zizmor 1.8.0rc1__tar.gz → 1.9.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of zizmor might be problematic. Click here for more details.
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/Cargo.lock +50 -10
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/Cargo.toml +9 -6
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/PKG-INFO +16 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-expressions/Cargo.toml +1 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-expressions/src/context.rs +105 -22
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-expressions/src/lib.rs +2 -54
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/Cargo.toml +1 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/common.rs +41 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/Cargo.toml +1 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/src/lib.rs +27 -27
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/integration_test.rs +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/Cargo.toml +6 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/README.md +15 -1
- zizmor-1.9.0/crates/zizmor/build.rs +59 -0
- zizmor-1.9.0/crates/zizmor/data/codeql-injection-sinks.json +98 -0
- zizmor-1.9.0/crates/zizmor/data/context-capabilities.csv +4031 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/insecure_commands.rs +4 -5
- zizmor-1.9.0/crates/zizmor/src/audit/template_injection.rs +342 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/finding/mod.rs +4 -4
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/main.rs +51 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/models.rs +2 -4
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/e2e.rs +1 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshot.rs +19 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +89 -15
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +2 -3
- zizmor-1.9.0/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +5 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +2 -1
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +3 -3
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +5 -5
- zizmor-1.9.0/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +22 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +3 -3
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +2 -3
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +1 -1
- zizmor-1.9.0/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +18 -0
- zizmor-1.9.0/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +21 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +13 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +2 -2
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +2 -2
- zizmor-1.9.0/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +16 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +2 -2
- zizmor-1.9.0/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +45 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +2 -2
- zizmor-1.9.0/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +16 -0
- zizmor-1.9.0/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +31 -0
- zizmor-1.9.0/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +15 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/pyproject.toml +2 -0
- zizmor-1.8.0rc1/crates/zizmor/src/audit/template_injection.rs +0 -386
- zizmor-1.8.0rc1/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -5
- zizmor-1.8.0rc1/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -5
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-expressions/README.md +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-expressions/src/expr.pest +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/LICENSE +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/README.md +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/action.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/common/expr.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/dependabot/v2.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/lib.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/workflow/event.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/workflow/job.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/src/workflow/mod.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/test_action.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/github-actions-models/tests/test_workflow.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/LICENSE +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/README.md +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/basic.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/comments.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/directives.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/flow.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/artipacked.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/bot_conditions.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/cache_poisoning.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/github_env.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/impostor_commit.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/known_vulnerable_actions.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/mod.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/obfuscation.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/unpinned_images.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/audit/use_trusted_publishing.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/config.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/data/github-action.json +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/data/github-workflow.json +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/github_api.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/models/coordinate.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/models/uses.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/output/github.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/output/mod.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/output/plain.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/output/sarif.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/registry.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/state.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/src/utils.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/acceptance.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/common.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/main.rs +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
