hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
530 Commits 1,741 Branches 166 Tags
80d2bbdc9be6269fe9fd37164cb79aeeaa974217
Commit Graph

148 Commits

Author SHA1 Message Date
Alvaro Muñoz
ab8dd599b7 fix(queries): Fix Missing Permissions query 
If a job is only triggered by `workflow_call`, we dont report any issues
since they should be reported on the calling workflows
 2024-07-31 11:45:30 +02:00
Alvaro Muñoz
da36924bb1 feat(queries): Add Output Clobbering query 2024-07-30 10:26:41 +02:00
Alvaro Muñoz
15649afd5c feat(queries): Improve envvar injection queries 
Consider those cases where the contents of a file are written to a var
and that var assigned to GITHUB_ENV
 2024-07-22 12:44:27 +02:00
Alvaro Muñoz
270ca2ad7d feat(queries): Experimental Output clobbering query 2024-07-15 21:00:54 +02:00
Alvaro Muñoz
fc39249f92 feat(queries): Consider untrusted checkout as a source for code injections 2024-07-15 21:00:28 +02:00
Alvaro Muñoz
cc64c95dbc feat(dataflow): Update edges predicate to only link to next step 
Previously each step was linking to all possible following steps. This change makes a better flow path explanation flowing from the checkout to the poisonable step, step by step
 2024-07-13 23:28:47 +02:00
Alvaro Muñoz
44911382af feat(tests): Update tests results 2024-07-12 23:49:05 +02:00
Alvaro Muñoz
7f77e89bbf feat(tests): Add test for checkout in composite action 2024-07-12 23:31:12 +02:00
Alvaro Muñoz
a1787596d2 feat(tests): Update tests 2024-07-12 12:45:19 +02:00
Alvaro Muñoz
8289bf97b9 feat(models): Add support for artifact to step output 2024-07-12 11:10:01 +02:00
Alvaro Muñoz
29d2b287c9 tests: Organize tests 2024-07-12 10:14:39 +02:00
Alvaro Muñoz
3f8a791b2e fix(queries): Improve Argument Injection query 
Add GITHUB_HEAD_REF as a source
 2024-07-11 22:59:20 +02:00
Alvaro Muñoz
89024ad604 fix(models): Reuse command delimiter regexps 2024-07-11 22:58:20 +02:00
Alvaro Muñoz
eb66114d8b feat(models): New ArgInj sink 2024-07-11 11:35:44 +02:00
Alvaro Muñoz
56af52a729 feat(tests): New tests for Command Injection 
Injections on a workflow_run triggered protected by a allow branches list should not be reported as critical
 2024-07-11 10:46:37 +02:00
Alvaro Muñoz
adbb236465 fix(query): Better identification of argument injection commands 2024-07-11 10:45:49 +02:00
Alvaro Muñoz
732f0dc29f feat(queries): Argument Injection 
Make argument injection sinks congigurable with MaD
 2024-07-11 10:04:43 +02:00
Alvaro Muñoz
73c77bc93b Initial implementation 
Pending work: complete the regular expression
 2024-07-11 10:04:43 +02:00
Alvaro Muñoz
621ead2266 Fix branches logic 2024-07-10 13:09:23 +02:00
Alvaro Muñoz
090b3d41d1 Fix branches logic 2024-07-10 13:08:54 +02:00
Alvaro Muñoz
53b88627e5 feat(core): Exclude worflow_run#branches#default branch from externally triggerable events 2024-07-10 12:15:49 +02:00
Alvaro Muñoz
e23054292b feat(tests): Add new tests 
Add new tests to verify that even if a job is privileged, if the vulnerability takes place in a different one, it should be considered as non-priveleged and reported as Cache Poisoning instead of Untrusted Checkout
 2024-07-10 11:49:02 +02:00
Alvaro Muñoz
8231261ccf New poisonable steps 2024-07-09 17:28:04 +02:00
Alvaro Muñoz
ee265c4879 fix(models): Slash-command-action 
Do not consider slash-command-action command-arguments as a remote flow source if it requires write or admin permissions
 2024-07-08 22:38:53 +02:00
Alvaro Muñoz
20ce5d5344 Add JS local imports as Poisonable steps 2024-07-08 12:59:16 +02:00
Alvaro Muñoz
bc483fc380 Add poisonable step test 2024-07-06 22:44:57 +02:00
Alvaro Muñoz
e5064f8090 Improve poisonable steps 2024-07-05 18:16:50 +02:00
Alvaro Muñoz
7d58beba67 Better control check support 2024-07-04 13:04:59 +02:00
Alvaro Muñoz
69db192378 Bump qlpack versions 2024-07-03 12:40:48 +02:00
Alvaro Muñoz
c70fb6e911 Consider toJson as a sanitizer for Code Injection in JS 2024-07-03 12:25:24 +02:00
Alvaro Muñoz
4b01cd5be4 Support flow through fromJson 2024-07-02 23:51:19 +02:00
Alvaro Muñoz
1281ca8e81 Bump qlpack versions 2024-07-01 23:01:38 +02:00
Alvaro Muñoz
a485528ebe Refactor bash script parsing to improve coverage of env var injection 2024-06-28 12:31:43 +02:00
Alvaro Muñoz
a9ea9a1f8a Update expected test files 2024-06-27 22:53:32 +02:00
Alvaro Muñoz
4516d3df81 Bump qlpack versions 2024-06-27 16:09:49 +02:00
Alvaro Muñoz
76b115deb0 Dedup Cache poisoning and Untrusted checkout 2024-06-26 19:44:44 +02:00
Alvaro Muñoz
5cd292e23e Make Untrusted Checkout and CachePoisoning rules path-problems 2024-06-26 19:17:37 +02:00
Alvaro Muñoz
e6311966c8 Take explicit permission into account for privilege calculation 2024-06-26 16:17:07 +02:00
Alvaro Muñoz
61797e9180 Add pull_request-comment-branch head_ref as a source 2024-06-25 13:27:08 +02:00
Alvaro Muñoz
fc8173239e Move configuration to MaD files 2024-06-25 09:47:43 +02:00
Alvaro Muñoz
6df70d1a45 Do not consider priv events if runtime data is available 2024-06-23 21:34:30 +02:00
Alvaro Muñoz
4619128c11 Move from githubsecuritylab packages to github 2024-06-20 09:50:36 +02:00
Alvaro Muñoz
fbaf329428 Remove dependencies with javascript-all 2024-06-13 11:50:28 +02:00
Alvaro Muñoz
df3d6131a8 Update lock files 2024-06-12 08:50:49 +02:00
Alvaro Muñoz
ad1f35c86a Move from yaml to js extractor 2024-06-11 21:24:22 +02:00
Alvaro Muñoz
d13a937a5d Update Cache Poisoning 2024-06-06 17:30:43 +02:00
Alvaro Muñoz
ba4dd2b0ed Update to latest dataflow shared library 2024-06-06 17:23:40 +02:00
Alvaro Muñoz
2c96127425 Improve event context sources + test 2024-06-05 16:34:52 +02:00
Alvaro Muñoz
284c52f972 Bump qlpack versions 2024-06-05 10:54:37 +02:00
Alvaro Muñoz
fa05b684d7 Dont consider pull_request with write permissions as priv 2024-06-03 22:17:42 +02:00