codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00

Author	SHA1	Message	Date
Alvaro Muñoz	9807cf87d5	resolve conflicts	2024-04-01 10:52:46 +02:00
Alvaro Muñoz	2ed3aceddf	feat(sources): Do not take triggers into consideration	2024-03-22 13:32:29 +01:00
Alvaro Muñoz	06747cd98b	Add tests for untrusted checkouts in workflow_run triggered workflows	2024-03-21 14:19:46 +01:00
Alvaro Muñoz	8906bd9635	Bump versions	2024-03-18 11:00:22 +01:00
Alvaro Muñoz	d9e589c6e7	Remove unnecessary boundary anchors	2024-03-15 13:58:46 +01:00
Alvaro Muñoz	6cb15f06bc	fix(fn): Apply json wrappers to source regexps	2024-03-15 13:54:21 +01:00
Alvaro Muñoz	01d8d79e6d	Bump versions	2024-03-15 13:34:12 +01:00
Alvaro Muñoz	169e57e874	Refactor queries	2024-03-15 11:10:41 +01:00
Alvaro Muñoz	92dbceb507	boost pack versions	2024-03-15 10:19:08 +01:00
Alvaro Muñoz	46afa9c1f3	Add new tests	2024-03-14 22:41:01 +01:00
jorgectf	d26ead7c3b	Add security sinks	2024-03-14 21:52:22 +01:00
Alvaro Muñoz	5130135df0	fix(stepsExpression): allow steps from a composite action to communicate	2024-03-14 16:14:55 +01:00
Alvaro Muñoz	778d8978b0	DF support for untrusted checkout query	2024-03-14 13:55:10 +01:00
Alvaro Muñoz	22d0600da8	Support more PR head checkouts	2024-03-14 13:28:39 +01:00
Alvaro Muñoz	9ca1ac5bb9	Fix expression regexp	2024-03-14 12:58:02 +01:00
Alvaro Muñoz	3150f24d3f	Update tests and fix regexp	2024-03-14 12:21:16 +01:00
Alvaro Muñoz	8e2c1a4f4e	Expose predicates to check local flow	2024-03-14 11:58:07 +01:00
Alvaro Muñoz	3e2dffce8b	Rename ContextExpression to SimpleReferenceExpression	2024-03-14 11:57:43 +01:00
Alvaro Muñoz	aa37339deb	Apply suggestions from code review	2024-03-14 09:22:40 +01:00
Alvaro Muñoz	872b1f88f0	More regexp improvements	2024-03-13 22:47:19 +01:00
Alvaro Muñoz	0e50204672	More regexp improvements	2024-03-13 22:19:55 +01:00
Alvaro Muñoz	87b284e5e6	update	2024-03-13 19:14:57 +01:00
Alvaro Muñoz	839d16cde5	Treat If's values as expression no matter the delimiters	2024-03-13 18:41:17 +01:00
Alvaro Muñoz	0b71d02407	fix: clean debug lefovers	2024-03-13 13:49:50 +01:00
Alvaro Muñoz	9b97dbd870	Refactor ast nodes	2024-03-12 10:16:43 +01:00
Alvaro Muñoz	86075c95bd	Improve ExpressionNode Location handling	2024-03-07 22:28:54 +01:00
Alvaro Muñoz	96246f4b74	Add Expression nodes and their corresponding locations	2024-03-07 15:35:47 +01:00
Alvaro Muñoz	e5527d7a18	Refactor ast nodes	2024-03-05 19:59:43 +01:00
Alvaro Muñoz	6875640c64	Refactor getXXXExpr methods	2024-03-04 10:33:26 +01:00
Alvaro Muñoz	1c2f19f4e1	Merge Actions.qll and Ast.qll	2024-03-01 16:06:06 +01:00
Alvaro Muñoz	bcf3081259	Refactor Input/Outpts	2024-03-01 11:17:23 +01:00
Alvaro Muñoz	0eabdd9507	Rename classes	2024-03-01 09:44:33 +01:00
Alvaro Muñoz	6b11506abb	test: Add tests	2024-02-29 13:23:59 +01:00
Alvaro Muñoz	8a9ec88b36	feat(matrix): Add support for flow through matrix vars	2024-02-28 13:21:29 +01:00
Alvaro Muñoz	8e7e5d03a5	fix(test): Add expected files	2024-02-28 11:15:38 +01:00
Alvaro Muñoz	fe976faf6a	feat(queries): Migrate queries from AdvancedSecurity repo	2024-02-27 15:20:35 +01:00
Alvaro Muñoz	98f3a1e7bf	fix(env): Improve env access support	2024-02-26 10:43:55 +01:00
Alvaro Muñoz	f513a19c24	fix: restrict EnvCtxAccessExpr to Env decarlations on the same file	2024-02-23 11:53:47 +01:00
Alvaro Muñoz	ecefb7ffb5	feat(untrusted checkout query): Add new query and tests	2024-02-22 13:12:37 +01:00
Alvaro Muñoz	d0b904a590	Fix QLpack names	2024-02-21 21:57:45 +01:00
Alvaro Muñoz	7a1369d9d0	Merge pull request #19 from GitHubSecurityLab/steps	2024-02-21 18:38:44 +01:00
Jorge	9e2be7d674	Apply suggestions from code review Co-authored-by: Alvaro Muñoz <pwntester@github.com>	2024-02-21 17:27:39 +01:00
Alvaro Muñoz	3d5567d698	Update ql/lib/codeql/actions/Ast.qll Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>	2024-02-21 16:50:44 +01:00
Alvaro Muñoz	a28f8e90f0	Update ql/lib/ext/tj-actions_branch-names.model.yml	2024-02-21 16:50:33 +01:00
Jorge	3ca7adab4f	Merge branch 'master' into steps	2024-02-21 15:31:42 +01:00
jorgectf	e1d6c7dac4	Add some steps	2024-02-21 15:29:27 +01:00
Alvaro Muñoz	a2b0a01298	fix: fix merge conflict	2024-02-21 10:57:51 +01:00
Alvaro Muñoz	ea29a09fd7	feat(triggers): New query for critical issues Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.	2024-02-21 10:56:17 +01:00
Alvaro Muñoz	3aa4f7f1af	feat(triggers): Add getEnclosingWorkflowStmt to Statement class	2024-02-21 10:56:17 +01:00
Alvaro Muñoz	3814462266	feat(triggers): New query for critical issues Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.	2024-02-21 10:23:37 +01:00

1 2

91 Commits