- {zizmor-1.8.0rc1 → zizmor-1.9.0}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
|
@@ -325,9 +325,9 @@ dependencies = [
|
|
|
325
325
|
|
|
326
326
|
[[package]]
|
|
327
327
|
name = "clap-verbosity-flag"
|
|
328
|
-
version = "3.0.
|
|
328
|
+
version = "3.0.3"
|
|
329
329
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
330
|
-
checksum = "
|
|
330
|
+
checksum = "eeab6a5cdfc795a05538422012f20a5496f050223c91be4e5420bfd13c641fb1"
|
|
331
331
|
dependencies = [
|
|
332
332
|
"clap",
|
|
333
333
|
"tracing-core",
|
|
@@ -354,6 +354,16 @@ dependencies = [
|
|
|
354
354
|
"clap",
|
|
355
355
|
]
|
|
356
356
|
|
|
357
|
+
[[package]]
|
|
358
|
+
name = "clap_complete_nushell"
|
|
359
|
+
version = "4.5.5"
|
|
360
|
+
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
361
|
+
checksum = "c6a8b1593457dfc2fe539002b795710d022dc62a65bf15023f039f9760c7b18a"
|
|
362
|
+
dependencies = [
|
|
363
|
+
"clap",
|
|
364
|
+
"clap_complete",
|
|
365
|
+
]
|
|
366
|
+
|
|
357
367
|
[[package]]
|
|
358
368
|
name = "clap_derive"
|
|
359
369
|
version = "4.5.32"
|
|
@@ -444,6 +454,27 @@ dependencies = [
|
|
|
444
454
|
"typenum",
|
|
445
455
|
]
|
|
446
456
|
|
|
457
|
+
[[package]]
|
|
458
|
+
name = "csv"
|
|
459
|
+
version = "1.3.1"
|
|
460
|
+
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
461
|
+
checksum = "acdc4883a9c96732e4733212c01447ebd805833b7275a73ca3ee080fd77afdaf"
|
|
462
|
+
dependencies = [
|
|
463
|
+
"csv-core",
|
|
464
|
+
"itoa",
|
|
465
|
+
"ryu",
|
|
466
|
+
"serde",
|
|
467
|
+
]
|
|
468
|
+
|
|
469
|
+
[[package]]
|
|
470
|
+
name = "csv-core"
|
|
471
|
+
version = "0.1.12"
|
|
472
|
+
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
473
|
+
checksum = "7d02f3b0da4c6504f86e9cd789d8dbafab48c2321be74e9987593de5a894d93d"
|
|
474
|
+
dependencies = [
|
|
475
|
+
"memchr",
|
|
476
|
+
]
|
|
477
|
+
|
|
447
478
|
[[package]]
|
|
448
479
|
name = "deranged"
|
|
449
480
|
version = "0.4.0"
|
|
@@ -615,6 +646,12 @@ dependencies = [
|
|
|
615
646
|
"num",
|
|
616
647
|
]
|
|
617
648
|
|
|
649
|
+
[[package]]
|
|
650
|
+
name = "fst"
|
|
651
|
+
version = "0.4.7"
|
|
652
|
+
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
653
|
+
checksum = "7ab85b9b05e3978cc9a9cf8fea7f01b494e1a09ed3037e16ba39edc7a29eb61a"
|
|
654
|
+
|
|
618
655
|
[[package]]
|
|
619
656
|
name = "futures"
|
|
620
657
|
version = "0.3.31"
|
|
@@ -749,7 +786,7 @@ checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
|
|
|
749
786
|
|
|
750
787
|
[[package]]
|
|
751
788
|
name = "github-actions-expressions"
|
|
752
|
-
version = "0.0.
|
|
789
|
+
version = "0.0.4"
|
|
753
790
|
dependencies = [
|
|
754
791
|
"anyhow",
|
|
755
792
|
"itertools",
|
|
@@ -760,7 +797,7 @@ dependencies = [
|
|
|
760
797
|
|
|
761
798
|
[[package]]
|
|
762
799
|
name = "github-actions-models"
|
|
763
|
-
version = "0.
|
|
800
|
+
version = "0.29.0"
|
|
764
801
|
dependencies = [
|
|
765
802
|
"indexmap",
|
|
766
803
|
"serde",
|
|
@@ -2569,9 +2606,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
|
|
|
2569
2606
|
|
|
2570
2607
|
[[package]]
|
|
2571
2608
|
name = "tokio"
|
|
2572
|
-
version = "1.45.
|
|
2609
|
+
version = "1.45.1"
|
|
2573
2610
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
2574
|
-
checksum = "
|
|
2611
|
+
checksum = "75ef51a33ef1da925cea3e4eb122833cb377c61439ca401b770f54902b806779"
|
|
2575
2612
|
dependencies = [
|
|
2576
2613
|
"backtrace",
|
|
2577
2614
|
"bytes",
|
|
@@ -2797,9 +2834,9 @@ dependencies = [
|
|
|
2797
2834
|
|
|
2798
2835
|
[[package]]
|
|
2799
2836
|
name = "tree-sitter-yaml"
|
|
2800
|
-
version = "0.7.
|
|
2837
|
+
version = "0.7.1"
|
|
2801
2838
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
2802
|
-
checksum = "
|
|
2839
|
+
checksum = "3d5893f2a05e57c86a2338aa3aed167a1e5c68b8fdff3bf4a460941f2d8fc944"
|
|
2803
2840
|
dependencies = [
|
|
2804
2841
|
"cc",
|
|
2805
2842
|
"tree-sitter-language",
|
|
@@ -3464,7 +3501,7 @@ checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3"
|
|
|
3464
3501
|
|
|
3465
3502
|
[[package]]
|
|
3466
3503
|
name = "yamlpath"
|
|
3467
|
-
version = "0.
|
|
3504
|
+
version = "0.19.0"
|
|
3468
3505
|
dependencies = [
|
|
3469
3506
|
"serde",
|
|
3470
3507
|
"serde_yaml",
|
|
@@ -3594,7 +3631,7 @@ dependencies = [
|
|
|
3594
3631
|
|
|
3595
3632
|
[[package]]
|
|
3596
3633
|
name = "zizmor"
|
|
3597
|
-
version = "1.
|
|
3634
|
+
version = "1.9.0"
|
|
3598
3635
|
dependencies = [
|
|
3599
3636
|
"annotate-snippets",
|
|
3600
3637
|
"anstream",
|
|
@@ -3604,8 +3641,11 @@ dependencies = [
|
|
|
3604
3641
|
"clap",
|
|
3605
3642
|
"clap-verbosity-flag",
|
|
3606
3643
|
"clap_complete",
|
|
3644
|
+
"clap_complete_nushell",
|
|
3645
|
+
"csv",
|
|
3607
3646
|
"etcetera",
|
|
3608
3647
|
"flate2",
|
|
3648
|
+
"fst",
|
|
3609
3649
|
"github-actions-expressions",
|
|
3610
3650
|
"github-actions-models",
|
|
3611
3651
|
"http-cache-reqwest",
|
|
@@ -11,8 +11,8 @@ license = "MIT"
|
|
|
11
11
|
|
|
12
12
|
[workspace.dependencies]
|
|
13
13
|
anyhow = "1.0.98"
|
|
14
|
-
github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.
