Actions/SecretExfiltrationQuery

d10c · d10c · commit 56f5a717c0f7 · 2025-10-08T13:24:12.000+02:00
actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql uses source as endpoint
diff --git a/actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll b/actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll
@@ -17,8 +17,6 @@ private module SecretExfiltrationConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof SecretExfiltrationSink }
 
   predicate observeDiffInformedIncrementalMode() { any() }
-
-  Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
 }
 
 /** Tracks flow of unsafe user input that is used in a context where it may lead to a secret exfiltration. */

Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,6 @@ private module SecretExfiltrationConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isSink(DataFlow::Node sink) { sink instanceof SecretExfiltrationSink }`
`18`	`18`
`19`	`19`	`predicate observeDiffInformedIncrementalMode() { any() }`
`20`		`-`
`21`		`- Location getASelectedSourceLocation(DataFlow::Node sink) { none() }`
`22`	`20`	`}`
`23`	`21`
`24`	`22`	`/** Tracks flow of unsafe user input that is used in a context where it may lead to a secret exfiltration. */`