hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-03 17:50:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
728 Commits 1,673 Branches 157 Tags
7cba2e07bc232808a5dbc2ec08b044ec2d3c8097
Commit Graph

414 Commits

Author SHA1 Message Date
Alvaro Muñoz
7cba2e07bc Bump qlpack versions 2024-10-17 21:40:40 +02:00
Alvaro Muñoz
8323819504 New sources for octokit/request-action 2024-10-17 15:51:00 +02:00
Alvaro Muñoz
a1047d155c Add new control checks using octokit/request-action 2024-10-17 14:48:53 +02:00
Alvaro Muñoz
6bf3eb79a9 Add sh as a bash-compatible POSIX shell 2024-10-17 10:44:43 +02:00
Alvaro Muñoz
b072cfa1f7 Add pwsh as the default shell for windows runners 2024-10-17 10:40:33 +02:00
Alvaro Muñoz
09f1fd1a81 Bump qlpack versions 2024-10-16 11:48:19 +02:00
Alvaro Muñoz
c5c3cd1726 Clean imports 2024-10-16 11:47:35 +02:00
Alvaro Muñoz
b49cd3b916 Better handling of EnvVar Injection and Argument Injection 2024-10-16 08:48:32 +02:00
Alvaro Muñoz
e2e1dddb36 Move arg injection sinks to ShellScript class 2024-10-15 09:48:01 +02:00
Alvaro Muñoz
3b95ae0b53 Bump QLPacks versions 2024-10-14 12:15:58 +02:00
Alvaro Muñoz
be87eccbe7 Refactor Script support 2024-10-14 12:04:20 +02:00
Alvaro Muñoz
a09acb5462 Better parsing of Bash script commands 2024-10-13 11:56:09 +02:00
Alvaro Muñoz
c7b57b5b77 Merge command and file store steps 2024-10-13 11:55:41 +02:00
Alvaro Muñoz
48fa2967ed Bump qlpack versions 2024-10-11 12:22:40 +02:00
Alvaro Muñoz
1e749ae6d5 Add new poisonable step 2024-10-11 12:20:39 +02:00
Alvaro Muñoz
ee25f35653 Refactor of Bash functions 2024-10-11 12:20:26 +02:00
Alvaro Muñoz
d558ff80c3 New Command sources for git and GITHUB_EVENT_PATH 2024-10-11 12:20:03 +02:00
Alvaro Muñoz
d4a24dfdd1 Refactor FlowSteps 2024-10-11 12:19:22 +02:00
Alvaro Muñoz
6a99845ecf Remove old code to handle redirections to GITHUB_ENV 
Redirections to GITHUB_ENV are better handled now by the Bash module
----
 2024-10-10 22:22:56 +02:00
Alvaro Muñoz
b7aba1f081 Bump qlpack versions 2024-10-04 18:05:58 +02:00
Alvaro Muñoz
860eda9c04 Improve control checks to better account for toctou issues 2024-10-04 18:04:13 +02:00
Alvaro Muñoz
a3cf8766ff Bump qlpack versions 2024-10-03 14:42:23 +02:00
Alvaro Muñoz
350b354fb3 remmove leftover comments 2024-10-03 14:17:45 +02:00
Alvaro Muñoz
5494f7f099 Bump qlpack versions 2024-10-03 14:16:37 +02:00
Alvaro Muñoz
7d2cbc1f50 Improve Bash script parser 2024-10-03 14:13:27 +02:00
Alvaro Muñoz
68da482352 Bump qlpack versions 2024-10-02 12:36:49 +02:00
Alvaro Muñoz
8052696836 Add new Poisonable step for bun 2024-10-02 12:34:10 +02:00
Alvaro Muñoz
c58246363e Add new Argument Injection sinks 2024-10-02 12:34:01 +02:00
Alvaro Muñoz
a5075e5216 Change queries to use the new bash parser 2024-10-02 12:33:42 +02:00
Alvaro Muñoz
2727bf5e2f Add improved Bash script parser 2024-10-02 12:33:05 +02:00
Alvaro Muñoz
4b74adec4b Account for branches filter as a way to prevent workflow_run to trigger on PRs from forks 2024-10-02 12:31:59 +02:00
Alvaro Muñoz
ef37e3c594 Bump qlpack versions 2024-10-01 14:22:08 +02:00
Alvaro Muñoz
c7fde2a40d Bump qlpack versions 2024-09-30 15:35:00 +02:00
Alvaro Muñoz
e0a2eb93d6 fix: Repository checks do not protect workflow_run triggered jobs 2024-09-30 15:27:15 +02:00
Alvaro Muñoz
4edfdb4101 Bump qlpack versions 2024-09-28 23:59:23 +02:00
Alvaro Muñoz
f2c5a14883 Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue) 2024-09-28 23:57:32 +02:00
Alvaro Muñoz
1b3b47bb1e Bump qlpack versions 2024-09-27 21:39:51 +02:00
Alvaro Muñoz
4fffde2fc5 Add remote flow sources as a mutable ref source for untrusted checkouts 2024-09-27 21:38:38 +02:00
Alvaro Muñoz
294ebe56c6 Merge branch 'master' of https://github.com/github/codeql-actions 2024-09-27 18:33:55 +02:00
Alvaro Muñoz
1a5a3044c2 Bump qlpack versions 2024-09-27 18:25:31 +02:00
Alvaro Muñoz
9d26a8da26 Improve path checks for Artifact and Cache poisoning queries 2024-09-27 18:22:35 +02:00
Alvaro Muñoz
86c1d9c30f Improve artifact poisoning query 
Better check of download path
Add downloading to /tmp as a sanitizer
 2024-09-27 12:35:10 +02:00
Alvaro Muñoz
26f829eff4 Bump qlpack versions 2024-09-27 10:29:47 +02:00
Alvaro Muñoz
010ad359d7 Add new sources and summary steps 2024-09-27 10:28:44 +02:00
Alvaro Muñoz
71960b3ddd Bump qlpack versions 2024-09-25 18:22:46 +02:00
Alvaro Muñoz
16f1a53584 Add new sources for github.event.changes 2024-09-25 18:21:54 +02:00
Alvaro Muñoz
e147a0bc71 Bump qlpack versions 2024-09-25 15:26:31 +02:00
Alvaro Muñoz
b1ddbc9d13 Improve Control Checks 2024-09-25 15:25:56 +02:00
Alvaro Muñoz
43b61eb072 Bump qlpack versions 2024-09-24 23:04:57 +02:00
Alvaro Muñoz
356c200158 Composite Action steps's getEnclosingJob should return the calling job 2024-09-24 23:03:55 +02:00