|
|
15
|
-
github-actions-models = { path = "crates/github-actions-models", version = "0.
|
|
14
|
+
github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.4" }
|
|
15
|
+
github-actions-models = { path = "crates/github-actions-models", version = "0.29.0" }
|
|
16
16
|
itertools = "0.14.0"
|
|
17
17
|
pest = "2.8.0"
|
|
18
18
|
pest_derive = "2.8.0"
|
|
@@ -22,10 +22,13 @@ anstream = "0.6.18"
|
|
|
22
22
|
assert_cmd = "2.0.17"
|
|
23
23
|
camino = "1.1.9"
|
|
24
24
|
clap = "4.5.38"
|
|
25
|
-
clap-verbosity-flag = { version = "3.0.
|
|
25
|
+
clap-verbosity-flag = { version = "3.0.3", default-features = false }
|
|
26
26
|
clap_complete = "4.5.50"
|
|
27
|
+
clap_complete_nushell = "4.5.5"
|
|
28
|
+
csv = "1.3.1"
|
|
27
29
|
etcetera = "0.10.0"
|
|
28
30
|
flate2 = "1.1.1"
|
|
31
|
+
fst = "0.4.7"
|
|
29
32
|
http-cache-reqwest = "0.15.1"
|
|
30
33
|
human-panic = "2.0.1"
|
|
31
34
|
ignore = "0.4.23"
|
|
@@ -46,15 +49,15 @@ serde_yaml = "0.9.34"
|
|
|
46
49
|
tar = "0.4.44"
|
|
47
50
|
terminal-link = "0.1.0"
|
|
48
51
|
thiserror = "2.0.12"
|
|
49
|
-
tokio = "1.45.
|
|
52
|
+
tokio = "1.45.1"
|
|
50
53
|
tracing = "0.1.41"
|
|
51
54
|
tracing-indicatif = "0.3.9"
|
|
52
55
|
tracing-subscriber = "0.3.19"
|
|
53
56
|
tree-sitter = "0.25.4"
|
|
54
57
|
tree-sitter-bash = "0.23.3"
|
|
55
58
|
tree-sitter-powershell = "0.25.2"
|
|
56
|
-
yamlpath = { path = "crates/yamlpath", version = "0.
|
|
57
|
-
tree-sitter-yaml = "0.7.
|
|
59
|
+
yamlpath = { path = "crates/yamlpath", version = "0.19.0" }
|
|
60
|
+
tree-sitter-yaml = "0.7.1"
|
|
58
61
|
|
|
59
62
|
|
|
60
63
|
[profile.dev.package]
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: zizmor
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.9.0
|
|
4
4
|
License-File: LICENSE
|
|
5
5
|
Summary: Static analysis for GitHub Actions
|
|
6
6
|
Keywords: cli,github-actions,static-analysis,security
|
|
@@ -66,7 +66,8 @@ See [our contributing guide!](./CONTRIBUTING.md)
|
|
|
66
66
|
`zizmor`'s development is supported by these amazing sponsors!
|
|
67
67
|
|
|
68
68
|
<!-- @@begin-sponsors@@ -->
|
|
69
|
-
<table>
|
|
69
|
+
<table width="100%">
|
|
70
|
+
<caption>Logo-level sponsors</caption>
|
|
70
71
|
<tbody>
|
|
71
72
|
<tr>
|
|
72
73
|
<td align="center" valign="top" width="15%">
|
|
@@ -79,6 +80,19 @@ Astral
|
|
|
79
80
|
</tr>
|
|
80
81
|
</tbody>
|
|
81
82
|
</table>
|
|
83
|
+
<hr align="center">
|
|
84
|
+
<table width="100%">
|
|
85
|
+
<caption>Name-level sponsors</caption>
|
|
86
|
+
<tbody>
|
|
87
|
+
<tr>
|
|
88
|
+
<td align="center" valign="top">
|
|
89
|
+
<a href="http://tenki.cloud/">
|
|
90
|
+
Tenki Cloud
|
|
91
|
+
</a>
|
|
92
|
+
</td>
|
|
93
|
+
</tr>
|
|
94
|
+
</tbody>
|
|
95
|
+
</table>
|
|
82
96
|
<!-- @@end-sponsors@@ -->
|
|
83
97
|
|
|
84
98
|
## Star History
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name = "github-actions-expressions"
|
|
3
3
|
description = "GitHub Actions expression parser and data types"
|
|
4
4
|
repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-expressions"
|
|
5
|
-
version = "0.0.
