hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
209 Commits 1,712 Branches 163 Tags
8d2b8be133ff0f088d70baab96cb0ba8ad5762aa
Commit Graph

73 Commits

Author SHA1 Message Date
Alvaro Muñoz
5968da87bb Bump qlpack versions 2024-04-08 18:53:39 +02:00
Alvaro Muñoz
ae5b8bc0ac Bump qlpack versions 2024-04-08 17:12:45 +02:00
Alvaro Muñoz
31a1ea9593 Improve envvar injection 2024-04-08 17:12:00 +02:00
Alvaro Muñoz
45a51a9f74 Bump qlpack versions 2024-04-08 12:55:24 +02:00
Alvaro Muñoz
28ccf4fa68 Improve Artifact Poisoning query 2024-04-05 09:18:01 +02:00
Alvaro Muñoz
ce5928c6ba Bump qlpack versions 2024-04-03 15:43:43 +02:00
Alvaro Muñoz
f7ddd8b769 Include problem queries in actions-all suite 2024-04-03 15:39:50 +02:00
Alvaro Muñoz
2988bc8885 Centralize isPrivileged decisions 2024-04-03 15:39:00 +02:00
Alvaro Muñoz
119c7b8158 Bump qlpack versions 2024-04-03 11:41:42 +02:00
Alvaro Muñoz
a2bbf704ee fix: triggering events for artifact poisoning 2024-04-03 11:39:35 +02:00
Alvaro Muñoz
2a1226c37a Add workflow_dispatch to the triggers for artifact poisoning 2024-04-02 12:54:42 +02:00
Alvaro Muñoz
152d29da38 Add Artifact poisoning and Env Injection queries 2024-04-01 18:53:37 +02:00
Alvaro Muñoz
bdfd46111f Only triggered on non-pull_request events 2024-04-01 10:51:26 +02:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Alvaro Muñoz
8023a527a4 fix(untrusted_co): Do not report Reusable workflows called from pull_request 2024-03-18 13:02:11 +01:00
Alvaro Muñoz
8906bd9635 Bump versions 2024-03-18 11:00:22 +01:00
Jorge
e0bbb66be4 Try to fix actions-all suite 2024-03-15 15:11:21 +01:00
Alvaro Muñoz
01d8d79e6d Bump versions 2024-03-15 13:34:12 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Alvaro Muñoz
92dbceb507 boost pack versions 2024-03-15 10:19:08 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
f251783c26 Apply suggestions from code review 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-03-14 21:52:22 +01:00
Alvaro Muñoz
d21d453d1c Split queries 2024-03-14 21:52:22 +01:00
jorgectf
d26ead7c3b Add security sinks 2024-03-14 21:52:22 +01:00
Jorge
1e64b18212 Add suite that runs all queries 2024-03-14 19:09:22 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
e726f9fff1 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:24:32 +01:00
Alvaro Muñoz
fe1bf58ae5 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:22:05 +01:00
Alvaro Muñoz
872b1f88f0 More regexp improvements 2024-03-13 22:47:19 +01:00
Alvaro Muñoz
0e50204672 More regexp improvements 2024-03-13 22:19:55 +01:00
Alvaro Muñoz
839d16cde5 Treat If's values as expression no matter the delimiters 2024-03-13 18:41:17 +01:00
Alvaro Muñoz
1bf2431c99 Improve UntrustedCheckout query 
Account for more events, more triggers and heuristics to detect git checkouts
 2024-03-13 15:41:57 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Alvaro Muñoz
9b97dbd870 Refactor ast nodes 2024-03-12 10:16:43 +01:00
Alvaro Muñoz
96246f4b74 Add Expression nodes and their corresponding locations 2024-03-07 15:35:47 +01:00
Alvaro Muñoz
1c2f19f4e1 Merge Actions.qll and Ast.qll 2024-03-01 16:06:06 +01:00
Alvaro Muñoz
bcf3081259 Refactor Input/Outpts 2024-03-01 11:17:23 +01:00
Alvaro Muñoz
0eabdd9507 Rename classes 2024-03-01 09:44:33 +01:00
Alvaro Muñoz
6b11506abb test: Add tests 2024-02-29 13:23:59 +01:00
Alvaro Muñoz
8a9ec88b36 feat(matrix): Add support for flow through matrix vars 2024-02-28 13:21:29 +01:00
Alvaro Muñoz
8e7e5d03a5 fix(test): Add expected files 2024-02-28 11:15:38 +01:00
Alvaro Muñoz
fe976faf6a feat(queries): Migrate queries from AdvancedSecurity repo 2024-02-27 15:20:35 +01:00
Alvaro Muñoz
98f3a1e7bf fix(env): Improve env access support 2024-02-26 10:43:55 +01:00
Alvaro Muñoz
645177cc80 Account for github.event.label check as a sanitizer for untrusted checkout 2024-02-26 09:39:42 +01:00
Alvaro Muñoz
68f15f2b85 rename query id 2024-02-22 13:14:53 +01:00
Alvaro Muñoz
ecefb7ffb5 feat(untrusted checkout query): Add new query and tests 2024-02-22 13:12:37 +01:00
Alvaro Muñoz
ea29a09fd7 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:56:17 +01:00