🐛 Add nil check before accessing a step's uses value. (ossf#2935)

spencerschrock · balteravishay · commit 63616e4c701a · 2023-05-29T07:08:49.000Z
Signed-off-by: Spencer Schrock &lt;sschrock@google.com&gt;
Signed-off-by: Avishay &lt;avishay.balter@gmail.com&gt;
diff --git a/checks/sast.go b/checks/sast.go
@@ -262,7 +262,7 @@ var searchGitHubActionWorkflowCodeQL fileparser.DoWhileTrueOnFileContent = func(
 	for _, job := range workflow.Jobs {
 		for _, step := range job.Steps {
 			e, ok := step.Exec.(*actionlint.ExecAction)
-			if !ok {
+			if !ok || e == nil || e.Uses == nil {
 				continue
 			}
 			// Parse out repo / SHA.

Original file line number	Diff line number	Diff line change
`@@ -262,7 +262,7 @@ var searchGitHubActionWorkflowCodeQL fileparser.DoWhileTrueOnFileContent = func(`
`262`	`262`	`for _, job := range workflow.Jobs {`
`263`	`263`	`for _, step := range job.Steps {`
`264`	`264`	`e, ok := step.Exec.(*actionlint.ExecAction)`
`265`		`- if !ok {`
	`265`	`+ if !ok \|\| e == nil \|\| e.Uses == nil {`
`266`	`266`	`continue`
`267`	`267`	`}`
`268`	`268`	`// Parse out repo / SHA.`