|
|
5
|
+
version = "0.0.4"
|
|
6
6
|
readme = "README.md"
|
|
7
7
|
|
|
8
8
|
homepage.workspace = true
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
//! Parsing and matching APIs for GitHub Actions expressions
|
|
2
2
|
//! contexts (e.g. `github.event.name`).
|
|
3
|
+
|
|
3
4
|
use super::Expr;
|
|
4
5
|
|
|
5
6
|
/// Represents a context in a GitHub Actions expression.
|
|
@@ -47,6 +48,54 @@ impl<'src> Context<'src> {
|
|
|
47
48
|
_ => None,
|
|
48
49
|
}
|
|
49
50
|
}
|
|
51
|
+
|
|
52
|
+
/// Returns the "pattern equivalent" of this context.
|
|
53
|
+
///
|
|
54
|
+
/// This is a string that can be used to efficiently match the context,
|
|
55
|
+
/// such as is done in `zizmor`'s template-injection audit via a
|
|
56
|
+
/// finite state transducer.
|
|
57
|
+
///
|
|
58
|
+
/// Returns None if the context doesn't have a sensible pattern
|
|
59
|
+
/// equivalent, e.g. if it starts with a call.
|
|
60
|
+
pub fn as_pattern(&self) -> Option<String> {
|
|
61
|
+
fn push_part(part: &Expr<'_>, pattern: &mut String) {
|
|
62
|
+
match part {
|
|
63
|
+
Expr::Identifier(ident) => pattern.push_str(ident.0),
|
|
64
|
+
Expr::Star => pattern.push('*'),
|
|
65
|
+
Expr::Index(idx) => match idx.as_ref() {
|
|
66
|
+
// foo['bar'] -> foo.bar
|
|
67
|
+
Expr::String(idx) => pattern.push_str(idx),
|
|
68
|
+
// any kind of numeric or computed index, e.g.:
|
|
69
|
+
// foo[0], foo[1 + 2], foo[bar]
|
|
70
|
+
_ => pattern.push('*'),
|
|
71
|
+
},
|
|
72
|
+
_ => unreachable!("unexpected part in context pattern"),
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
// TODO: Optimization ideas:
|
|
77
|
+
// 1. Add a happy path for contexts that contain only
|
|
78
|
+
// identifiers? Problem: case normalization.
|
|
79
|
+
// 2. Use `regex-automata` to return a case insensitive
|
|
80
|
+
// automation here?
|
|
81
|
+
let mut pattern = String::with_capacity(self.raw.len());
|
|
82
|
+
|
|
83
|
+
let mut parts = self.parts.iter().peekable();
|
|
84
|
+
|
|
85
|
+
let head = parts.next()?;
|
|
86
|
+
if matches!(head, Expr::Call { .. }) {
|
|
87
|
+
return None;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
push_part(head, &mut pattern);
|
|
91
|
+
for part in parts {
|
|
92
|
+
pattern.push('.');
|
|
93
|
+
push_part(part, &mut pattern);
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
pattern.make_ascii_lowercase();
|
|
97
|
+
Some(pattern)
|
|
98
|
+
}
|
|
50
99
|
}
|
|
51
100
|
|
|
52
101
|
impl PartialEq for Context<'_> {
|
|
@@ -120,33 +169,28 @@ impl<'src> ContextPattern<'src> {
|
|
|
120
169
|
}
|
|
121
170
|
}
|
|
122
171
|
|
|
172
|
+
fn compare_part(pattern: &str, part: &Expr<'src>) -> bool {
|
|
173
|
+
if pattern == "*" {
|
|
174
|
+
true
|
|
175
|
+
} else {
|
|
176
|
+
match part {
|
|
177
|
+
Expr::Identifier(part) => pattern.eq_ignore_ascii_case(part.0),
|
|
178
|
+
Expr::Index(part) => match part.as_ref() {
|
|
179
|
+
Expr::String(part) => pattern.eq_ignore_ascii_case(part),
|
|
180
|
+
_ => false,
|
|
181
|
+
},
|
|
182
|
+
_ => false,
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
|
|
123
187
|
fn compare(&self, ctx: &Context<'src>) -> Option<Comparison> {
|
|
124
188
|
let mut pattern_parts = self.0.split('.').peekable();
|
|
125
189
|
let mut ctx_parts = ctx.parts.iter().peekable();
|
|
126
190
|
|
|
127
191
|
while let (Some(pattern), Some(part)) = (pattern_parts.peek(), ctx_parts.peek()) {
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
// Calls can't be compared to patterns.
|
|
131
|
-
(_, Expr::Call { .. }) => return None,
|
|
132
|
-
// "*" matches any part.
