initial commit of actions

2026-01-31 18:56:04 +01:00 · 2026-01-31 18:56:04 +01:00 · 949ece5785
commit 949ece5785
44660 changed files with 12034344 additions and 0 deletions
--- a/github/codeql-action-v1/node_modules/eslint-plugin-github/lib/rules/authenticity-token.js
+++ b/github/codeql-action-v1/node_modules/eslint-plugin-github/lib/rules/authenticity-token.js
@ -0,0 +1,30 @@
+module.exports = {
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'disallow usage of CSRF tokens in JavaScript',
+      url: require('../url')(module)
+    },
+    schema: []
+  },
+
+  create(context) {
+    function checkAuthenticityTokenUsage(node, str) {
+      if (str.includes('authenticity_token')) {
+        context.report({
+          node,
+          message:
+            'Form CSRF tokens (authenticity tokens) should not be created in JavaScript and their values should not be used directly for XHR requests.'
+        })
+      }
+    }
+
+    return {
+      Literal(node) {
+        if (typeof node.value === 'string') {
+          checkAuthenticityTokenUsage(node, node.value)
+        }
+      }
+    }
+  }
+}