Merge pull request #8 from GitHubSecurityLab/changed-files-sources

Add some changed-files sources

Author: Alvaro Muñoz

ql/lib/codeql/actions/dataflow/ExternalFlow.qll

@@ -32,7 +32,7 @@ predicate summaryModel(string action, string version, string input, string outpu
  * Fields:
  *    - action: Fully-qualified action name (NWO)
  *    - version: Either '*' or a specific SHA/Tag
- *    - input arg: sink node (prefixed with either `env.` or `input.`)
+ *    - input: sink node (prefixed with either `env.` or `input.`)
  *    - kind: sink kind
  */
 predicate sinkModel(string action, string version, string input, string kind) {

ql/lib/ext/REMOVEME.model.yml

@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: sourceModel
+    data:
+      - ["ahmadnassri/action-changed-files", "*", "output.files", "pull_request", "PR changed files"]
+      - ["ahmadnassri/action-changed-files", "*", "output.files", "pull_request_target", "PR changed files"]
+      - ["ahmadnassri/action-changed-files", "*", "output.json", "pull_request", "PR changed files"]
+      - ["ahmadnassri/action-changed-files", "*", "output.json", "pull_request_target", "PR changed files"]

ql/lib/ext/ahmadnassri_action-changed-files.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: sourceModel
+    data:
+      - ["dorny/paths-filter", "*", "output.changes", "pull_request", "PR changed files"]
+      - ["dorny/paths-filter", "*", "output.changes", "pull_request_target", "PR changed files"]

ql/lib/ext/dorny_paths-filter.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: summaryModel
+    data:
+      - ["frabert/replace-string-action", "*", "string", "replaced", "taint"]
+      - ["frabert/replace-string-action", "*", "replace-with", "replaced", "taint"]

ql/lib/ext/frabert-replace-string-action.model.yml

@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: sourceModel
+    data:
+      - ["jitterbit/get-changed-files", "*", "output.all", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.all", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.added", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.added", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.modified", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.modified", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.removed", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.removed", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.renamed", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.renamed", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.added_modified", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.added_modified", "pull_request_target", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.deleted", "pull_request", "PR changed files"]
+      - ["jitterbit/get-changed-files", "*", "output.deleted", "pull_request_target", "PR changed files"]

ql/lib/ext/frabert_replace-string-action.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: summaryModel
+    data:
+      - ["mad9000/actions-find-and-replace-string", "*", "source", "value", "taint"]
+      - ["mad9000/actions-find-and-replace-string", "*", "replace", "value", "taint"]

ql/lib/ext/jitterbit_get-changed-files.model.yml

@@ -0,0 +1,39 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: sourceModel
+    data:
+      - ["tj-actions/changed-files", "*", "output.added_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.added_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.copied_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.copied_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.deleted_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.deleted_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.modified_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.modified_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.renamed_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.renamed_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_old_new_renamed_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.type_changed_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.type_changed_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.unmerged_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.unmerged_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.unknown_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.unknown_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_changed_and_modified_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_changed_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_changed_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_changed_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_changed_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_modified_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.all_modified_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_modified_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_modified_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_deleted_files", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.other_deleted_files", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.modified_keys", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.modified_keys", "pull_request_target", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.changed_keys", "pull_request", "PR changed files"]
+      - ["tj-actions/changed-files", "*", "output.changed_keys", "pull_request_target", "PR changed files"]

ql/lib/ext/mad9000-actions-find-and-replace-string.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/actions-all
+      extensible: sourceModel
+    data:
+      - ["tj-actions/verify-changed-files", "*", "output.changed-files", "pull_request", "PR changed files"]
+      - ["tj-actions/verify-changed-files", "*", "output.changed-files", "pull_request_target", "PR changed files"]