hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 10:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
181 Commits 1,673 Branches 157 Tags
2ed3aceddfefcb329bf03335b4d9c6f68b08811e
Commit Graph

181 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Alvaro Muñoz
9d5b026fde Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-21 14:21:30 +01:00
Alvaro Muñoz
06747cd98b Add tests for untrusted checkouts in workflow_run triggered workflows 2024-03-21 14:19:46 +01:00
Alvaro Muñoz
b6a097caa4 Merge pull request #38 from GitHubSecurityLab/improve_untrusted_co 2024-03-18 14:36:42 +01:00
Alvaro Muñoz
9683ae35bc Add tests 2024-03-18 13:04:57 +01:00
Alvaro Muñoz
8023a527a4 fix(untrusted_co): Do not report Reusable workflows called from pull_request 2024-03-18 13:02:11 +01:00
Alvaro Muñoz
0a2be55507 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-18 11:00:30 +01:00
Alvaro Muñoz
8906bd9635 Bump versions 2024-03-18 11:00:22 +01:00
Jorge
cbfd53a17c Merge pull request #37 from GitHubSecurityLab/fix-inputs 
Fix inputs with composite action
 2024-03-15 23:03:27 +01:00
Jorge
e60c0b875f Fix inputs for composite action 2024-03-15 22:01:06 +00:00
Jorge
09c2ba4280 Make action download actions-all 2024-03-15 16:39:18 +01:00
Jorge
e0bbb66be4 Try to fix actions-all suite 2024-03-15 15:11:21 +01:00
Alvaro Muñoz
0da8f8d299 Merge pull request #36 from GitHubSecurityLab/fix_source_regexps 
fix(fn): Apply json wrappers to source regexps
 2024-03-15 14:05:29 +01:00
Alvaro Muñoz
d9e589c6e7 Remove unnecessary boundary anchors 2024-03-15 13:58:46 +01:00
Alvaro Muñoz
6cb15f06bc fix(fn): Apply json wrappers to source regexps 2024-03-15 13:54:21 +01:00
Alvaro Muñoz
27a9bc8564 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-15 13:34:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Alvaro Muñoz
ea135a60de Merge pull request #35 from GitHubSecurityLab/jorgectf-patch-2 
Fix tokens
 2024-03-15 11:25:08 +01:00
Jorge
5908d6c567 Fix tokens 2024-03-15 11:23:37 +01:00
Jorge
465700b2cd Merge pull request #33 from GitHubSecurityLab/jorgectf-patch-1 
Add `GITHUB_TOKEN`
 2024-03-15 11:19:41 +01:00
Alvaro Muñoz
188f9d5adc Merge pull request #34 from GitHubSecurityLab/refactor_queries 
Refactor queries
 2024-03-15 11:17:31 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Jorge
a36ae6a7e2 Add GITHUB_TOKEN 2024-03-15 11:07:01 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Alvaro Muñoz
12af3bdf08 resolve conflicts 2024-03-14 22:42:57 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Jorge
4fcd68ba5a Merge pull request #31 from GitHubSecurityLab/new_sinks 
Add security sinks
 2024-03-14 19:11:27 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
70dd7fe18f Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 17:47:20 +01:00
Alvaro Muñoz
d011269bf8 Merge pull request #32 from GitHubSecurityLab/choose-suite 2024-03-14 17:42:55 +01:00
Jorge
53209a26b1 build 2024-03-14 16:22:34 +00:00
Jorge
a9aba88bc5 Add alternate value 2024-03-14 17:21:26 +01:00
Jorge
678f99b6be build 2024-03-14 16:14:33 +00:00
Jorge
a9057a7386 Add suite input 2024-03-14 17:10:35 +01:00
Alvaro Muñoz
cfed2d4ce0 Split queries 2024-03-14 16:30:23 +01:00
Alvaro Muñoz
8e5eeb2ea3 Merge branch 'untrusted_co' 2024-03-14 16:15:53 +01:00
Alvaro Muñoz
5130135df0 fix(stepsExpression): allow steps from a composite action to communicate 2024-03-14 16:14:55 +01:00
Alvaro Muñoz
a3ccc2eba3 Merge pull request #30 from GitHubSecurityLab/untrusted_co 
Improve UntrustedCheckout query
 2024-03-14 14:52:39 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
d12b24886f Merge branch 'untrusted_co' of https://github.com/GitHubSecurityLab/codeql-actions into untrusted_co 2024-03-14 12:58:56 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
9ca1ac5bb9 Fix expression regexp 2024-03-14 12:58:02 +01:00
Alvaro Muñoz
3150f24d3f Update tests and fix regexp 2024-03-14 12:21:16 +01:00
Alvaro Muñoz
7160f08222 Update ql/test/query-tests/Security/CWE-829/.github/workflows/auto_ci.yml 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 12:03:40 +01:00
Alvaro Muñoz
03277cc24b Add test for self-referencing jobs 2024-03-14 11:58:44 +01:00
Alvaro Muñoz
8e2c1a4f4e Expose predicates to check local flow 2024-03-14 11:58:07 +01:00