event, "untrusted-checkout")) and
3029
not exists(ControlCheck check2 | check2.protects(checkout, event, "untrusted-checkout-toctou"))

0 commit comments

Comments
 (0)