|
|
133
|
-
("*", _) => {}
|
|
134
|
-
(_, Expr::Star) => return None,
|
|
135
|
-
(pattern, Expr::Identifier(part)) if !pattern.eq_ignore_ascii_case(part.0) => {
|
|
136
|
-
return None;
|
|
137
|
-
}
|
|
138
|
-
(pattern, Expr::Index(idx)) => {
|
|
139
|
-
// Anything other than a string index is invalid
|
|
140
|
-
// for part-wise comparison.
|
|
141
|
-
let Expr::String(part) = idx.as_ref() else {
|
|
142
|
-
return None;
|
|
143
|
-
};
|
|
144
|
-
|
|
145
|
-
if !pattern.eq_ignore_ascii_case(part) {
|
|
146
|
-
return None;
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
_ => {}
|
|
192
|
+
if !Self::compare_part(pattern, part) {
|
|
193
|
+
return None;
|
|
150
194
|
}
|
|
151
195
|
|
|
152
196
|
pattern_parts.next();
|
|
@@ -253,6 +297,45 @@ mod tests {
|
|
|
253
297
|
}
|
|
254
298
|
}
|
|
255
299
|
|
|
300
|
+
#[test]
|
|
301
|
+
fn test_context_as_pattern() {
|
|
302
|
+
for (case, expected) in &[
|
|
303
|
+
// Basic cases.
|
|
304
|
+
("foo", Some("foo")),
|
|
305
|
+
("foo.bar", Some("foo.bar")),
|
|
306
|
+
("foo.bar.baz", Some("foo.bar.baz")),
|
|
307
|
+
("foo.bar.baz_baz", Some("foo.bar.baz_baz")),
|
|
308
|
+
("foo.bar.baz-baz", Some("foo.bar.baz-baz")),
|
|
309
|
+
("foo.*", Some("foo.*")),
|
|
310
|
+
("foo.bar.*", Some("foo.bar.*")),
|
|
311
|
+
("foo.*.baz", Some("foo.*.baz")),
|
|
312
|
+
("foo.*.*", Some("foo.*.*")),
|
|
313
|
+
// Case sensitivity.
|
|
314
|
+
("FOO", Some("foo")),
|
|
315
|
+
("FOO.BAR", Some("foo.bar")),
|
|
316
|
+
("FOO.BAR.BAZ", Some("foo.bar.baz")),
|
|
317
|
+
("FOO.BAR.BAZ_BAZ", Some("foo.bar.baz_baz")),
|
|
318
|
+
("FOO.BAR.BAZ-BAZ", Some("foo.bar.baz-baz")),
|
|
319
|
+
("FOO.*", Some("foo.*")),
|
|
320
|
+
("FOO.BAR.*", Some("foo.bar.*")),
|
|
321
|
+
("FOO.*.BAZ", Some("foo.*.baz")),
|
|
322
|
+
("FOO.*.*", Some("foo.*.*")),
|
|
323
|
+
// Indexes.
|
|
324
|
+
("foo.bar.baz[0]", Some("foo.bar.baz.*")),
|
|
325
|
+
("foo.bar.baz['abc']", Some("foo.bar.baz.abc")),
|
|
326
|
+
("foo.bar.baz[0].qux", Some("foo.bar.baz.*.qux")),
|
|
327
|
+
("foo.bar.baz[0].qux[1]", Some("foo.bar.baz.*.qux.*")),
|
|
328
|
+
("foo[1][2][3]", Some("foo.*.*.*")),
|
|
329
|
+
("foo.bar[abc]", Some("foo.bar.*")),
|
|
330
|
+
("foo.bar[abc()]", Some("foo.bar.*")),
|
|
331
|
+
// Invalid cases
|
|
332
|
+
("foo().bar", None),
|
|
333
|
+
] {
|
|
334
|
+
let ctx = Context::try_from(*case).unwrap();
|
|
335
|
+
assert_eq!(ctx.as_pattern().as_deref(), *expected);
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
|
|
256
339
|
#[test]
|
|
257
340
|
fn test_contextpattern_new() {
|
|
258
341
|
for (case, expected) in &[
|
|
@@ -28,7 +28,7 @@ mod parser {
|
|
|
28
28
|
///
|
|
29
29
|
/// Function names are case-insensitive.
