From 6281e1f1e807557751ce8cbf304d2a96cf772a41 Mon Sep 17 00:00:00 2001 From: cxMiguelSilva Date: Tue, 30 Jan 2024 10:00:19 +0000 Subject: [PATCH] update actions used --- .github/workflows/alert-update-flags.yaml | 2 +- .../workflows/alert-update-terraform-modules.yaml | 2 +- .github/workflows/check-apache-license.yaml | 6 +++--- .github/workflows/check-go-coverage.yaml | 4 ++-- .github/workflows/go-ci-coverage.yaml | 4 ++-- .github/workflows/go-ci-metrics.yaml | 4 ++-- .github/workflows/go-e2e-debian.yaml | 6 +++--- .github/workflows/go-e2e.yaml | 6 +++--- .github/workflows/go-generate-antlr-parser.yaml | 6 +++--- .github/workflows/kics-gh-action.yaml | 2 +- .github/workflows/prepare-release.yaml | 2 +- .github/workflows/release-commits.yaml | 2 +- .../workflows/release-docker-github-actions.yaml | 10 +++++----- .github/workflows/release-extract-info.yaml | 2 +- .../release-kics-queries-repo-branch.yaml | 2 +- .github/workflows/sec-checks.yaml | 11 ++++++----- .github/workflows/statistics.yaml | 2 +- .github/workflows/update-docs-queries.yaml | 2 +- .github/workflows/update-docs-release.yaml | 2 +- .github/workflows/update-infra-version.yaml | 2 +- .github/workflows/update-install-script.yaml | 2 +- .github/workflows/validate-arm-samples.yaml | 2 +- .github/workflows/validate-issues.yaml | 14 +++++++------- .github/workflows/validate-openapi-samples.yaml | 4 ++-- .github/workflows/validate-prs.yaml | 12 ++++++------ .../github/run_block_injection/test/negative.yaml | 4 ++-- .../github/run_block_injection/test/positive1.yaml | 4 ++-- .../script_block_injection/test/negative1.yaml | 4 ++-- .../script_block_injection/test/negative2.yaml | 4 ++-- .../script_block_injection/test/negative3.yaml | 4 ++-- .../script_block_injection/test/negative4.yaml | 4 ++-- .../script_block_injection/test/negative5.yaml | 4 ++-- .../script_block_injection/test/negative6.yaml | 4 ++-- .../script_block_injection/test/negative7.yaml | 4 ++-- .../script_block_injection/test/positive1.yaml | 4 ++-- .../script_block_injection/test/positive2.yaml | 4 ++-- .../script_block_injection/test/positive3.yaml | 4 ++-- .../script_block_injection/test/positive4.yaml | 4 ++-- .../script_block_injection/test/positive5.yaml | 4 ++-- .../script_block_injection/test/positive6.yaml | 4 ++-- .../script_block_injection/test/positive7.yaml | 4 ++-- .../test/negative2.yaml | 6 +++--- .../passwords_and_secrets/test/negative39.yaml | 6 +++--- examples/github/kics-docker-runner-sarif.yaml | 2 +- test/fixtures/analyzer_test/github.yaml | 4 ++-- 45 files changed, 98 insertions(+), 97 deletions(-) diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml index 8fc90ef4403..295bafe2b2e 100644 --- a/.github/workflows/alert-update-flags.yaml +++ b/.github/workflows/alert-update-flags.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 2 - name: Execute diff and send email diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml index 4c6bd1423b6..0747726e211 100644 --- a/.github/workflows/alert-update-terraform-modules.yaml +++ b/.github/workflows/alert-update-terraform-modules.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Execute diff and send email diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml index 7cbe6c99dee..5b35f5bd4d3 100644 --- a/.github/workflows/check-apache-license.yaml +++ b/.github/workflows/check-apache-license.yaml @@ -2,7 +2,7 @@ name: check-apache-license on: pull_request_target: types: [opened, synchronize, edited, reopened] - branches: + branches: - master jobs: check-license: @@ -12,7 +12,7 @@ jobs: USERNAME: ${{ github.event.pull_request.user.login }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: | @@ -51,4 +51,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }} - name: Workflow failed if: env.CHECK_FAILED == 'true' - run: exit 1 \ No newline at end of file + run: exit 1 diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml index 03a31cec0f5..38a48c65088 100644 --- a/.github/workflows/check-go-coverage.yaml +++ b/.github/workflows/check-go-coverage.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go 1.20.x @@ -26,4 +26,4 @@ jobs: if: env.coverage < 80 run: | echo "Go coverage is lower than 80%: ${{ env.coverage }}%" - exit 1 \ No newline at end of file + exit 1 diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml index a2741bbfdbe..bbfdb91fa90 100644 --- a/.github/workflows/go-ci-coverage.yaml +++ b/.github/workflows/go-ci-coverage.yaml @@ -14,7 +14,7 @@ jobs: color: ${{ steps.testcov.outputs.color }} steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go 1.20.x @@ -47,7 +47,7 @@ jobs: needs: coverage steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: gh-pages - name: Configure git commit author diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml index 4ed671b3d57..aa7031040e3 100644 --- a/.github/workflows/go-ci-metrics.yaml +++ b/.github/workflows/go-ci-metrics.