search

woodruffw / zizmor

A tool for finding security issues in GitHub Actions setups.
https://crates.io/crates/zizmor
MIT License
64 stars 2 forks source link

template_injection: handle actions/github-script #35

Closed woodruffw closed 2 weeks ago

woodruffw commented 2 weeks ago

There are infinitely many other actions that can have template expansion result in code injection, but this is a very common one.