codeql

mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	42d4bb577c	Better identification of checkout of untrusted code depending on the triggering events	2024-10-22 22:42:11 +02:00
Alvaro Muñoz	8f350d9068	Merge pull request #104 from github/new_gh_sources New gh CLI sources	2024-10-22 21:36:19 +02:00
Alvaro Muñoz	02c5f74f20	New gh CLI sources	2024-10-22 14:57:59 +02:00
Alvaro Muñoz	54338f4f35	Bump qlpack versions	2024-10-22 11:19:48 +02:00
Alvaro Muñoz	9a7e33bf3f	Merge pull request #103 from github/new_events Add workflow_dispatch and scheduled to the list of privileged and external (user interaction) events	2024-10-22 11:19:13 +02:00
Alvaro Muñoz	da10ee74d3	Add workflow_dispatch and scheduled to the list of privileged and external (user interaction) events	2024-10-22 11:18:42 +02:00
Alvaro Muñoz	6dbbfa9672	Bump qlpack versions	2024-10-21 12:12:37 +02:00
Alvaro Muñoz	229d42b515	Add sonar-scanner-action as a poisonable step	2024-10-21 11:05:06 +02:00
Alvaro Muñoz	fc5a6703b3	Add github.event.sender.login as an Actor source	2024-10-19 17:01:47 +02:00
Alvaro Muñoz	e03ba55812	Account for checkout path on Untrusted Checkout Critical	2024-10-19 17:01:29 +02:00
Alvaro Muñoz	7cba2e07bc	Bump qlpack versions	2024-10-17 21:40:40 +02:00
Alvaro Muñoz	c44c3bae9f	Update tests	2024-10-17 21:39:58 +02:00
Alvaro Muñoz	8323819504	New sources for octokit/request-action	2024-10-17 15:51:00 +02:00
Alvaro Muñoz	a1047d155c	Add new control checks using octokit/request-action	2024-10-17 14:48:53 +02:00
Alvaro Muñoz	6bf3eb79a9	Add sh as a bash-compatible POSIX shell	2024-10-17 10:44:43 +02:00
Alvaro Muñoz	b072cfa1f7	Add pwsh as the default shell for windows runners	2024-10-17 10:40:33 +02:00
Alvaro Muñoz	09f1fd1a81	Bump qlpack versions	2024-10-16 11:48:19 +02:00
Alvaro Muñoz	c5c3cd1726	Clean imports	2024-10-16 11:47:35 +02:00
Alvaro Muñoz	b49cd3b916	Better handling of EnvVar Injection and Argument Injection	2024-10-16 08:48:32 +02:00
Alvaro Muñoz	e2e1dddb36	Move arg injection sinks to ShellScript class	2024-10-15 09:48:01 +02:00
Alvaro Muñoz	2e5379f289	Update expected tests	2024-10-14 15:10:31 +02:00
Alvaro Muñoz	ff17d1dcb1	Add CmdI test	2024-10-14 12:50:11 +02:00
Alvaro Muñoz	3b95ae0b53	Bump QLPacks versions	2024-10-14 12:15:58 +02:00
Alvaro Muñoz	7fa77e2728	Delete test script	2024-10-14 12:05:00 +02:00
Alvaro Muñoz	be87eccbe7	Refactor Script support	2024-10-14 12:04:20 +02:00
Alvaro Muñoz	a09acb5462	Better parsing of Bash script commands	2024-10-13 11:56:09 +02:00
Alvaro Muñoz	c7b57b5b77	Merge command and file store steps	2024-10-13 11:55:41 +02:00
Alvaro Muñoz	48fa2967ed	Bump qlpack versions	2024-10-11 12:22:40 +02:00
Alvaro Muñoz	ba5e1ed22f	Merge pull request #102 from github/moar_poisonable_steps Major refactor	2024-10-11 12:21:57 +02:00
Alvaro Muñoz	99e92af034	Update tests	2024-10-11 12:20:57 +02:00
Alvaro Muñoz	1e749ae6d5	Add new poisonable step	2024-10-11 12:20:39 +02:00
Alvaro Muñoz	ee25f35653	Refactor of Bash functions	2024-10-11 12:20:26 +02:00
Alvaro Muñoz	d558ff80c3	New Command sources for git and GITHUB_EVENT_PATH	2024-10-11 12:20:03 +02:00
Alvaro Muñoz	d4a24dfdd1	Refactor FlowSteps	2024-10-11 12:19:22 +02:00
Alvaro Muñoz	898507eb54	Update publish.yml	2024-10-11 12:17:35 +02:00
Alvaro Muñoz	6a99845ecf	Remove old code to handle redirections to GITHUB_ENV Redirections to GITHUB_ENV are better handled now by the Bash module ----	2024-10-10 22:22:56 +02:00
Alvaro Muñoz	b7aba1f081	Bump qlpack versions	2024-10-04 18:05:58 +02:00
Alvaro Muñoz	742602d794	Merge pull request #101 from github/control_checks/toctou_split Improve control checks to better account for toctou issues	2024-10-04 18:04:33 +02:00
Alvaro Muñoz	860eda9c04	Improve control checks to better account for toctou issues	2024-10-04 18:04:13 +02:00
Alvaro Muñoz	a3cf8766ff	Bump qlpack versions	2024-10-03 14:42:23 +02:00
Alvaro Muñoz	c90690d338	Merge pull request #100 from github/arginj_exp Make Argument Injection queries experimental	2024-10-03 14:41:38 +02:00
Alvaro Muñoz	0c9b808fdf	Make Argument Injection queries experimental	2024-10-03 14:41:18 +02:00
Alvaro Muñoz	350b354fb3	remmove leftover comments	2024-10-03 14:17:45 +02:00
Alvaro Muñoz	5494f7f099	Bump qlpack versions	2024-10-03 14:16:37 +02:00
Alvaro Muñoz	a6302913cd	Merge pull request #99 from github/bash_parser Improve Bash script parser	2024-10-03 14:13:53 +02:00
Alvaro Muñoz	7d2cbc1f50	Improve Bash script parser	2024-10-03 14:13:27 +02:00
Alvaro Muñoz	68da482352	Bump qlpack versions	2024-10-02 12:36:49 +02:00
Alvaro Muñoz	cd1827e3c9	Merge pull request #98 from github/improve_arginj improve arginj	2024-10-02 12:36:06 +02:00
Alvaro Muñoz	531f3d40c0	Add tests for new bash parser	2024-10-02 12:35:09 +02:00
Alvaro Muñoz	6b98a5b5b1	Update tests	2024-10-02 12:34:27 +02:00

1 2 3 4 5 ...

738 Commits