hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
554 Commits 1,673 Branches 157 Tags
34b48d559b17536e9274f0bcf9e462ab5a8aeb57
Commit Graph

554 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
34b48d559b Add expected tests results 2024-08-05 23:45:51 +02:00
Alvaro Muñoz
c5314aeb6c Add new tests 2024-08-05 23:44:27 +02:00
Alvaro Muñoz
397eb2a762 Add getPath() to PRHeadCheckout and CacheWriting classes 
Add getPath() methods to get the path where a checkout step writes the
code and where a Cache write reads the files from.
 2024-08-05 23:44:20 +02:00
Alvaro Muñoz
0990774302 feat(poisonable_steps): Add python -m pip install 2024-08-05 18:53:53 +02:00
Alvaro Muñoz
ffe700c204 Merge pull request #68 from github/cat_env 
feat(bash): Add support for `cat hazelcast/.github/java-config.env >> $GITHUB_ENV`
 2024-08-02 15:49:19 +02:00
Alvaro Muñoz
8cf1a6afa7 feat(bash): Add support for cat hazelcast/.github/java-config.env >> $GITHUB_ENV 2024-08-02 15:48:57 +02:00
Alvaro Muñoz
90efdc7deb Bump qlpack versions 2024-08-02 12:47:16 +02:00
Alvaro Muñoz
4d7c985027 Merge pull request #67 from github/bash_script_parsing 
feat(bash): Improve bash command parsing
 2024-08-02 12:46:04 +02:00
Alvaro Muñoz
41fade5feb feat(bash): Improve bash command parsing 2024-08-02 12:44:43 +02:00
Alvaro Muñoz
c4d70e66e1 Bump qlpack versions 2024-08-01 17:49:13 +02:00
Alvaro Muñoz
822a326a4b Merge pull request #66 from github/tee_support 
feat(bash): Add support for tee as a way to write to GITHUB special files
 2024-08-01 17:47:55 +02:00
Alvaro Muñoz
f457537b34 feat(bash): Add support for tee as a way to write to GITHUB special files 2024-08-01 17:47:23 +02:00
Alvaro Muñoz
def170425a Bump qlpack versions 2024-08-01 11:43:48 +02:00
Alvaro Muñoz
e043cf3a54 Merge branch 'master' of https://github.com/github/codeql-actions 2024-08-01 11:38:55 +02:00
Alvaro Muñoz
c9b7340718 Bump qlpack versions 2024-08-01 11:38:46 +02:00
Alvaro Muñoz
5006b81565 Merge pull request #65 from github/query/vulnerable_versions 
feat(queries): Improve Use Of Vulnerable Actions query
 2024-08-01 11:37:24 +02:00
Alvaro Muñoz
6cfec0d245 feat(queries): Improve Use Of Vulnerable Actions query 
Move all info to a MaD config file so its easier to mantain
Add other vulnerable actions
 2024-08-01 11:37:00 +02:00
Alvaro Muñoz
a05dd49b74 Merge pull request #64 from github/query/path_traversal 
query/path traversal
 2024-07-31 23:14:48 +02:00
Alvaro Muñoz
5f1884aa32 feat(queries): Add new queries to report path traversal via artifact poisoning 2024-07-31 23:03:34 +02:00
Alvaro Muñoz
483f6229ff refactor: Create abstract class for known vulnerable actions 2024-07-31 23:02:52 +02:00
Alvaro Muñoz
4334524ac4 Merge pull request #63 from github/cwe_1395 
feat(queries): Add query to report vulnerable 3rd party actions
 2024-07-31 18:30:27 +02:00
Alvaro Muñoz
2b55d79c93 feat(queries): Add query to report vulnerable 3rd party actions 2024-07-31 18:29:17 +02:00
Alvaro Muñoz
a69fa5cb83 Merge pull request #62 from github/actions_download_artifact 
feat(queries): Add actions/download-artifact as a source of Artifact Poisoning
 2024-07-31 16:31:54 +02:00