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.x" @@ -36,7 +36,7 @@ jobs: needs: metrics steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: gh-pages - name: Configure git commit author diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml index 761d99e938f..341b517b318 100644 --- a/.github/workflows/go-e2e-debian.yaml +++ b/.github/workflows/go-e2e-debian.yaml @@ -19,7 +19,7 @@ jobs: with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Set up Go 1.20.x @@ -42,7 +42,7 @@ jobs: working-directory: .github/scripts/server-mock - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers uses: actions/cache@v3 with: @@ -57,7 +57,7 @@ jobs: run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV - name: Build id: docker_build - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5.0.0 with: load: true context: ./ diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml index aa5ff0aee45..1f9887ede3d 100644 --- a/.github/workflows/go-e2e.yaml +++ b/.github/workflows/go-e2e.yaml @@ -20,7 +20,7 @@ jobs: with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Set up Go 1.20.x @@ -43,7 +43,7 @@ jobs: working-directory: .github/scripts/server-mock - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Cache Docker layers uses: actions/cache@v3 with: @@ -55,7 +55,7 @@ jobs: run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV - name: Build id: docker_build - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5.0.0 with: load: true context: ./ diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml index d7db463efe0..b83a1ccc32b 100644 --- a/.github/workflows/go-generate-antlr-parser.yaml +++ b/.github/workflows/go-generate-antlr-parser.yaml @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build ANTLR image - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5.0.0 id: build_antlr_image with: context: . diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml index 327701264af..718f876c942 100644 --- a/.github/workflows/kics-gh-action.yaml +++ b/.github/workflows/kics-gh-action.yaml @@ -9,7 +9,7 @@ jobs: kics-scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Run KICS Scan uses: checkmarx/kics-github-action@v1.7.0 with: diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index 1f964e75629..7d9a20b9c47 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Get current date diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml index f97905777fb..e9bab496188 100644 --- a/.github/workflows/release-commits.yaml +++ b/.github/workflows/release-commits.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Go 1.20.x uses: actions/setup-go@v4 with: diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml index dcfecc282fa..bd05723a01f 100644 --- a/.github/workflows/release-docker-github-actions.yaml +++ b/.github/workflows/release-docker-github-actions.yaml @@ -13,11 +13,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Check out the tag - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.inputs.version }} - name: Set up QEMU @@ -26,14 +26,14 @@ jobs: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v2.1.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Push Github Action Image to Docker Hub - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5.0.0 id: build_gh_action with: context: . @@ -46,7 +46,7 @@ jobs: SENTRY_DSN=${{ secrets.SENTRY_DSN }} DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Export Image Digests diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml index 3452ba0bfb7..92c1c7e770b 100644 --- a/.github/workflows/release-extract-info.yaml +++ b/.github/workflows/release-extract-info.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.x" diff --git a/.github/workflows/release-kics-queries-repo-branch.yaml b/.github/workflows/release-kics-queries-repo-branch.yaml index 56fae4ca90c..37da0145971 100644 --- a/.github/workflows/release-kics-queries-repo-branch.yaml +++ b/.github/workflows/release-kics-queries-repo-branch.yaml @@ -10,7 +10,7 @@ jobs: REPO_NAME: "kics-queries-repo" steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Set up Git credentials run: | diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml index 9fe3fa27a0a..d361368d647 100644 --- a/.github/workflows/sec-checks.yaml +++ b/.github/workflows/sec-checks.