|
|
30
30
|
#[derive(Debug)]
|
|
31
|
-
pub struct Function<'src>(&'src str);
|
|
31
|
+
pub struct Function<'src>(pub(crate) &'src str);
|
|
32
32
|
|
|
33
33
|
impl PartialEq for Function<'_> {
|
|
34
34
|
fn eq(&self, other: &Self) -> bool {
|
|
@@ -455,7 +455,7 @@ mod tests {
|
|
|
455
455
|
use pest::Parser as _;
|
|
456
456
|
use pretty_assertions::assert_eq;
|
|
457
457
|
|
|
458
|
-
use super::{BinOp,
|
|
458
|
+
use super::{BinOp, Expr, ExprParser, Function, Rule, UnOp};
|
|
459
459
|
|
|
460
460
|
#[test]
|
|
461
461
|
fn test_function_eq() {
|
|
@@ -467,58 +467,6 @@ mod tests {
|
|
|
467
467
|
assert_eq!(func, Function("FOO"));
|
|
468
468
|
}
|
|
469
469
|
|
|
470
|
-
#[test]
|
|
471
|
-
fn test_context_eq() {
|
|
472
|
-
let ctx = Context::try_from("foo.bar.baz").unwrap();
|
|
473
|
-
assert_eq!(&ctx, "foo.bar.baz");
|
|
474
|
-
assert_eq!(&ctx, "FOO.BAR.BAZ");
|
|
475
|
-
assert_eq!(&ctx, "Foo.Bar.Baz");
|
|
476
|
-
}
|
|
477
|
-
|
|
478
|
-
#[test]
|
|
479
|
-
fn test_context_child_of() {
|
|
480
|
-
let ctx = Context::try_from("foo.bar.baz").unwrap();
|
|
481
|
-
|
|
482
|
-
for (case, child) in &[
|
|
483
|
-
// Trivial child cases.
|
|
484
|
-
("foo", true),
|
|
485
|
-
("foo.bar", true),
|
|
486
|
-
// Case-insensitive cases.
|
|
487
|
-
("FOO", true),
|
|
488
|
-
("FOO.BAR", true),
|
|
489
|
-
("Foo", true),
|
|
490
|
-
("Foo.Bar", true),
|
|
491
|
-
// We consider a context to be a child of itself.
|
|
492
|
-
("foo.bar.baz", true),
|
|
493
|
-
// Trivial non-child cases.
|
|
494
|
-
("foo.bar.baz.qux", false),
|
|
495
|
-
("foo.bar.qux", false),
|
|
496
|
-
("foo.qux", false),
|
|
497
|
-
("qux", false),
|
|
498
|
-
// Invalid cases.
|
|
499
|
-
("foo.", false),
|
|
500
|
-
(".", false),
|
|
501
|
-
("", false),
|
|
502
|
-
] {
|
|
503
|
-
assert_eq!(ctx.child_of(*case), *child);
|
|
504
|
-
}
|
|
505
|
-
}
|
|
506
|
-
|
|
507
|
-
#[test]
|
|
508
|
-
fn test_context_pop_if() {
|
|
509
|
-
let ctx = Context::try_from("foo.bar.baz").unwrap();
|
|
510
|
-
|
|
511
|
-
for (case, expected) in &[
|
|
512
|
-
("foo", Some("bar.baz")),
|
|
513
|
-
("Foo", Some("bar.baz")),
|
|
514
|
-
("FOO", Some("bar.baz")),
|
|
515
|
-
("foo.", None),
|
|
516
|
-
("bar", None),
|
|
517
|
-
] {
|
|
518
|
-
assert_eq!(ctx.pop_if(case), *expected);
|
|
519
|
-
}
|
|
520
|
-
}
|
|
521
|
-
|
|
522
470
|
#[test]
|
|
523
471
|
fn test_parse_string_rule() {
|
|
524
472
|
let cases = &[
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[package]
|
|
2
2
|
name = "github-actions-models"
|
|
3
|
-
version = "0.
|
|
3
|
+
version = "0.29.0"
|
|
4
4
|
description = "Unofficial, high-quality data models for GitHub Actions workflows, actions, and related components"
|
|
5
5
|
repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-models"
|
|
6
6
|
keywords = ["github", "ci"]
|
|
@@ -88,6 +88,22 @@ impl Display for EnvValue {
|
|
|
88
88
|
}
|
|
89
89
|
}
|
|
90
90
|
|
|
91
|
+
impl EnvValue {
|
|
92
|
+
/// Returns whether this [`EnvValue`] is a "trueish" value
|
|
93
|
+
/// per C#'s `Boolean.TryParse`.
|
|
94
|
+
///
|
|
95
|
+
/// This follows the semantics of C#'s `Boolean.TryParse`, where
|
|
96
|
+
/// the case-insensitive string "true" is considered true, but
|
|
97
|
+
/// "1", "yes", etc. are not.
|
|
98
|
+
pub fn csharp_trueish(&self) -> bool {
|
|
99
|
+
match self {
|
|
100
|
+
EnvValue::Boolean(true) => true,
|
|
101
|
+
EnvValue::String(maybe) => maybe.trim().eq_ignore_ascii_case("true"),
|
|
102
|
+
_ => false,
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
|
|
91
107
|
/// A "scalar or vector" type, for places in GitHub Actions where a
|
|
92
108
|
/// key can have either a scalar value or an array of values.
