hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
616 Commits 1,673 Branches 157 Tags
370d3adbb27b58e4cd5dc3fea67dddb494451b7b
Commit Graph

616 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
370d3adbb2 Merge pull request #80 from github/list_files 
Add models for list-files actions
 2024-09-11 18:08:15 +02:00
Alvaro Muñoz
5fe81ddb08 Update tests 2024-09-11 18:07:25 +02:00
Alvaro Muñoz
15bb4d851d Add new test for flow through matrix 2024-09-11 10:25:31 +02:00
Alvaro Muñoz
b199fdc3e2 Add new models for file listing actions 2024-09-11 10:25:10 +02:00
Alvaro Muñoz
321e5504bc Bump qlpack versions 2024-09-10 13:59:04 +02:00
Alvaro Muñoz
25a210734b Update tests 2024-09-10 13:58:36 +02:00
Alvaro Muñoz
ef41db3ce5 Extract simple reference expression from ORed disjuncts 2024-09-10 13:58:24 +02:00
Alvaro Muñoz
a9a297ab78 Update tests 2024-09-10 09:52:21 +02:00
Alvaro Muñoz
147da50cb9 Use Taint Tracking to track PR refs to checkout's ref argument 2024-09-10 09:52:09 +02:00
Alvaro Muñoz
bd0c762781 Refactor: Do not use PRHeadCheckoutStep on any dependency of TaintTracking 
Problem is that there are StoreSteps that depend on PRHeadCheckout so
there is a non-monotic recursion error since PRHeadCheckout depends on
TaintTracking module, but this module depends on PRHeadCheckout
 2024-09-10 09:51:32 +02:00
Alvaro Muñoz
42b487b348 Match callers and callees when root is not the repo root 
When running codeql test run, the root of the database is not the root
of the original repo (the directory containing .github and .git)
therefore calls to reusable workflows are not correctly matched.
 2024-09-10 09:49:43 +02:00
Alvaro Muñoz
f9d66d9b5e Bump qlpack versions 2024-09-06 23:37:00 +02:00
Alvaro Muñoz
2720aaf097 Add new test for secrets in artifact query 2024-09-06 23:36:29 +02:00
Alvaro Muñoz
279b0bb8f1 Change description for CWE-1395 query 2024-09-06 23:33:46 +02:00
Alvaro Muñoz
84b02febfe Bump qlpack versions 2024-09-06 22:53:53 +02:00
Alvaro Muñoz
72e0851e91 Update metadata for Secrets in Artifact query 2024-09-06 22:53:16 +02:00
Alvaro Muñoz
5e92026f14 Bump qlpack versions 2024-09-06 17:34:55 +02:00
Alvaro Muñoz
0e3097d604 Merge pull request #79 from github/secrets-in-artifacts 
feat: New query to report GITHUB_TOKEN exposed in artifacts
 2024-09-06 17:32:49 +02:00
Alvaro Muñoz
25eb417acc Remove public wording 2024-09-06 17:32:35 +02:00
Alvaro Muñoz
37fc6156d0 Removing experimental flag 2024-09-06 17:30:49 +02:00
Alvaro Muñoz
6eef51e415 fix: add path checks 2024-09-06 17:22:44 +02:00
Alvaro Muñoz
fefeae4469 feat: New query to report GITHUB_TOKEN exposed in artifacts 2024-09-06 17:00:15 +02:00
Alvaro Muñoz
b2f6ef246c Merge pull request #78 from github/rasmuswl/syntax-error-query 2024-09-06 15:48:35 +02:00
Rasmus Wriedt Larsen
2f68e6f26e Add missing test file 2024-09-06 14:53:46 +02:00
Rasmus Wriedt Larsen
4820626f29 Add SyntaxError query 
This can be used by autofix, but might also be nice to help find YAML syntax errors 🤷
 2024-09-06 14:04:46 +02:00
Alvaro Muñoz
ac7b7b7162 Bump qlpack versions 2024-09-06 10:50:58 +02:00
Alvaro Muñoz
4f57aade35 Improve accuracy of actions/download-artifact as a source 
If upload is on the same workflow, it needs to be triggered by a priv
workflow
 2024-09-06 10:49:27 +02:00
Alvaro Muñoz
0cabcf8ec7 Merge pull request #76 from github/pwntester-patch-1 
Update ArgumentInjectionCritical.md
 2024-08-23 17:40:48 +02:00
Alvaro Muñoz
293dd1a32b Update ArgumentInjectionCritical.md 2024-08-23 17:40:25 +02:00
Alvaro Muñoz
1ca985b415 Update qlpack.yml 2024-08-12 13:09:06 +02:00
Alvaro Muñoz
0baf7e3cef Update qlpack.yml 2024-08-12 13:08:38 +02:00
Jaroslav Lobačevski
90b3c96a38 Merge pull request #74 from github/docs/help_files 
docs/help files
 2024-08-12 11:59:07 +02:00
Jaroslav Lobačevski
d6027267aa fix variable name 2024-08-12 09:31:58 +00:00
Jaroslav Lobačevski
e83841bba9 fixes 2024-08-12 09:29:26 +00:00
Jaroslav Lobačevski
a282818272 grammar 2024-08-10 10:52:06 +00:00
Jaroslav Lobačevski
77ecca9f5e grammar 2024-08-10 10:17:40 +00:00
Jaroslav Lobačevski
cc6badaea6 grammar 2024-08-10 09:54:23 +00:00
Alvaro Muñoz
23754b6d2f Update publish.yml 2024-08-09 17:38:57 +02:00
Alvaro Muñoz
2b8169b000 Update publish.yml 2024-08-09 17:37:52 +02:00
Alvaro Muñoz
d166b7c03a Create publish.yml 2024-08-09 17:34:42 +02:00
Alvaro Muñoz
569e80b678 Fix ImproperAccess query 2024-08-09 17:17:18 +02:00
Alvaro Muñoz
9411fac4d0 New Descriptions 2024-08-09 17:06:06 +02:00
Alvaro Muñoz
d8df3ff6b3 Use ControlCheck.dominates in the ImproperAccessControl query 2024-08-09 17:05:41 +02:00
Alvaro Muñoz
9977f25f0f Move some queries to experimental 2024-08-09 17:05:17 +02:00
Alvaro Muñoz
f4f18f38cc Move Argument injection queries to its own CWE 2024-08-09 17:04:32 +02:00
Alvaro Muñoz
8ebe76668c Bump qlpack versions 2024-08-07 17:24:59 +02:00
Alvaro Muñoz
88f6eff724 Merge pull request #73 from github/fix/control_checks_actor 
fix(controlcheck): Improve checks for actors
 2024-08-07 17:24:27 +02:00
Alvaro Muñoz
1750ebac18 fix(controlcheck): Improve checks for actors 2024-08-07 17:09:50 +02:00
Alvaro Muñoz
b251c661f8 Bump qlpack versions 2024-08-07 13:46:50 +02:00
Alvaro Muñoz
e4559e19d8 Move Output Clobbering to CWE-074 2024-08-07 13:46:27 +02:00