whitelist @actions/exec/lib/toolrunner

github · Sep 1, 2020 · b4d142e · b4d142e
1 parent 4c00c68
commit b4d142e
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/queries/unguarded-action-lib.ql b/queries/unguarded-action-lib.ql
@@ -12,11 +12,11 @@ import javascript
  * Although these libraries are designed for use on actions they
  * have been deemed safe to use outside of actions as well.
  */
-class SafeActionLibs extends string {
-  SafeActionLibs() {
-    this = "@actions/http-client" or
-    this = "@actions/exec"
-  }
+bindingset[lib]
+predicate isSafeActionLib(string lib) {
+  lib = "@actions/http-client" or
+  lib = "@actions/exec" or
+  lib.matches("@actions/exec/%")
 }
 
 /**
@@ -26,7 +26,7 @@ class SafeActionLibs extends string {
 class ActionsLibImport extends ImportDeclaration {
   ActionsLibImport() {
     getImportedPath().getValue().matches("@actions/%") and
-    not getImportedPath().getValue() instanceof SafeActionLibs
+    not isSafeActionLib(getImportedPath().getValue())
   }
 
   string getName() {