@@ -13,7 +13,7 @@ string checkoutTriggers() {
1313 */
1414private module ActionsMutableRefCheckoutConfig implements DataFlow:: ConfigSig {
1515 predicate isSource ( DataFlow:: Node source ) {
16- source .asExpr ( ) .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
16+ source .asExpr ( ) .getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
1717 (
1818 // remote flow sources
1919 source instanceof ArtifactSource
@@ -79,7 +79,7 @@ module ActionsMutableRefCheckoutFlow = TaintTracking::Global<ActionsMutableRefCh
7979
8080private module ActionsSHACheckoutConfig implements DataFlow:: ConfigSig {
8181 predicate isSource ( DataFlow:: Node source ) {
82- source .asExpr ( ) .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) =
82+ source .asExpr ( ) .getATriggerEvent ( ) .getName ( ) =
8383 [ "pull_request_target" , "workflow_run" , "workflow_call" , "issue_comment" ] and
8484 (
8585 // `ref` argument contains the PR head/merge commit sha
@@ -283,7 +283,7 @@ class ActionsSHACheckout extends SHACheckoutStep instanceof UsesStep {
283283class GitMutableRefCheckout extends MutableRefCheckoutStep instanceof Run {
284284 GitMutableRefCheckout ( ) {
285285 exists ( string cmd | this .getScript ( ) .getACommand ( ) = cmd |
286- this .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
286+ this .getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
287287 cmd .regexpMatch ( "git\\s+(fetch|pull).*" ) and
288288 (
289289 ( containsHeadRef ( cmd ) or containsPullRequestNumber ( cmd ) )
@@ -307,7 +307,7 @@ class GitMutableRefCheckout extends MutableRefCheckoutStep instanceof Run {
307307class GitSHACheckout extends SHACheckoutStep instanceof Run {
308308 GitSHACheckout ( ) {
309309 exists ( string cmd | this .getScript ( ) .getACommand ( ) = cmd |
310- this .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
310+ this .getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
311311 cmd .regexpMatch ( "git\\s+(fetch|pull).*" ) and
312312 (
313313 containsHeadSHA ( cmd )
@@ -328,7 +328,7 @@ class GitSHACheckout extends SHACheckoutStep instanceof Run {
328328class GhMutableRefCheckout extends MutableRefCheckoutStep instanceof Run {
329329 GhMutableRefCheckout ( ) {
330330 exists ( string cmd | this .getScript ( ) .getACommand ( ) = cmd |
331- this .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
331+ this .getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
332332 cmd .regexpMatch ( ".*(gh|hub)\\s+pr\\s+checkout.*" ) and
333333 (
334334 ( containsHeadRef ( cmd ) or containsPullRequestNumber ( cmd ) )
@@ -351,7 +351,7 @@ class GhMutableRefCheckout extends MutableRefCheckoutStep instanceof Run {
351351class GhSHACheckout extends SHACheckoutStep instanceof Run {
352352 GhSHACheckout ( ) {
353353 exists ( string cmd | this .getScript ( ) .getACommand ( ) = cmd |
354- this .getEnclosingJob ( ) . getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
354+ this .getATriggerEvent ( ) .getName ( ) = checkoutTriggers ( ) and
355355 cmd .regexpMatch ( "gh\\s+pr\\s+checkout.*" ) and
356356 (
357357 containsHeadSHA ( cmd )
0 commit comments