Alvaro Muñoz
d548aef3e0 feat(queries): Add actions/download-artifact as a source of Artifact Poisoning 2024-07-31 16:31:15 +02:00
Alvaro Muñoz
80d2bbdc9b Merge pull request #61 from github/missing_permissions 
fix(queries): Fix Missing Permissions query
 2024-07-31 11:45:54 +02:00
Alvaro Muñoz
ab8dd599b7 fix(queries): Fix Missing Permissions query 
If a job is only triggered by `workflow_call`, we dont report any issues
since they should be reported on the calling workflows
 2024-07-31 11:45:30 +02:00
Alvaro Muñoz
8ffac2935e Bump qlpack versions 2024-07-30 18:22:20 +02:00
Alvaro Muñoz
65ad387543 fix: Add printf as an equivalent to echo 2024-07-30 18:18:22 +02:00
Alvaro Muñoz
bf10603b5f Bump qlpack versions 2024-07-30 10:28:15 +02:00
Alvaro Muñoz
f5261237a4 feat(suites): Add a bughalla-specific query suite 2024-07-30 10:27:28 +02:00
Alvaro Muñoz
da36924bb1 feat(queries): Add Output Clobbering query 2024-07-30 10:26:41 +02:00
Alvaro Muñoz
06ec94e731 Bump qlpack versions 2024-07-29 22:38:42 +02:00
Alvaro Muñoz
e3df12d77b Update Query suite 2024-07-29 22:37:47 +02:00
Alvaro Muñoz
eaf034e8cb feat(config): Add pipx as poisonable step 2024-07-25 11:09:02 +02:00
Alvaro Muñoz
28cc06e136 Bump qlpack versions 2024-07-24 18:28:09 +02:00
Alvaro Muñoz
ba6ab04dfc feat(suite): Remove severity:warning queries from CodeScanning suite 2024-07-24 18:27:39 +02:00
Alvaro Muñoz
bb78bb6f57 refactor(queries): update severity level for workflow permissions 2024-07-24 18:27:00 +02:00
Alvaro Muñoz
da28f7dc0a feat(config): add asv to poisonable steps list 2024-07-24 15:56:47 +02:00
Alvaro Muñoz
12e78ac4fe fix(regex): update pattern to match both gh and hub commands 2024-07-23 23:37:04 +02:00
Alvaro Muñoz
2dffb865d0 Bump qlpack versions 2024-07-22 12:45:34 +02:00
Alvaro Muñoz
15649afd5c feat(queries): Improve envvar injection queries 
Consider those cases where the contents of a file are written to a var
and that var assigned to GITHUB_ENV
 2024-07-22 12:44:27 +02:00
Alvaro Muñoz
270ca2ad7d feat(queries): Experimental Output clobbering query 2024-07-15 21:00:54 +02:00
Alvaro Muñoz
fc39249f92 feat(queries): Consider untrusted checkout as a source for code injections 2024-07-15 21:00:28 +02:00
Alvaro Muñoz
76ded33280 Bump qlpack versions 2024-07-13 23:29:36 +02:00
Alvaro Muñoz
cc64c95dbc feat(dataflow): Update edges predicate to only link to next step 
Previously each step was linking to all possible following steps. This change makes a better flow path explanation flowing from the checkout to the poisonable step, step by step
 2024-07-13 23:28:47 +02:00
Alvaro Muñoz
c1d8ca0976 Bump qlpack versions 2024-07-13 00:01:49 +02:00
Alvaro Muñoz
44911382af feat(tests): Update tests results 2024-07-12 23:49:05 +02:00
Alvaro Muñoz
9917c46f6f feat(core): Add StepsContainer class 
A StepsContainer is an abstract class that includes all nodes with steps: Runs and LocalJobs
 2024-07-12 23:48:52 +02:00
Alvaro Muñoz
69d173f13c fix(refactor): Remove unnecessary variables 2024-07-12 23:47:52 +02:00
Alvaro Muñoz
7f77e89bbf feat(tests): Add test for checkout in composite action 2024-07-12 23:31:12 +02:00