Skip to content

Commit 3b5ebb6

Browse files
data-douserdata-douser
committed
Update missing PromptInject*.expected results
1 parent 3f2f400 commit 3b5ebb6

2 files changed

Lines changed: 6 additions & 0 deletions

File tree

actions/ql/test/query-tests/Security/CWE-1427/PromptInjectionCritical.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ nodes
1818
| .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
1919
| .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
2020
| .github/workflows/vulnerable10.yml:16:13:16:43 | github.event.issue.title | semmle.label | github.event.issue.title |
21+
| .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
22+
| .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
2123
subpaths
2224
#select
2325
| .github/workflows/vulnerable1.yml:19:20:19:50 | github.event.issue.title | .github/workflows/vulnerable1.yml:19:20:19:50 | github.event.issue.title | .github/workflows/vulnerable1.yml:19:20:19:50 | github.event.issue.title | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable1.yml:19:20:19:50 | github.event.issue.title | ${{ github.event.issue.title }} | .github/workflows/vulnerable1.yml:3:3:3:8 | issues | issues |

actions/ql/test/query-tests/Security/CWE-1427/PromptInjectionMedium.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,12 @@ nodes
1818
| .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
1919
| .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
2020
| .github/workflows/vulnerable10.yml:16:13:16:43 | github.event.issue.title | semmle.label | github.event.issue.title |
21+
| .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
22+
| .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
2123
subpaths
2224
#select
2325
| .github/workflows/vulnerable5.yml:18:13:18:50 | github.event.pull_request.title | .github/workflows/vulnerable5.yml:18:13:18:50 | github.event.pull_request.title | .github/workflows/vulnerable5.yml:18:13:18:50 | github.event.pull_request.title | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable5.yml:18:13:18:50 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | .github/workflows/vulnerable5.yml:3:3:3:14 | pull_request | pull_request |
2426
| .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable9.yml:17:20:17:57 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | .github/workflows/vulnerable9.yml:3:3:3:14 | pull_request | pull_request |
2527
| .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable9.yml:18:19:18:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | .github/workflows/vulnerable9.yml:3:3:3:14 | pull_request | pull_request |
28+
| .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable11.yml:18:20:18:57 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | .github/workflows/vulnerable11.yml:3:3:3:21 | pull_request_target | pull_request_target |
29+
| .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | Potential prompt injection in $@, which may be controlled by an external user ($@). | .github/workflows/vulnerable11.yml:19:19:19:55 | github.event.pull_request.body | ${{ github.event.pull_request.body }} | .github/workflows/vulnerable11.yml:3:3:3:21 | pull_request_target | pull_request_target |

0 commit comments

Comments
 (0)