hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 01:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
728 Commits 1,673 Branches 157 Tags
7cba2e07bc232808a5dbc2ec08b044ec2d3c8097
Commit Graph

728 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
7cba2e07bc Bump qlpack versions 2024-10-17 21:40:40 +02:00
Alvaro Muñoz
c44c3bae9f Update tests 2024-10-17 21:39:58 +02:00
Alvaro Muñoz
8323819504 New sources for octokit/request-action 2024-10-17 15:51:00 +02:00
Alvaro Muñoz
a1047d155c Add new control checks using octokit/request-action 2024-10-17 14:48:53 +02:00
Alvaro Muñoz
6bf3eb79a9 Add sh as a bash-compatible POSIX shell 2024-10-17 10:44:43 +02:00
Alvaro Muñoz
b072cfa1f7 Add pwsh as the default shell for windows runners 2024-10-17 10:40:33 +02:00
Alvaro Muñoz
09f1fd1a81 Bump qlpack versions 2024-10-16 11:48:19 +02:00
Alvaro Muñoz
c5c3cd1726 Clean imports 2024-10-16 11:47:35 +02:00
Alvaro Muñoz
b49cd3b916 Better handling of EnvVar Injection and Argument Injection 2024-10-16 08:48:32 +02:00
Alvaro Muñoz
e2e1dddb36 Move arg injection sinks to ShellScript class 2024-10-15 09:48:01 +02:00
Alvaro Muñoz
2e5379f289 Update expected tests 2024-10-14 15:10:31 +02:00
Alvaro Muñoz
ff17d1dcb1 Add CmdI test 2024-10-14 12:50:11 +02:00
Alvaro Muñoz
3b95ae0b53 Bump QLPacks versions 2024-10-14 12:15:58 +02:00
Alvaro Muñoz
7fa77e2728 Delete test script 2024-10-14 12:05:00 +02:00
Alvaro Muñoz
be87eccbe7 Refactor Script support 2024-10-14 12:04:20 +02:00
Alvaro Muñoz
a09acb5462 Better parsing of Bash script commands 2024-10-13 11:56:09 +02:00
Alvaro Muñoz
c7b57b5b77 Merge command and file store steps 2024-10-13 11:55:41 +02:00
Alvaro Muñoz
48fa2967ed Bump qlpack versions 2024-10-11 12:22:40 +02:00
Alvaro Muñoz
ba5e1ed22f Merge pull request #102 from github/moar_poisonable_steps 
Major refactor
 2024-10-11 12:21:57 +02:00
Alvaro Muñoz
99e92af034 Update tests 2024-10-11 12:20:57 +02:00
Alvaro Muñoz
1e749ae6d5 Add new poisonable step 2024-10-11 12:20:39 +02:00
Alvaro Muñoz
ee25f35653 Refactor of Bash functions 2024-10-11 12:20:26 +02:00
Alvaro Muñoz
d558ff80c3 New Command sources for git and GITHUB_EVENT_PATH 2024-10-11 12:20:03 +02:00
Alvaro Muñoz
d4a24dfdd1 Refactor FlowSteps 2024-10-11 12:19:22 +02:00
Alvaro Muñoz
898507eb54 Update publish.yml 2024-10-11 12:17:35 +02:00
Alvaro Muñoz
6a99845ecf Remove old code to handle redirections to GITHUB_ENV 
Redirections to GITHUB_ENV are better handled now by the Bash module
----
 2024-10-10 22:22:56 +02:00
Alvaro Muñoz
b7aba1f081 Bump qlpack versions 2024-10-04 18:05:58 +02:00
Alvaro Muñoz
742602d794 Merge pull request #101 from github/control_checks/toctou_split 
Improve control checks to better account for toctou issues
 2024-10-04 18:04:33 +02:00
Alvaro Muñoz
860eda9c04 Improve control checks to better account for toctou issues 2024-10-04 18:04:13 +02:00
Alvaro Muñoz
a3cf8766ff Bump qlpack versions 2024-10-03 14:42:23 +02:00
Alvaro Muñoz
c90690d338 Merge pull request #100 from github/arginj_exp 
Make Argument Injection queries experimental
 2024-10-03 14:41:38 +02:00
Alvaro Muñoz
0c9b808fdf Make Argument Injection queries experimental 2024-10-03 14:41:18 +02:00
Alvaro Muñoz
350b354fb3 remmove leftover comments 2024-10-03 14:17:45 +02:00
Alvaro Muñoz
5494f7f099 Bump qlpack versions 2024-10-03 14:16:37 +02:00
Alvaro Muñoz
a6302913cd Merge pull request #99 from github/bash_parser 
Improve Bash script parser
 2024-10-03 14:13:53 +02:00
Alvaro Muñoz
7d2cbc1f50 Improve Bash script parser 2024-10-03 14:13:27 +02:00
Alvaro Muñoz
68da482352 Bump qlpack versions 2024-10-02 12:36:49 +02:00
Alvaro Muñoz
cd1827e3c9 Merge pull request #98 from github/improve_arginj 
improve arginj
 2024-10-02 12:36:06 +02:00
Alvaro Muñoz
531f3d40c0 Add tests for new bash parser 2024-10-02 12:35:09 +02:00
Alvaro Muñoz
6b98a5b5b1 Update tests 2024-10-02 12:34:27 +02:00
Alvaro Muñoz
8052696836 Add new Poisonable step for bun 2024-10-02 12:34:10 +02:00
Alvaro Muñoz
c58246363e Add new Argument Injection sinks 2024-10-02 12:34:01 +02:00
Alvaro Muñoz
a5075e5216 Change queries to use the new bash parser 2024-10-02 12:33:42 +02:00
Alvaro Muñoz
2727bf5e2f Add improved Bash script parser 2024-10-02 12:33:05 +02:00
Alvaro Muñoz
4b74adec4b Account for branches filter as a way to prevent workflow_run to trigger on PRs from forks 2024-10-02 12:31:59 +02:00
Alvaro Muñoz
ef37e3c594 Bump qlpack versions 2024-10-01 14:22:08 +02:00
Alvaro Muñoz
853fdf0d35 Merge pull request #97 from github/rasmuswl/avoid-duplicate-code-injection-alerts 
Suppress `actions/cache-poisoning/code-injection` alerts covered by `actions/code-injection/critical`
 2024-10-01 11:47:41 +02:00
Alvaro Muñoz
4274673628 Merge pull request #95 from github/rasmuswl/fix-qhelp-file 2024-10-01 10:10:27 +02:00
Rasmus Wriedt Larsen
726392c8b7 Suppress actions/cache-poisoning/code-injection alerts covered by actions/code-injection/critical 2024-10-01 09:48:16 +02:00
Alvaro Muñoz
c7fde2a40d Bump qlpack versions 2024-09-30 15:35:00 +02:00