hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
194 Commits 1,740 Branches 165 Tags
119c7b81586a064426f4e10aef033d2101a4f8bf
Commit Graph

194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
119c7b8158 Bump qlpack versions 2024-04-03 11:41:42 +02:00
Alvaro Muñoz
9c90db3f83 Merge pull request #41 from GitHubSecurityLab/env_injection 
New Artifact Poisoning and EnvVar Injection queries
 2024-04-03 11:39:56 +02:00
Alvaro Muñoz
a2bbf704ee fix: triggering events for artifact poisoning 2024-04-03 11:39:35 +02:00
Alvaro Muñoz
2a1226c37a Add workflow_dispatch to the triggers for artifact poisoning 2024-04-02 12:54:42 +02:00
Alvaro Muñoz
152d29da38 Add Artifact poisoning and Env Injection queries 2024-04-01 18:53:37 +02:00
Alvaro Muñoz
c7b3148af6 Merge pull request #39 from GitHubSecurityLab/new_sources 
feat(sources): New sources
 2024-04-01 10:56:45 +02:00
Alvaro Muñoz
cc16318a90 Make new trilom source compliant with new sources 2024-04-01 10:56:03 +02:00
Alvaro Muñoz
ee81a87428 resolve conflicts 2024-04-01 10:54:02 +02:00
Alvaro Muñoz
9807cf87d5 resolve conflicts 2024-04-01 10:52:46 +02:00
Alvaro Muñoz
bdfd46111f Only triggered on non-pull_request events 2024-04-01 10:51:26 +02:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
ff3759eca8 Merge pull request #40 from GitHubSecurityLab/refactor_source_checks 
feat(sources): Do not take triggers into consideration
 2024-03-23 21:42:19 +01:00
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Alvaro Muñoz
9d5b026fde Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-21 14:21:30 +01:00
Alvaro Muñoz
06747cd98b Add tests for untrusted checkouts in workflow_run triggered workflows 2024-03-21 14:19:46 +01:00
Alvaro Muñoz
b6a097caa4 Merge pull request #38 from GitHubSecurityLab/improve_untrusted_co 2024-03-18 14:36:42 +01:00
Alvaro Muñoz
874e45e3e5 feat(sources): New sources 
This PR also adds the ability to not limit a source to a trigger event
 2024-03-18 13:22:53 +01:00
Alvaro Muñoz
9683ae35bc Add tests 2024-03-18 13:04:57 +01:00
Alvaro Muñoz
8023a527a4 fix(untrusted_co): Do not report Reusable workflows called from pull_request 2024-03-18 13:02:11 +01:00
Alvaro Muñoz
0a2be55507 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-18 11:00:30 +01:00
Alvaro Muñoz
8906bd9635 Bump versions 2024-03-18 11:00:22 +01:00
Jorge
cbfd53a17c Merge pull request #37 from GitHubSecurityLab/fix-inputs 
Fix inputs with composite action
 2024-03-15 23:03:27 +01:00
Jorge
e60c0b875f Fix inputs for composite action 2024-03-15 22:01:06 +00:00
Jorge
09c2ba4280 Make action download actions-all 2024-03-15 16:39:18 +01:00
Jorge
e0bbb66be4 Try to fix actions-all suite 2024-03-15 15:11:21 +01:00
Alvaro Muñoz
0da8f8d299 Merge pull request #36 from GitHubSecurityLab/fix_source_regexps 
fix(fn): Apply json wrappers to source regexps
 2024-03-15 14:05:29 +01:00
Alvaro Muñoz
d9e589c6e7 Remove unnecessary boundary anchors 2024-03-15 13:58:46 +01:00
Alvaro Muñoz
6cb15f06bc fix(fn): Apply json wrappers to source regexps 2024-03-15 13:54:21 +01:00
Alvaro Muñoz
27a9bc8564 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-15 13:34:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Alvaro Muñoz
ea135a60de Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 
Fix tokens
 2024-03-15 11:25:08 +01:00
Jorge
5908d6c567 Fix tokens 2024-03-15 11:23:37 +01:00
Jorge
465700b2cd Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 
Add `GITHUB_TOKEN`
 2024-03-15 11:19:41 +01:00
Alvaro Muñoz
188f9d5adc Merge pull request #34 from GitHubSecurityLab/refactor_queries 
Refactor queries
 2024-03-15 11:17:31 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Jorge
a36ae6a7e2 Add GITHUB_TOKEN 2024-03-15 11:07:01 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Alvaro Muñoz
12af3bdf08 resolve conflicts 2024-03-14 22:42:57 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Jorge
4fcd68ba5a Merge pull request #31 from GitHubSecurityLab/new_sinks 
Add security sinks
 2024-03-14 19:11:27 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
70dd7fe18f Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 17:47:20 +01:00
Alvaro Muñoz
d011269bf8 Merge pull request #32 from GitHubSecurityLab/choose-suite 2024-03-14 17:42:55 +01:00
Jorge
53209a26b1 build 2024-03-14 16:22:34 +00:00
Jorge
a9aba88bc5 Add alternate value 2024-03-14 17:21:26 +01:00
Jorge
678f99b6be build 2024-03-14 16:14:33 +00:00
Jorge
a9057a7386 Add suite input 2024-03-14 17:10:35 +01:00