CodeQL Alert: File Access To HTTP In Pixpilot/github

by Ahmed Latif 53 views

Discussion category: pixpilot,github Additional information:

🚨 Security Alert: js/file-access-to-http

Message: Outbound network request depends on file data.

Finding ID: 15d34d42

Vulnerability Locations

  • File: actions/codeql-issue-maker/src/codeql/installer.ts Line: 87
Click to view SARIF finding details 

{
 "ruleId": "js/file-access-to-http",
 "ruleIndex": 88,
 "rule": {
 "id": "js/file-access-to-http",
 "index": 88
 },
 "message": {
 "text": "Outbound network request depends on [file data](1)."
 },
 "locations": [
 {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 87,
 "startColumn": 9,
 "endColumn": 25
 }
 }
 }
 ],
 "partialFingerprints": {
 "primaryLocationLineHash": "8f2839957c34e4c:1",
 "primaryLocationStartColumnFingerprint": "0"
 },
 "codeFlows": [
 {
 "threadFlows": [
 {
 "locations": [
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 160,
 "startColumn": 27,
 "endColumn": 62
 }
 },
 "message": {
 "text": "await f ... 'utf8')"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 160,
 "startColumn": 13,
 "endColumn": 62
 }
 },
 "message": {
 "text": "releaseData"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 34,
 "endColumn": 45
 }
 },
 "message": {
 "text": "releaseData"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 23,
 "endColumn": 46
 }
 },
 "message": {
 "text": "JSON.pa ... seData)"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 13,
 "endColumn": 63
 }
 },
 "message": {
 "text": "release"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 168,
 "startColumn": 14,
 "endColumn": 21
 }
 },
 "message": {
 "text": "release"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 33,
 "endColumn": 62
 }
 },
 "message": {
 "text": "this.ge ... lease() [PromiseValue]"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 27,
 "endColumn": 62
 }
 },
 "message": {
 "text": "await t ... lease()"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 13,
 "endColumn": 62
 }
 },
 "message": {
 "text": "apiResponse"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 48,
 "endColumn": 59
 }
 },
 "message": {
 "text": "apiResponse"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 48,
 "endColumn": 66
 }
 },
 "message": {
 "text": "apiResponse.assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 186,
 "startColumn": 34,
 "endColumn": 40
 }
 },
 "message": {
 "text": "assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 188,
 "startColumn": 21,
 "endColumn": 27
 }
 },
 "message": {
 "text": "assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 188,
 "startColumn": 21,
 "endLine": 190,
 "endColumn": 6
 }
 },
 "message": {
 "text": "assets. ... `\\n  )`"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 188,
 "startColumn": 11,
 "endLine": 190,
 "endColumn": 6
 }
 },
 "message": {
 "text": "gzAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 193,
 "startColumn": 14,
 "endColumn": 21
 }
 },
 "message": {
 "text": "gzAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 27,
 "endColumn": 77
 }
 },
 "message": {
 "text": "this.fi ... atform)"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 13,
 "endColumn": 77
 }
 },
 "message": {
 "text": "bundleAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 87,
 "startColumn": 9,
 "endColumn": 20
 }
 },
 "message": {
 "text": "bundleAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 87,
 "startColumn": 9,
 "endColumn": 25
 }
 },
 "message": {
 "text": "bundleAsset.name"
 }
 }
 }
 ]
 }
 ]
 },
 {
 "threadFlows": [
 {
 "locations": [
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 160,
 "startColumn": 27,
 "endColumn": 62
 }
 },
 "message": {
 "text": "await f ... 'utf8')"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 160,
 "startColumn": 13,
 "endColumn": 62
 }
 },
 "message": {
 "text": "releaseData"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 34,
 "endColumn": 45
 }
 },
 "message": {
 "text": "releaseData"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 23,
 "endColumn": 46
 }
 },
 "message": {
 "text": "JSON.pa ... seData)"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 161,
 "startColumn": 13,
 "endColumn": 63
 }
 },
 "message": {
 "text": "release"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 168,
 "startColumn": 14,
 "endColumn": 21
 }
 },
 "message": {
 "text": "release"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 33,
 "endColumn": 62
 }
 },
 "message": {
 "text": "this.ge ... lease() [PromiseValue]"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 27,
 "endColumn": 62
 }
 },
 "message": {
 "text": "await t ... lease()"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 67,
 "startColumn": 13,
 "endColumn": 62
 }
 },
 "message": {
 "text": "apiResponse"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 48,
 "endColumn": 59
 }
 },
 "message": {
 "text": "apiResponse"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 48,
 "endColumn": 66
 }
 },
 "message": {
 "text": "apiResponse.assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 186,
 "startColumn": 34,
 "endColumn": 40
 }
 },
 "message": {
 "text": "assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 197,
 "startColumn": 22,
 "endColumn": 28
 }
 },
 "message": {
 "text": "assets"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 197,
 "startColumn": 22,
 "endLine": 199,
 "endColumn": 6
 }
 },
 "message": {
 "text": "assets. ... `\\n  )`"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 197,
 "startColumn": 11,
 "endLine": 199,
 "endColumn": 6
 }
 },
 "message": {
 "text": "zstAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 201,
 "startColumn": 12,
 "endColumn": 20
 }
 },
 "message": {
 "text": "zstAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 201,
 "startColumn": 12,
 "endColumn": 28
 }
 },
 "message": {
 "text": "zstAsset || null"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 27,
 "endColumn": 77
 }
 },
 "message": {
 "text": "this.fi ... atform)"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 69,
 "startColumn": 13,
 "endColumn": 77
 }
 },
 "message": {
 "text": "bundleAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 87,
 "startColumn": 9,
 "endColumn": 20
 }
 },
 "message": {
 "text": "bundleAsset"
 }
 }
 },
 {
 "location": {
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 87,
 "startColumn": 9,
 "endColumn": 25
 }
 },
 "message": {
 "text": "bundleAsset.name"
 }
 }
 }
 ]
 }
 ]
 }
 ],
 "relatedLocations": [
 {
 "id": 1,
 "physicalLocation": {
 "artifactLocation": {
 "uri": "actions/codeql-issue-maker/src/codeql/installer.ts",
 "uriBaseId": "%SRCROOT%",
 "index": 0
 },
 "region": {
 "startLine": 160,
 "startColumn": 27,
 "endColumn": 62
 }
 },
 "message": {
 "text": "file data"
 }
 }
 ]
}

This issue was automatically generated by a custom CodeQL workflow.