hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
637 Commits 1,673 Branches 157 Tags
5e74f8925567366df290aaa22b7a204ef5efbec4
Commit Graph

637 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
5e74f89255 Merge pull request #87 from github/reusable_workflow_priv_checks 
Consider a Reusable Workflow privileged if a caller is
 2024-09-23 10:19:00 +02:00
Alvaro Muñoz
df59e6f5d2 Consider a Reusable Workflow privileged if a caller is 2024-09-23 10:18:29 +02:00
Alvaro Muñoz
1dd7c3d2ef Bump qlpack versions 2024-09-22 22:06:35 +02:00
Alvaro Muñoz
b685a8df4d Merge pull request #86 from github/analyze_reusable_workflows 
Cross remote Reusable Workflow analysis
 2024-09-22 22:06:05 +02:00
Alvaro Muñoz
d44e7aee0a Cross remote Reusable Workflow analysis 2024-09-22 22:05:39 +02:00
Alvaro Muñoz
a1e44bc918 Bump qlpack versions 2024-09-20 15:42:19 +02:00
GitHub Security Lab
59592cc087 Merge pull request #85 from github/improve_reusable_workflow_calls 
Improve reusable workflow calls
 2024-09-20 15:41:42 +02:00
Alvaro Muñoz
116d83da5f Improve reusable workflow calls 2024-09-20 15:40:41 +02:00
Alvaro Muñoz
e9dfd9ccb4 Bump qlpack versions 2024-09-20 11:54:00 +02:00
GitHub Security Lab
d3c1db5948 Merge pull request #84 from github/report_unpin_node 
Modify UnpinnedActionsTag report node
 2024-09-20 11:53:26 +02:00
Alvaro Muñoz
c20e407c16 Modify UnpinnedActionsTag report node 2024-09-20 11:52:44 +02:00
Alvaro Muñoz
dac930de3a Merge branch 'master' of https://github.com/github/codeql-actions 2024-09-19 18:44:30 +02:00
Alvaro Muñoz
c3d7af8f59 Bump qlpack versions 2024-09-19 18:44:23 +02:00
Alvaro Muñoz
eca3205f3b Merge pull request #83 from github/fix_82 
feat: Improve sanitizer checks
 2024-09-19 18:40:38 +02:00
Alvaro Muñoz
db328f0b16 Improve Association check 2024-09-19 18:24:08 +02:00
Alvaro Muñoz
4f075f3f36 feat: Improve sanitizer checks 2024-09-19 13:38:08 +02:00
Alvaro Muñoz
92f3b1614c Bump qlpack versions 2024-09-17 17:07:35 +02:00
Alvaro Muñoz
69b9542a5f Add help file for SecretsInArtifacts query 2024-09-17 17:06:50 +02:00
Alvaro Muñoz
3a39058299 Bump qlpack versions 2024-09-12 10:42:12 +02:00
Alvaro Muñoz
69818c5bb5 Remove bindingset from DataFlow's compatibleTypes 2024-09-12 09:58:21 +02:00
Alvaro Muñoz
48a0fd500d Bump qlpack versions 2024-09-11 18:09:05 +02:00
Alvaro Muñoz
370d3adbb2 Merge pull request #80 from github/list_files 
Add models for list-files actions
 2024-09-11 18:08:15 +02:00
Alvaro Muñoz
5fe81ddb08 Update tests 2024-09-11 18:07:25 +02:00
Alvaro Muñoz
15bb4d851d Add new test for flow through matrix 2024-09-11 10:25:31 +02:00
Alvaro Muñoz
b199fdc3e2 Add new models for file listing actions 2024-09-11 10:25:10 +02:00
Alvaro Muñoz
321e5504bc Bump qlpack versions 2024-09-10 13:59:04 +02:00
Alvaro Muñoz
25a210734b Update tests 2024-09-10 13:58:36 +02:00
Alvaro Muñoz
ef41db3ce5 Extract simple reference expression from ORed disjuncts 2024-09-10 13:58:24 +02:00
Alvaro Muñoz
a9a297ab78 Update tests 2024-09-10 09:52:21 +02:00
Alvaro Muñoz
147da50cb9 Use Taint Tracking to track PR refs to checkout's ref argument 2024-09-10 09:52:09 +02:00
Alvaro Muñoz
bd0c762781 Refactor: Do not use PRHeadCheckoutStep on any dependency of TaintTracking 
Problem is that there are StoreSteps that depend on PRHeadCheckout so
there is a non-monotic recursion error since PRHeadCheckout depends on
TaintTracking module, but this module depends on PRHeadCheckout
 2024-09-10 09:51:32 +02:00
Alvaro Muñoz
42b487b348 Match callers and callees when root is not the repo root 
When running codeql test run, the root of the database is not the root
of the original repo (the directory containing .github and .git)
therefore calls to reusable workflows are not correctly matched.
 2024-09-10 09:49:43 +02:00
Alvaro Muñoz
f9d66d9b5e Bump qlpack versions 2024-09-06 23:37:00 +02:00
Alvaro Muñoz
2720aaf097 Add new test for secrets in artifact query 2024-09-06 23:36:29 +02:00
Alvaro Muñoz
279b0bb8f1 Change description for CWE-1395 query 2024-09-06 23:33:46 +02:00
Alvaro Muñoz
84b02febfe Bump qlpack versions 2024-09-06 22:53:53 +02:00
Alvaro Muñoz
72e0851e91 Update metadata for Secrets in Artifact query 2024-09-06 22:53:16 +02:00
Alvaro Muñoz
5e92026f14 Bump qlpack versions 2024-09-06 17:34:55 +02:00
Alvaro Muñoz
0e3097d604 Merge pull request #79 from github/secrets-in-artifacts 
feat: New query to report GITHUB_TOKEN exposed in artifacts
 2024-09-06 17:32:49 +02:00
Alvaro Muñoz
25eb417acc Remove public wording 2024-09-06 17:32:35 +02:00
Alvaro Muñoz
37fc6156d0 Removing experimental flag 2024-09-06 17:30:49 +02:00
Alvaro Muñoz
6eef51e415 fix: add path checks 2024-09-06 17:22:44 +02:00
Alvaro Muñoz
fefeae4469 feat: New query to report GITHUB_TOKEN exposed in artifacts 2024-09-06 17:00:15 +02:00
Alvaro Muñoz
b2f6ef246c Merge pull request #78 from github/rasmuswl/syntax-error-query 2024-09-06 15:48:35 +02:00
Rasmus Wriedt Larsen
2f68e6f26e Add missing test file 2024-09-06 14:53:46 +02:00
Rasmus Wriedt Larsen
4820626f29 Add SyntaxError query 
This can be used by autofix, but might also be nice to help find YAML syntax errors 🤷
 2024-09-06 14:04:46 +02:00
Alvaro Muñoz
ac7b7b7162 Bump qlpack versions 2024-09-06 10:50:58 +02:00
Alvaro Muñoz
4f57aade35 Improve accuracy of actions/download-artifact as a source 
If upload is on the same workflow, it needs to be triggered by a priv
workflow
 2024-09-06 10:49:27 +02:00
Alvaro Muñoz
0cabcf8ec7 Merge pull request #76 from github/pwntester-patch-1 
Update ArgumentInjectionCritical.md
 2024-08-23 17:40:48 +02:00
Alvaro Muñoz
293dd1a32b Update ArgumentInjectionCritical.md 2024-08-23 17:40:25 +02:00