708 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Alvaro Muñoz	99e92af034	Update tests	2024-10-11 12:20:57 +02:00
Alvaro Muñoz	1e749ae6d5	Add new poisonable step	2024-10-11 12:20:39 +02:00
Alvaro Muñoz	ee25f35653	Refactor of Bash functions	2024-10-11 12:20:26 +02:00
Alvaro Muñoz	d558ff80c3	New Command sources for git and GITHUB_EVENT_PATH	2024-10-11 12:20:03 +02:00
Alvaro Muñoz	d4a24dfdd1	Refactor FlowSteps	2024-10-11 12:19:22 +02:00
Alvaro Muñoz	6a99845ecf	Remove old code to handle redirections to GITHUB_ENV ... Redirections to GITHUB_ENV are better handled now by the Bash module ----	2024-10-10 22:22:56 +02:00
Alvaro Muñoz	b7aba1f081	Bump qlpack versions	2024-10-04 18:05:58 +02:00
Alvaro Muñoz	742602d794	Merge pull request #101 from github/control_checks/toctou_split ... Improve control checks to better account for toctou issues	2024-10-04 18:04:33 +02:00
Alvaro Muñoz	860eda9c04	Improve control checks to better account for toctou issues	2024-10-04 18:04:13 +02:00
Alvaro Muñoz	a3cf8766ff	Bump qlpack versions	2024-10-03 14:42:23 +02:00
Alvaro Muñoz	c90690d338	Merge pull request #100 from github/arginj_exp ... Make Argument Injection queries experimental	2024-10-03 14:41:38 +02:00
Alvaro Muñoz	0c9b808fdf	Make Argument Injection queries experimental	2024-10-03 14:41:18 +02:00
Alvaro Muñoz	350b354fb3	remmove leftover comments	2024-10-03 14:17:45 +02:00
Alvaro Muñoz	5494f7f099	Bump qlpack versions	2024-10-03 14:16:37 +02:00
Alvaro Muñoz	a6302913cd	Merge pull request #99 from github/bash_parser ... Improve Bash script parser	2024-10-03 14:13:53 +02:00
Alvaro Muñoz	7d2cbc1f50	Improve Bash script parser	2024-10-03 14:13:27 +02:00
Alvaro Muñoz	68da482352	Bump qlpack versions	2024-10-02 12:36:49 +02:00
Alvaro Muñoz	cd1827e3c9	Merge pull request #98 from github/improve_arginj ... improve arginj	2024-10-02 12:36:06 +02:00
Alvaro Muñoz	531f3d40c0	Add tests for new bash parser	2024-10-02 12:35:09 +02:00
Alvaro Muñoz	6b98a5b5b1	Update tests	2024-10-02 12:34:27 +02:00
Alvaro Muñoz	8052696836	Add new Poisonable step for bun	2024-10-02 12:34:10 +02:00
Alvaro Muñoz	c58246363e	Add new Argument Injection sinks	2024-10-02 12:34:01 +02:00
Alvaro Muñoz	a5075e5216	Change queries to use the new bash parser	2024-10-02 12:33:42 +02:00
Alvaro Muñoz	2727bf5e2f	Add improved Bash script parser	2024-10-02 12:33:05 +02:00
Alvaro Muñoz	4b74adec4b	Account for branches filter as a way to prevent workflow_run to trigger on PRs from forks	2024-10-02 12:31:59 +02:00
Alvaro Muñoz	ef37e3c594	Bump qlpack versions	2024-10-01 14:22:08 +02:00
Alvaro Muñoz	853fdf0d35	Merge pull request #97 from github/rasmuswl/avoid-duplicate-code-injection-alerts ... Suppress `actions/cache-poisoning/code-injection` alerts covered by `actions/code-injection/critical`	2024-10-01 11:47:41 +02:00
Alvaro Muñoz	4274673628	Merge pull request #95 from github/rasmuswl/fix-qhelp-file	2024-10-01 10:10:27 +02:00
Rasmus Wriedt Larsen	726392c8b7	Suppress actions/cache-poisoning/code-injection alerts covered by actions/code-injection/critical	2024-10-01 09:48:16 +02:00
Alvaro Muñoz	c7fde2a40d	Bump qlpack versions	2024-09-30 15:35:00 +02:00
Alvaro Muñoz	7e89c04e61	Merge pull request #96 from github/fix/repo_control_check ... fix: Repository checks do not protect workflow_run triggered jobs	2024-09-30 15:28:07 +02:00
Alvaro Muñoz	e0a2eb93d6	fix: Repository checks do not protect workflow_run triggered jobs	2024-09-30 15:27:15 +02:00
Rasmus Wriedt Larsen	c10d5a113e	Rename help-file to match .ql file ... Reported by running ``` codeql generate query-help --format sarifv2.1.0 --output help.sairf ql/src/codeql-suites/actions-code-scanning.qls ```	2024-09-30 15:13:32 +02:00
Alvaro Muñoz	4edfdb4101	Bump qlpack versions	2024-09-28 23:59:23 +02:00
Alvaro Muñoz	fce300ee92	Merge pull request #94 from github/fix/sanitizer_scalar_value ... Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue)	2024-09-28 23:58:47 +02:00
Alvaro Muñoz	f2c5a14883	Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue)	2024-09-28 23:57:32 +02:00
Alvaro Muñoz	1b3b47bb1e	Bump qlpack versions	2024-09-27 21:39:51 +02:00
Alvaro Muñoz	05d4b3c9f4	Merge pull request #93 from github/ppe_from_rfs ... Add remote flow sources as a mutable ref source for untrusted checkouts	2024-09-27 21:39:16 +02:00
Alvaro Muñoz	4fffde2fc5	Add remote flow sources as a mutable ref source for untrusted checkouts	2024-09-27 21:38:38 +02:00
Alvaro Muñoz	294ebe56c6	Merge branch 'master' of https://github.com/github/codeql-actions	2024-09-27 18:33:55 +02:00
Alvaro Muñoz	1a5a3044c2	Bump qlpack versions	2024-09-27 18:25:31 +02:00
Alvaro Muñoz	2e6f004bda	Merge pull request #92 from github/fix/direct_cache_poison ... Improve path checks for Artifact and Cache poisoning queries	2024-09-27 18:25:00 +02:00
Alvaro Muñoz	9d26a8da26	Improve path checks for Artifact and Cache poisoning queries	2024-09-27 18:22:35 +02:00
Alvaro Muñoz	65d09b3a4b	Merge pull request #91 from github/fix/artpoison ... Improve artifact poisoning query	2024-09-27 12:45:59 +02:00
Alvaro Muñoz	86c1d9c30f	Improve artifact poisoning query ... Better check of download path Add downloading to /tmp as a sanitizer	2024-09-27 12:35:10 +02:00
Alvaro Muñoz	26f829eff4	Bump qlpack versions	2024-09-27 10:29:47 +02:00
Alvaro Muñoz	27752c7590	Merge pull request #90 from github/regexp_actions ... Add new sources and summary steps	2024-09-27 10:29:06 +02:00
Alvaro Muñoz	010ad359d7	Add new sources and summary steps	2024-09-27 10:28:44 +02:00
Alvaro Muñoz	71960b3ddd	Bump qlpack versions	2024-09-25 18:22:46 +02:00
Alvaro Muñoz	62162a5771	Merge pull request #89 from github/change_sources ... Add new sources for github.event.changes	2024-09-25 18:22:14 +02:00