|
|
93
109
|
///
|
|
@@ -405,6 +421,31 @@ mod tests {
|
|
|
405
421
|
);
|
|
406
422
|
}
|
|
407
423
|
|
|
424
|
+
#[test]
|
|
425
|
+
fn test_env_value_csharp_trueish() {
|
|
426
|
+
let vectors = [
|
|
427
|
+
(EnvValue::Boolean(true), true),
|
|
428
|
+
(EnvValue::Boolean(false), false),
|
|
429
|
+
(EnvValue::String("true".to_string()), true),
|
|
430
|
+
(EnvValue::String("TRUE".to_string()), true),
|
|
431
|
+
(EnvValue::String("TrUe".to_string()), true),
|
|
432
|
+
(EnvValue::String(" true ".to_string()), true),
|
|
433
|
+
(EnvValue::String(" \n\r\t True\n\n".to_string()), true),
|
|
434
|
+
(EnvValue::String("false".to_string()), false),
|
|
435
|
+
(EnvValue::String("1".to_string()), false),
|
|
436
|
+
(EnvValue::String("yes".to_string()), false),
|
|
437
|
+
(EnvValue::String("on".to_string()), false),
|
|
438
|
+
(EnvValue::String("random".to_string()), false),
|
|
439
|
+
(EnvValue::Number(1.0), false),
|
|
440
|
+
(EnvValue::Number(0.0), false),
|
|
441
|
+
(EnvValue::Number(666.0), false),
|
|
442
|
+
];
|
|
443
|
+
|
|
444
|
+
for (val, expected) in vectors {
|
|
445
|
+
assert_eq!(val.csharp_trueish(), expected, "failed for {:?}", val);
|
|
446
|
+
}
|
|
447
|
+
}
|
|
448
|
+
|
|
408
449
|
#[test]
|
|
409
450
|
fn test_uses_parses() {
|
|
410
451
|
let vectors = [
|
|
@@ -70,16 +70,16 @@ pub enum QueryError {
|
|
|
70
70
|
/// The sub-list member `e` would be identified via the path
|
|
71
71
|
/// `foo`, `bar`, `baz`, `1`, `1`.
|
|
72
72
|
#[derive(Debug)]
|
|
73
|
-
pub struct Query {
|
|
73
|
+
pub struct Query<'a> {
|
|
74
74
|
/// The individual top-down components of this query.
|
|
75
|
-
route: Vec<Component
|
|
75
|
+
route: Vec<Component<'a>>,
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
-
impl Query {
|
|
78
|
+
impl<'a> Query<'a> {
|
|
79
79
|
/// Constructs a new query from the given path components.
|
|
80
80
|
///
|
|
81
81
|
/// Returns `None` if the component list is empty.
|
|
82
|
-
pub fn new(route: Vec<Component
|
|
82
|
+
pub fn new(route: Vec<Component<'a>>) -> Option<Self> {
|
|
83
83
|
if route.is_empty() {
|
|
84
84
|
None
|
|
85
85
|
} else {
|
|
@@ -98,32 +98,32 @@ impl Query {
|
|
|
98
98
|
|
|
99
99
|
/// A builder for [`Query`] objects.
|
|
100
100
|
#[derive(Clone, Debug)]
|
|
101
|
-
pub struct QueryBuilder {
|
|
102
|
-
route: Vec<Component
|
|
101
|
+
pub struct QueryBuilder<'a> {
|
|
102
|
+
route: Vec<Component<'a>>,
|
|
103
103
|
}
|
|
104
104
|
|
|
105
|
-
impl Default for QueryBuilder {
|
|
105
|
+
impl Default for QueryBuilder<'_> {
|
|
106
106
|
fn default() -> Self {
|
|
107
107
|
Self::new()
|
|
108
108
|
}
|
|
109
109
|
}
|
|
110
110
|
|
|
111
|
-
impl QueryBuilder {
|
|
111
|
+
impl<'a> QueryBuilder<'a> {
|
|
112
112
|
/// Starts a new `QueryBuilder`.
|
|
113
113
|
pub fn new() -> Self {
|
|
114
114
|
Self { route: vec![] }
|
|
115
115
|
}
|
|
116
116
|
|
|
117
117
|
/// Adds a new key to the query being built.
|
|
118
|
-
pub fn key(mut self, key:
|
|
119
|
-
self.route.push(Component::Key(key
|
|
118
|
+
pub fn key(mut self, key: &'a str) -> Self {
|
|
119
|
+
self.route.push(Component::Key(key));
|
|
120
120
|
self
|
|
121
121
|
}
|
|
122
122
|
|
|
123
123
|
/// Adds multiple new keys to the query being built.