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master @@ -19,7 +19,8 @@ jobs: ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' - severity: 'CRITICAL' + severity: 'MEDIUM,HIGH,CRITICAL' + exit-code: '1' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 @@ -34,14 +35,14 @@ jobs: kics-docker: [ "Dockerfile"] steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build id: docker_build - uses: docker/build-push-action@v4.0.0 + uses: docker/build-push-action@v5.0.0 with: load: true context: ./ diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml index 422532a177d..579d2952637 100644 --- a/.github/workflows/statistics.yaml +++ b/.github/workflows/statistics.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Go 1.20.x uses: actions/setup-go@v4 with: diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml index 1a5bd7955e4..493ea08345a 100644 --- a/.github/workflows/update-docs-queries.yaml +++ b/.github/workflows/update-docs-queries.yaml @@ -16,7 +16,7 @@ jobs: uses: styfle/cancel-workflow-action@0.11.0 with: access_token: ${{ github.token }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v4 diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml index ca868237a28..6e4233e7e00 100644 --- a/.github/workflows/update-docs-release.yaml +++ b/.github/workflows/update-docs-release.yaml @@ -16,7 +16,7 @@ jobs: with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Get release version diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml index 68f446666c4..19037ac9407 100644 --- a/.github/workflows/update-infra-version.yaml +++ b/.github/workflows/update-infra-version.yaml @@ -12,7 +12,7 @@ jobs: if: "!github.event.release.prerelease" steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Update Terraform Cloud Integration diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml index d8532171d72..472ca9ab9d7 100644 --- a/.github/workflows/update-install-script.yaml +++ b/.github/workflows/update-install-script.yaml @@ -13,7 +13,7 @@ jobs: with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Get Godownloader diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml index 57ec7c4eee2..ca579eb48cc 100644 --- a/.github/workflows/validate-arm-samples.yaml +++ b/.github/workflows/validate-arm-samples.yaml @@ -9,7 +9,7 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - uses: actions/setup-node@v4 diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml index 26aac0ff695..944eeb53bce 100644 --- a/.github/workflows/validate-issues.yaml +++ b/.github/workflows/validate-issues.yaml @@ -10,20 +10,20 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: | .github/scripts/pr-issue-info/issue-fail.md .github/scripts/pr-issue-info/get_title_types.py .github/issue-title-types.yaml - - name: Set up Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.x" - name: Install dependencies run: python3 -m pip install --upgrade pip pyyaml - - name: Check issue title + - name: Check issue title env: FILE_PATH: .github/issue-title-types.yaml run: | @@ -69,7 +69,7 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: | @@ -120,7 +120,7 @@ jobs: if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)" || echo "$BODY" | grep -iqP "steps to reproduce" || echo "$BODY" | grep -iqP "actual behavior" || echo "$BODY" | grep -iqP "expected behavior"; then echo "Adding 'bug' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["bug"]}' - else + else if echo "$LABELS" | grep -q "bug"; then echo "Removing 'bug' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/bug @@ -131,13 +131,13 @@ jobs: if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)" || echo "$BODY" | grep -iqP "### Platform" || echo "$BODY" | grep -iqP "### Provider"; then echo "Adding 'query' label... " curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["query"]}' - else + else if echo "$LABELS" | grep -q "query"; then echo "Removing 'query' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/query fi fi - - name: Set up Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.x" diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml index e9647a523e9..9abc2d66d50 100644 --- a/.github/workflows/validate-openapi-samples.yaml +++ b/.github/workflows/validate-openapi-samples.yaml @@ -10,7 +10,7 @@ jobs: lint-yaml-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - name: yaml-lint @@ -22,7 +22,7 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: persist-credentials: false - uses: actions/setup-node@v4 diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml index 58b47421707..a3c198f2836 100644 --- a/.github/workflows/validate-prs.yaml +++ b/.github/workflows/validate-prs.yaml @@ -2,7 +2,7 @@ name: validate-prs on: pull_request_target: types: [opened, synchronize, edited, reopened] - branches: + branches: - master jobs: title-check: @@ -12,7 +12,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: | @@ -21,7 +21,7 @@ jobs: .github/scripts/pr-issue-info/title-fail.md - name: Print PR Title run: echo "$TITLE" - - name: Set up Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.x" @@ -73,7 +73,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: | @@ -122,7 +122,7 @@ jobs: - name: Add documentation label run: | if [[ "$TITLE" == docs* ]]; then - echo "Adding 'documentation' label..." + echo "Adding 'documentation' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["documentation"]}' else if echo "$LABELS" | grep -q "documentation"; then @@ -152,7 +152,7 @@ jobs: curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/query fi fi - - name: Set up Python + - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.x" diff --git a/assets/queries/cicd/github/run_block_injection/test/negative.yaml b/assets/queries/cicd/github/run_block_injection/test/negative.yaml index 5f9d4a2dfd5..f2008737977 100644 --- a/assets/queries/cicd/github/run_block_injection/test/negative.yaml +++ b/assets/queries/cicd/github/run_block_injection/test/negative.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go 1.20.x @@ -26,4 +26,4 @@ jobs: if: env.coverage < 80 run: | echo "Go coverage is lower than 80%: ${{ env.coverage }}%" - exit 1 \ No newline at end of file + exit 1 diff --git a/assets/queries/cicd/github/run_block_injection/test/positive1.yaml b/assets/queries/cicd/github/run_block_injection/test/positive1.yaml index 6ee6d54c544..4570aa3cbc8 100644 --- a/assets/queries/cicd/github/run_block_injection/test/positive1.yaml +++ b/assets/queries/cicd/github/run_block_injection/test/positive1.yaml @@ -21,7 +21,7 @@ jobs: fi; shell: bash - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.head_ref }} - name: Crawl pages and generate Markdown files @@ -36,4 +36,4 @@ jobs: commit_message: '${{ github.event.issue.title }}' file_pattern: chinese/articles/*.md commit_user_name: PageToMarkdown Bot - commit_user_email: PageToMarkdown-bot@freeCodeCamp.org \ No newline at end of file + commit_user_email: PageToMarkdown-bot@freeCodeCamp.org diff --git a/assets/queries/cicd/github/script_block_injection/test/negative1.yaml b/assets/queries/cicd/github/script_block_injection/test/negative1.yaml index ce78396074b..a5cd1c419c6 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative1.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative1.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative2.yaml b/assets/queries/cicd/github/script_block_injection/test/negative2.yaml index 3e54df1aa88..6511b16547d 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative2.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative2.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative3.yaml b/assets/queries/cicd/github/script_block_injection/test/negative3.yaml index 7b96d141772..646e37b5da8 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative3.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative3.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative4.yaml b/assets/queries/cicd/github/script_block_injection/test/negative4.yaml index 2462010831e..72dd432fa16 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative4.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative4.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative5.yaml b/assets/queries/cicd/github/script_block_injection/test/negative5.yaml index 62bfdf19ce1..4b2336afade 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative5.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative5.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative6.yaml b/assets/queries/cicd/github/script_block_injection/test/negative6.yaml index 140066046da..41e7fbacf86 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative6.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative6.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/negative7.yaml b/assets/queries/cicd/github/script_block_injection/test/negative7.yaml index 697454dad60..0d4a7743040 100644 --- a/assets/queries/cicd/github/script_block_injection/test/negative7.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/negative7.