hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-15 11:49:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,316 Commits 1,759 Branches 167 Tags
yoff/python-use-shared-control-flow
Commit Graph

17 Commits

Author SHA1 Message Date
Paolo Tranquilli
e807545591 Remove false positive docker/build-push-action context sink model 
The `context` input is passed as a single array element through
`docker/actions-toolkit` and `@actions/exec` all the way to
`child_process.spawn()`, which does not perform shell splitting.
No code injection is possible.

Fixes https://github.com/github/codeql/issues/21428
 2026-03-26 09:08:34 +01:00
Paolo Tranquilli
55d16e8781 Remove false-positive command-injection sink model for step-security/harden-runner 
The `allowed-endpoints` input only flows to `execFileSync("echo", [content])`
(no shell) and `fs.writeFileSync` (JSON config), neither of which is a
command injection vector.

Fixes https://github.com/github/codeql/issues/21568
 2026-03-25 10:58:16 +01:00
Neil Mendum
1a1c9b4ea4 actions: add some missing permissions 2025-05-14 17:28:54 +01:00
yoff
e7bb47f335 ruby: add MaD model for permissions needed by actions 
Use this to suggest minimal set of nedded permissions
 2025-03-31 16:48:37 +02:00
Jaroslav Lobačevski
5f63fc2048 Fix potentially privileged pull request medium query 2025-03-20 20:23:07 +00:00
Dave Bartolomeo
2dde9ab6b9 Move immutable-actions-list pack to codeql org 2025-02-27 12:30:11 -05:00
Dave Bartolomeo
abc174858e Remove octokit as trusted Actions owner 2025-02-27 12:15:40 -05:00
Dave Bartolomeo
86c5d9f1cd Move list of immutable actions into internal model pack for now. 2025-02-27 11:48:27 -05:00
Dave Bartolomeo
0e4725bfe2 Merge pull request #18435 from felickz/felickz/actions-trusted-owner-data-extensions 
Convert trusted actions list to data extension
 2025-02-07 10:25:41 -05:00
Asger F
16634e6dc9 Merge pull request #18540 from JarLob/bash 
Actions: Improve bash support
 2025-01-28 09:49:58 +01:00
Jaroslav Lobačevski
e242190e04 Fix rlespinasse/github-slug-action upper bound 2025-01-22 22:22:21 +00:00
Jaroslav Lobačevski
ab20625b8f Fix the upper bound of the range 2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski
83d13c6f20 Fix lower range for known vulnerable actions 2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski
6d94168ad9 gh view 2025-01-21 17:15:41 +00:00
Jaroslav Lobačevski
da9d612a47 Improve bash support 2025-01-20 14:59:30 +00:00
Chad Bentz
3e94a4c2bf Refactor trusted actions owner model 
- use existing data extensions config and yml folder
- rename from trustedActionsOwner to trustedActionsOwnerDataModel
- update related predicates
 2025-01-07 17:22:24 -05:00
Dave Bartolomeo
ee7680df84 Move into actions subdirectory to prepare for migration to github/codeql 2024-12-18 14:35:15 -05:00