Fix potentially privileged pull request medium query#19085
Fix potentially privileged pull request medium query#19085adityasharad merged 3 commits intogithub:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR fixes the handling of pull request code injection alerts by updating the associated configuration files and change notes.
- Updated change notes to document the fix for the pull_request medium query.
- Modified externally_triggereable_events.yml to include the "pull_request" event.
- Updated context_event_map.yml with mappings for the "pull_request" event.
Reviewed Changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| actions/ql/lib/change-notes/released/2025-03-20-pullrequest.md | Adds a release note for the pull_request medium query fix |
| actions/ql/lib/ext/config/externally_triggereable_events.yml | Adds the "pull_request" event to the externally triggereable events list |
| actions/ql/lib/ext/config/context_event_map.yml | Adds mappings for the "pull_request" event to the context event map |
Files not reviewed (2)
- actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected: Language not supported
- actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected: Language not supported
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
adityasharad
left a comment
adityasharad
left a comment
There was a problem hiding this comment.
Looks reasonable, one change note suggestion.
Is there a reason we didn't include these to begin with - were they considered trusted?
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
|
Workflows are considered running without permissions and secrets when |
|
Please merge. I don't have the permission. |
2 participants
No description provided.