hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
159 Commits 1,741 Branches 165 Tags
169e57e87499fbe591a0e2f3d088b4ce68f02632
Commit Graph

84 Commits

Author SHA1 Message Date
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
5130135df0 fix(stepsExpression): allow steps from a composite action to communicate 2024-03-14 16:14:55 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
9ca1ac5bb9 Fix expression regexp 2024-03-14 12:58:02 +01:00
Alvaro Muñoz
3150f24d3f Update tests and fix regexp 2024-03-14 12:21:16 +01:00
Alvaro Muñoz
8e2c1a4f4e Expose predicates to check local flow 2024-03-14 11:58:07 +01:00
Alvaro Muñoz
3e2dffce8b Rename ContextExpression to SimpleReferenceExpression 2024-03-14 11:57:43 +01:00
Alvaro Muñoz
aa37339deb Apply suggestions from code review 2024-03-14 09:22:40 +01:00
Alvaro Muñoz
872b1f88f0 More regexp improvements 2024-03-13 22:47:19 +01:00
Alvaro Muñoz
0e50204672 More regexp improvements 2024-03-13 22:19:55 +01:00
Alvaro Muñoz
87b284e5e6 update 2024-03-13 19:14:57 +01:00
Alvaro Muñoz
839d16cde5 Treat If's values as expression no matter the delimiters 2024-03-13 18:41:17 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Alvaro Muñoz
9b97dbd870 Refactor ast nodes 2024-03-12 10:16:43 +01:00
Alvaro Muñoz
86075c95bd Improve ExpressionNode Location handling 2024-03-07 22:28:54 +01:00
Alvaro Muñoz
96246f4b74 Add Expression nodes and their corresponding locations 2024-03-07 15:35:47 +01:00
Alvaro Muñoz
e5527d7a18 Refactor ast nodes 2024-03-05 19:59:43 +01:00
Alvaro Muñoz
6875640c64 Refactor getXXXExpr methods 2024-03-04 10:33:26 +01:00
Alvaro Muñoz
1c2f19f4e1 Merge Actions.qll and Ast.qll 2024-03-01 16:06:06 +01:00
Alvaro Muñoz
bcf3081259 Refactor Input/Outpts 2024-03-01 11:17:23 +01:00
Alvaro Muñoz
0eabdd9507 Rename classes 2024-03-01 09:44:33 +01:00
Alvaro Muñoz
6b11506abb test: Add tests 2024-02-29 13:23:59 +01:00
Alvaro Muñoz
8a9ec88b36 feat(matrix): Add support for flow through matrix vars 2024-02-28 13:21:29 +01:00
Alvaro Muñoz
8e7e5d03a5 fix(test): Add expected files 2024-02-28 11:15:38 +01:00
Alvaro Muñoz
fe976faf6a feat(queries): Migrate queries from AdvancedSecurity repo 2024-02-27 15:20:35 +01:00
Alvaro Muñoz
98f3a1e7bf fix(env): Improve env access support 2024-02-26 10:43:55 +01:00
Alvaro Muñoz
f513a19c24 fix: restrict EnvCtxAccessExpr to Env decarlations on the same file 2024-02-23 11:53:47 +01:00
Alvaro Muñoz
ecefb7ffb5 feat(untrusted checkout query): Add new query and tests 2024-02-22 13:12:37 +01:00
Alvaro Muñoz
d0b904a590 Fix QLpack names 2024-02-21 21:57:45 +01:00
Alvaro Muñoz
7a1369d9d0 Merge pull request #19 from GitHubSecurityLab/steps 2024-02-21 18:38:44 +01:00
Jorge
9e2be7d674 Apply suggestions from code review 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2024-02-21 17:27:39 +01:00
Alvaro Muñoz
3d5567d698 Update ql/lib/codeql/actions/Ast.qll 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-02-21 16:50:44 +01:00
Alvaro Muñoz
a28f8e90f0 Update ql/lib/ext/tj-actions_branch-names.model.yml 2024-02-21 16:50:33 +01:00
Jorge
3ca7adab4f Merge branch 'master' into steps 2024-02-21 15:31:42 +01:00
jorgectf
e1d6c7dac4 Add some steps 2024-02-21 15:29:27 +01:00
Alvaro Muñoz
a2b0a01298 fix: fix merge conflict 2024-02-21 10:57:51 +01:00
Alvaro Muñoz
ea29a09fd7 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
3aa4f7f1af feat(triggers): Add getEnclosingWorkflowStmt to Statement class 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
3814462266 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:23:37 +01:00
Alvaro Muñoz
4b9cec79dc Merge pull request #17 from GitHubSecurityLab/reusable_workflow_models 
feat(reusable-workflow-models): Reusable workflow MaD
 2024-02-21 10:20:40 +01:00
Alvaro Muñoz
a2210dca79 feat(triggers): Add getEnclosingWorkflowStmt to Statement class 2024-02-20 21:48:29 +01:00
Alvaro Muñoz
010d7df71d feat(reusable-workflow-models): Reusable workflow MaD 
Add support to define sources/sinks/summaries for Reusable Workflows as
MaD entries.
 2024-02-20 11:58:54 +01:00
Alvaro Muñoz
1d582a4c4d feat(model-generation): Add more model generation queries 
Add new queries for finding reusable workflows that behave as summaries, sources or sinks.
Add new query for finding composite actions that behave as sinks.
Add `github.event.inputs` context to the regular expression matching input var accesses.
 2024-02-20 10:50:02 +01:00
Alvaro Muñoz
76f245b337 feat(actions): use published actions packs 2024-02-16 15:34:20 +01:00
Alvaro Muñoz
5d1264d3a4 feat(action): update references to qlpacks 2024-02-16 12:56:06 +01:00
Alvaro Muñoz
cf4ab41df2 feat(action): rename qlpacks to use githubsecuritylab prefix 2024-02-16 12:32:48 +01:00