|
|
124
|
-
pub fn keys(mut self, keys: impl Iterator<Item =
|
|
124
|
+
pub fn keys(mut self, keys: impl Iterator<Item = &'a str>) -> Self {
|
|
125
125
|
for key in keys {
|
|
126
|
-
self = self.key(key
|
|
126
|
+
self = self.key(key)
|
|
127
127
|
}
|
|
128
128
|
|
|
129
129
|
self
|
|
@@ -139,16 +139,16 @@ impl QueryBuilder {
|
|
|
139
139
|
/// it in the process.
|
|
140
140
|
///
|
|
141
141
|
/// Panics unless at least one component has been added.
|
|
142
|
-
pub fn build(self) -> Query {
|
|
142
|
+
pub fn build(self) -> Query<'a> {
|
|
143
143
|
Query::new(self.route).expect("API misuse: must add at least one component")
|
|
144
144
|
}
|
|
145
145
|
}
|
|
146
146
|
|
|
147
147
|
/// A single `Query` component.
|
|
148
148
|
#[derive(Clone, Debug, PartialEq)]
|
|
149
|
-
pub enum Component {
|
|
149
|
+
pub enum Component<'a> {
|
|
150
150
|
/// A YAML key.
|
|
151
|
-
Key(
|
|
151
|
+
Key(&'a str),
|
|
152
152
|
|
|
153
153
|
/// An index into a YAML array.
|
|
154
154
|
Index(usize),
|
|
@@ -473,7 +473,7 @@ impl Document {
|
|
|
473
473
|
{
|
|
474
474
|
match component {
|
|
475
475
|
Component::Index(idx) => self.descend_sequence(&child, *idx),
|
|
476
|
-
Component::Key(key) => Err(QueryError::ExpectedMapping(key.
|
|
476
|
+
Component::Key(key) => Err(QueryError::ExpectedMapping(key.to_string())),
|
|
477
477
|
}
|
|
478
478
|
} else {
|
|
479
479
|
Err(QueryError::UnexpectedNode(child.kind().into()))
|
|
@@ -579,7 +579,7 @@ mod tests {
|
|
|
579
579
|
.build();
|
|
580
580
|
assert_eq!(
|
|
581
581
|
query.parent().unwrap().route,
|
|
582
|
-
[Component::Key("foo"
|
|
582
|
+
[Component::Key("foo"), Component::Key("bar")]
|
|
583
583
|
);
|
|
584
584
|
|
|
585
585
|
let query = QueryBuilder::new().keys(["foo"].into_iter()).build();
|
|
@@ -634,11 +634,11 @@ baz: quux
|
|
|
634
634
|
assert_eq!(
|
|
635
635
|
query.route,
|
|
636
636
|
[
|
|
637
|
-
Component::Key("foo"
|
|
638
|
-
Component::Key("bar"
|
|
637
|
+
Component::Key("foo"),
|
|
638
|
+
Component::Key("bar"),
|
|
639
639
|
Component::Index(1),
|
|
640
640
|
Component::Index(123),
|
|
641
|
-
Component::Key("lol"
|
|
641
|
+
Component::Key("lol"),
|
|
642
642
|
]
|
|
643
643
|
)
|
|
644
644
|
}
|
|
@@ -659,10 +659,10 @@ baz:
|
|
|
659
659
|
let doc = Document::new(doc).unwrap();
|
|
660
660
|
let query = Query {
|
|
661
661
|
route: vec![
|
|
662
|
-
Component::Key("baz"
|
|
663
|
-
Component::Key("sub"
|
|
664
|
-
Component::Key("keys"
|
|
665
|
-
Component::Key("abc"
|
|
662
|
+
Component::Key("baz"),
|
|
663
|
+
Component::Key("sub"),
|
|
664
|
+
Component::Key("keys"),
|
|
665
|
+
Component::Key("abc"),
|
|
666
666
|
Component::Index(2),
|
|
667
667
|
Component::Index(3),
|
|
668
668
|
],
|
|
@@ -692,7 +692,7 @@ bar: # outside
|
|
|
692
692
|
|
|
693
693
|
// Querying the root gives us all comments underneath it.
|
|
694
694
|
let query = Query {
|
|
695
|
-
route: vec![Component::Key("root"
|
|
695
|
+
route: vec![Component::Key("root")],
|
|
696
696
|
};
|
|
697
697
|
let feature = doc.query(&query).unwrap();
|
|
698
698
|
assert_eq!(
|
|
@@ -704,8 +704,8 @@ bar: # outside
|
|
|
704
704
|
// even though it's above it on the AST.
|
|
705
705
|
let query = Query {
|
|
706
706
|
route: vec![
|
|
707
|
-
Component::Key("root"
|
|
708
|
-
Component::Key("e"
|
|
707
|
+
Component::Key("root"),
|
|
708
|
+
Component::Key("e"),
|
|
709
709
|
Component::Index(1),
|
|
710
710
|
],
|
|
711
711
|
};
|