github · xcorail · Jan 28, 2021 · Jan 28, 2021 · Jan 28, 2021
diff --git a/CodeQL_Queries/actions/pull_request_target.ql b/CodeQL_Queries/actions/pull_request_target.ql
@@ -3,7 +3,7 @@
  * @description Workflows triggered on `pull_request_target` have read/write tokens for the base repository and the access to secrets.
  *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
  *              that is able to push to the base repository and to access secrets.
- * @id java/actions/pull_request_target
+ * @id javascript/actions/pull_request_target
  * @kind problem
  * @problem.severity warning
  */

diff --git a/CodeQL_Queries/actions/script_injections.ql b/CodeQL_Queries/actions/script_injections.ql
@@ -2,7 +2,7 @@
  * @name Command injection from user-controlled Actions context
  * @description Using user-controlled GitHub Actions contexts in a command line may allow a malicious
  *              user to change the meaning of the command.
- * @id java/actions/command-injection
+ * @id javascript/actions/command-injection
  * @kind problem
  * @problem.severity error
  */