hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-09 04:30:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
766 Commits 1,680 Branches 157 Tags
5bf02e73ea2ab7cc8e12ef8fd784df1a183f007a
Commit Graph

307 Commits

Author SHA1 Message Date
Kylie Stradley
5bf02e73ea Update ql/src/Security/CWE-829/UnpinnedActionsTag.ql 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2024-11-04 11:30:29 -05:00
Kylie Stradley
f716222801 remove octokit from trusted orgs for now - reduce PR scope 2024-10-24 16:27:53 -04:00
Kylie Stradley
f8be8e768f Merge branch 'master' into immutable-actions 2024-10-24 15:25:31 -04:00
Kylie Stradley
df0c1e28e7 stub out qlhelp 2024-10-23 21:49:43 -04:00
Kylie Stradley
1c6d346f53 change ql message 2024-10-23 21:24:12 -04:00
Alvaro Muñoz
dbcf113546 Bump qlpack versions 2024-10-23 22:04:01 +02:00
Alvaro Muñoz
9a0795cc75 Bump qlpack versions 2024-10-23 12:16:32 +02:00
Alvaro Muñoz
6298f2520e Bump qlpack versions 2024-10-23 10:37:33 +02:00
Alvaro Muñoz
d1d92ae68a Create getATriggerEvent for Steps and refactor the code to use it 2024-10-23 10:13:20 +02:00
Alvaro Muñoz
b2a3aaacfd Bump qlpack versions 2024-10-23 09:40:25 +02:00
Alvaro Muñoz
0cacb6feaf Bump qlpack versions 2024-10-22 22:42:51 +02:00
Alvaro Muñoz
42d4bb577c Better identification of checkout of untrusted code depending on the triggering events 2024-10-22 22:42:11 +02:00
Alvaro Muñoz
54338f4f35 Bump qlpack versions 2024-10-22 11:19:48 +02:00
Alvaro Muñoz
da10ee74d3 Add workflow_dispatch and scheduled to the list of privileged and external (user interaction) events 2024-10-22 11:18:42 +02:00
Alvaro Muñoz
6dbbfa9672 Bump qlpack versions 2024-10-21 12:12:37 +02:00
Alvaro Muñoz
e03ba55812 Account for checkout path on Untrusted Checkout Critical 2024-10-19 17:01:29 +02:00
Kylie Stradley
2d5cd1a61a WIP. todo: modify help text in query to be helpful, write qlhelp file, find out how to not release to customers 2024-10-18 16:51:31 -04:00
Kylie Stradley
cf9b853a8f unversioned immutable actions wip 2024-10-17 16:14:03 -04:00
Kylie Stradley
325727ed6d recommend to add octokit to trusted orgs 2024-10-17 15:59:45 -04:00
Alvaro Muñoz
7cba2e07bc Bump qlpack versions 2024-10-17 21:40:40 +02:00
Alvaro Muñoz
09f1fd1a81 Bump qlpack versions 2024-10-16 11:48:19 +02:00
Alvaro Muñoz
c5c3cd1726 Clean imports 2024-10-16 11:47:35 +02:00
Alvaro Muñoz
ff17d1dcb1 Add CmdI test 2024-10-14 12:50:11 +02:00
Alvaro Muñoz
3b95ae0b53 Bump QLPacks versions 2024-10-14 12:15:58 +02:00
Alvaro Muñoz
48fa2967ed Bump qlpack versions 2024-10-11 12:22:40 +02:00
Alvaro Muñoz
b7aba1f081 Bump qlpack versions 2024-10-04 18:05:58 +02:00
Alvaro Muñoz
860eda9c04 Improve control checks to better account for toctou issues 2024-10-04 18:04:13 +02:00
Alvaro Muñoz
a3cf8766ff Bump qlpack versions 2024-10-03 14:42:23 +02:00
Alvaro Muñoz
0c9b808fdf Make Argument Injection queries experimental 2024-10-03 14:41:18 +02:00
Alvaro Muñoz
5494f7f099 Bump qlpack versions 2024-10-03 14:16:37 +02:00
Alvaro Muñoz
68da482352 Bump qlpack versions 2024-10-02 12:36:49 +02:00
Alvaro Muñoz
ef37e3c594 Bump qlpack versions 2024-10-01 14:22:08 +02:00
Alvaro Muñoz
853fdf0d35 Merge pull request #97 from github/rasmuswl/avoid-duplicate-code-injection-alerts 
Suppress `actions/cache-poisoning/code-injection` alerts covered by `actions/code-injection/critical`
 2024-10-01 11:47:41 +02:00
Alvaro Muñoz
4274673628 Merge pull request #95 from github/rasmuswl/fix-qhelp-file 2024-10-01 10:10:27 +02:00
Rasmus Wriedt Larsen
726392c8b7 Suppress actions/cache-poisoning/code-injection alerts covered by actions/code-injection/critical 2024-10-01 09:48:16 +02:00
Alvaro Muñoz
c7fde2a40d Bump qlpack versions 2024-09-30 15:35:00 +02:00
Rasmus Wriedt Larsen
c10d5a113e Rename help-file to match .ql file 
Reported by running

```
codeql generate query-help --format sarifv2.1.0 --output help.sairf ql/src/codeql-suites/actions-code-scanning.qls
```
 2024-09-30 15:13:32 +02:00
Alvaro Muñoz
4edfdb4101 Bump qlpack versions 2024-09-28 23:59:23 +02:00
Alvaro Muñoz
f2c5a14883 Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue) 2024-09-28 23:57:32 +02:00
Alvaro Muñoz
1b3b47bb1e Bump qlpack versions 2024-09-27 21:39:51 +02:00
Alvaro Muñoz
294ebe56c6 Merge branch 'master' of https://github.com/github/codeql-actions 2024-09-27 18:33:55 +02:00
Alvaro Muñoz
1a5a3044c2 Bump qlpack versions 2024-09-27 18:25:31 +02:00
Alvaro Muñoz
9d26a8da26 Improve path checks for Artifact and Cache poisoning queries 2024-09-27 18:22:35 +02:00
Alvaro Muñoz
26f829eff4 Bump qlpack versions 2024-09-27 10:29:47 +02:00
Alvaro Muñoz
71960b3ddd Bump qlpack versions 2024-09-25 18:22:46 +02:00
Alvaro Muñoz
e147a0bc71 Bump qlpack versions 2024-09-25 15:26:31 +02:00
Alvaro Muñoz
b1ddbc9d13 Improve Control Checks 2024-09-25 15:25:56 +02:00
Alvaro Muñoz
43b61eb072 Bump qlpack versions 2024-09-24 23:04:57 +02:00
Alvaro Muñoz
0d55b4e784 Bump qlpack versions 2024-09-24 21:59:10 +02:00
Alvaro Muñoz
fe06c9e5fa d /Users/pwntester/src/github.com/github/codeql-actions/ql 2024-09-24 12:12:09 +02:00