Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(githubactions): github actions relative path detected as not pinned #6958

Merged
merged 11 commits into from
Apr 22, 2024
Merged

fix(githubactions): github actions relative path detected as not pinned #6958

merged 11 commits into from
Apr 22, 2024

Conversation

cw-alexcroteau
Copy link
Contributor

Closes #6957

Proposed Changes

  • Add an exception for relative paths for rule "Action is not pinned to a full length commit SHA." (555ab8f9-2001-455e-a077-f2d0f41e2fb9)

I submit this contribution under the Apache-2.0 license.

@github-actions github-actions bot added community Community contribution bug Something isn't working labels Mar 19, 2024
@cw-alexcroteau cw-alexcroteau changed the title bug(github_actions): github actions relative path detected as not pinned fix(github_actions): github actions relative path detected as not pinned Mar 19, 2024
@github-actions github-actions bot removed the bug Something isn't working label Mar 19, 2024
@cw-alexcroteau cw-alexcroteau changed the title fix(github_actions): github actions relative path detected as not pinned fix(githubactions): github actions relative path detected as not pinned Mar 20, 2024
JoaoAtGit
JoaoAtGit reviewed Mar 28, 2024
View reviewed changes
assets/queries/cicd/github/unpinned_actions_full_length_commit_sha/query.rego Outdated
@@ -28,3 +29,8 @@ isPinned(use){
regex.match("@[a-f0-9]{40}$", use)
}

isRelative(use){
allowed := ["./", "../"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cw-alexcroteau.
First, thank you for your contribution :).
I'm with one doubt, relative to the "../".
Why do you feel the necessity to support the "../" ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, you are right, no need to support it. I completely missed your reply and carried on, let me remove that and sync my fork.

@JoaoAtGit
Copy link
Contributor

Hi @cw-alexcroteau ,
how are you ?
Can you sync your fork please ?
Br,
João Martins

@cw-alexcroteau
Copy link
Contributor Author

Hi @cw-alexcroteau , how are you ? Can you sync your fork please ? Br, João Martins

Hi @JoaoCxMartins, thanks for the heads up, it's now synced.

@JoaoAtGit
Copy link
Contributor

JoaoAtGit commented Apr 22, 2024
edited
Loading

Hi @cw-alexcroteau TY for your contribution to kics :)

@asofsilva asofsilva merged commit ad0ab7b into Checkmarx:master Apr 22, 2024
24 of 25 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoaoAtGit JoaoAtGit JoaoAtGit approved these changes

Assignees
No one assigned
Labels
community Community contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(githubactions): github actions relative path detected as not pinned
4 participants
@cw-alexcroteau @JoaoAtGit @asofsilva @gabriel-cx