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -22,4 +22,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive1.yaml b/assets/queries/cicd/github/script_block_injection/test/positive1.yaml index 16e13af74c5..c0228e654e1 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive1.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive1.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive2.yaml b/assets/queries/cicd/github/script_block_injection/test/positive2.yaml index 7e983291659..8de9a095b8a 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive2.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive2.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive3.yaml b/assets/queries/cicd/github/script_block_injection/test/positive3.yaml index 8ca2da2066f..3faa8b64f2d 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive3.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive3.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive4.yaml b/assets/queries/cicd/github/script_block_injection/test/positive4.yaml index 2436c3b6b56..19ea13093bb 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive4.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive4.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive5.yaml b/assets/queries/cicd/github/script_block_injection/test/positive5.yaml index b1aef74842a..caca0b0593e 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive5.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive5.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive6.yaml b/assets/queries/cicd/github/script_block_injection/test/positive6.yaml index f48f86268fb..ff012681b2e 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive6.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive6.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/script_block_injection/test/positive7.yaml b/assets/queries/cicd/github/script_block_injection/test/positive7.yaml index 0085761558e..a875e0e871a 100644 --- a/assets/queries/cicd/github/script_block_injection/test/positive7.yaml +++ b/assets/queries/cicd/github/script_block_injection/test/positive7.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run script uses: actions/github-script@latest @@ -25,4 +25,4 @@ jobs: body: 'Thanks for reporting!' }) - return true; \ No newline at end of file + return true; diff --git a/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/negative2.yaml b/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/negative2.yaml index 708984ed717..f684dc86ebd 100644 --- a/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/negative2.yaml +++ b/assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/test/negative2.yaml @@ -2,13 +2,13 @@ name: test-positive on: pull_request: types: [opened, synchronize, edited, reopened] - branches: + branches: - master jobs: test-positive: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: - persist-credentials: false \ No newline at end of file + persist-credentials: false diff --git a/assets/queries/common/passwords_and_secrets/test/negative39.yaml b/assets/queries/common/passwords_and_secrets/test/negative39.yaml index c4297b9de8a..c51ed1df46d 100644 --- a/assets/queries/common/passwords_and_secrets/test/negative39.yaml +++ b/assets/queries/common/passwords_and_secrets/test/negative39.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 --- @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 --- @@ -48,4 +48,4 @@ jobs: runs-on: ubuntu steps: - - uses: actions/checkout@v3 \ No newline at end of file + - uses: actions/checkout@v4 diff --git a/examples/github/kics-docker-runner-sarif.yaml b/examples/github/kics-docker-runner-sarif.yaml index 01137730332..4fce9719184 100644 --- a/examples/github/kics-docker-runner-sarif.yaml +++ b/examples/github/kics-docker-runner-sarif.yaml @@ -10,7 +10,7 @@ jobs: name: kics-github-action steps: - name: Checkout repo - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Mkdir results-dir # make sure results dir is created run: mkdir -p results-dir diff --git a/test/fixtures/analyzer_test/github.yaml b/test/fixtures/analyzer_test/github.yaml index 4d563be1d53..b0b65a272d5 100644 --- a/test/fixtures/analyzer_test/github.yaml +++ b/test/fixtures/analyzer_test/github.yaml @@ -2,7 +2,7 @@ name: check-apache-license on: pull_request_target: types: [opened, synchronize, edited, reopened] - branches: + branches: - master jobs: check-license: @@ -11,7 +11,7 @@ jobs: BODY: ${{ github.event.pull_request.body }} steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false sparse-checkout: |