hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 05:30:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
181 Commits 1,679 Branches 158 Tags
2ed3aceddfefcb329bf03335b4d9c6f68b08811e
Commit Graph

59 Commits

Author SHA1 Message Date
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Alvaro Muñoz
8023a527a4 fix(untrusted_co): Do not report Reusable workflows called from pull_request 2024-03-18 13:02:11 +01:00
Alvaro Muñoz
8906bd9635 Bump versions 2024-03-18 11:00:22 +01:00
Jorge
e0bbb66be4 Try to fix actions-all suite 2024-03-15 15:11:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
e726f9fff1 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:24:32 +01:00
Alvaro Muñoz
fe1bf58ae5 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:22:05 +01:00
Alvaro Muñoz
872b1f88f0 More regexp improvements 2024-03-13 22:47:19 +01:00
Alvaro Muñoz
0e50204672 More regexp improvements 2024-03-13 22:19:55 +01:00
Alvaro Muñoz
839d16cde5 Treat If's values as expression no matter the delimiters 2024-03-13 18:41:17 +01:00
Alvaro Muñoz
1bf2431c99 Improve UntrustedCheckout query 
Account for more events, more triggers and heuristics to detect git checkouts
 2024-03-13 15:41:57 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Alvaro Muñoz
9b97dbd870 Refactor ast nodes 2024-03-12 10:16:43 +01:00
Alvaro Muñoz
96246f4b74 Add Expression nodes and their corresponding locations 2024-03-07 15:35:47 +01:00
Alvaro Muñoz
1c2f19f4e1 Merge Actions.qll and Ast.qll 2024-03-01 16:06:06 +01:00
Alvaro Muñoz
bcf3081259 Refactor Input/Outpts 2024-03-01 11:17:23 +01:00
Alvaro Muñoz
0eabdd9507 Rename classes 2024-03-01 09:44:33 +01:00
Alvaro Muñoz
6b11506abb test: Add tests 2024-02-29 13:23:59 +01:00
Alvaro Muñoz
8a9ec88b36 feat(matrix): Add support for flow through matrix vars 2024-02-28 13:21:29 +01:00
Alvaro Muñoz
8e7e5d03a5 fix(test): Add expected files 2024-02-28 11:15:38 +01:00
Alvaro Muñoz
fe976faf6a feat(queries): Migrate queries from AdvancedSecurity repo 2024-02-27 15:20:35 +01:00
Alvaro Muñoz
98f3a1e7bf fix(env): Improve env access support 2024-02-26 10:43:55 +01:00
Alvaro Muñoz
645177cc80 Account for github.event.label check as a sanitizer for untrusted checkout 2024-02-26 09:39:42 +01:00
Alvaro Muñoz
68f15f2b85 rename query id 2024-02-22 13:14:53 +01:00
Alvaro Muñoz
ecefb7ffb5 feat(untrusted checkout query): Add new query and tests 2024-02-22 13:12:37 +01:00
Alvaro Muñoz
ea29a09fd7 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
3aa4f7f1af feat(triggers): Add getEnclosingWorkflowStmt to Statement class 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
4b9cec79dc Merge pull request #17 from GitHubSecurityLab/reusable_workflow_models 
feat(reusable-workflow-models): Reusable workflow MaD
 2024-02-21 10:20:40 +01:00
Alvaro Muñoz
010d7df71d feat(reusable-workflow-models): Reusable workflow MaD 
Add support to define sources/sinks/summaries for Reusable Workflows as
MaD entries.
 2024-02-20 11:58:54 +01:00
Alvaro Muñoz
1d582a4c4d feat(model-generation): Add more model generation queries 
Add new queries for finding reusable workflows that behave as summaries, sources or sinks.
Add new query for finding composite actions that behave as sinks.
Add `github.event.inputs` context to the regular expression matching input var accesses.
 2024-02-20 10:50:02 +01:00
Alvaro Muñoz
43a55e80a9 feat(model-generator): New qls for modelling composite actions 2024-02-16 16:02:10 +01:00
Alvaro Muñoz
5d1264d3a4 feat(action): update references to qlpacks 2024-02-16 12:56:06 +01:00
Alvaro Muñoz
cf4ab41df2 feat(action): rename qlpacks to use githubsecuritylab prefix 2024-02-16 12:32:48 +01:00
Alvaro Muñoz
0105d63a44 Add Action to scan repos 2024-02-16 12:25:23 +01:00
Alvaro Muñoz
1cd32195a7 feat(bash-step): Improve bash step accuracy 
Only pass the taint when the env var is directlty set as the step output
 2024-02-15 11:51:28 +01:00
Alvaro Muñoz
3c12e43d3f feat(composite-actions): Fix summary and source queries for composite actions analysis 2024-02-14 18:09:12 +01:00
Alvaro Muñoz
e6b4676f90 feat(field-flow): enhance dataflow tracking 
implement field flow to reduce false positives
 2024-02-14 10:47:00 +01:00
Alvaro Muñoz
271c512f4d better identification of Composite Actions input and output nodes 2024-02-13 11:40:22 +01:00
Alvaro Muñoz
e9707af38d feat: support for composite action's analysis 2024-02-12 22:55:58 +01:00
Alvaro Muñoz
4b57cee300 Initial implementaion of env context support 2024-02-12 15:14:47 +01:00