Open
Description
Description of the false positive
The artifact poisoning CodeQL query creates a Critical false-positive under the following scenario:
- Download Artifact with path set to start with
${{ runner.temp }} - Use of a PoisonableCommandStep
Below is an example that reproduces the false positive:
name: Test False Positive
on:
workflow_run:
workflows:
- Benchmark
types:
- completed
permissions:
contents: read
jobs:
benchmark:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download From PR
uses: actions/download-artifact@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
path: ${{ runner.temp }}/artifacts/
- run: npm install
This is particularly a problem because the examples for a secure workflow specifically calls out this fix.
name: Secure Workflow
on:
workflow_run:
workflows: ["Prev"]
types:
- completed
jobs:
Download:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: mkdir -p ${{ runner.temp }}/artifacts/
- uses: dawidd6/action-download-artifact@v2
with:
name: pr_number
path: ${{ runner.temp }}/artifacts/
- name: Run command
run: |
sh cmd.sh
I took a stab at fixing it in #19388 but no one looked at it - if my fix is appropriate could it get a review :)?