hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
134 Commits 1,741 Branches 165 Tags
9ca1ac5bb9283d413eefc3bbb686949f69d90a4c
Commit Graph

134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
9ca1ac5bb9 Fix expression regexp 2024-03-14 12:58:02 +01:00
Alvaro Muñoz
3150f24d3f Update tests and fix regexp 2024-03-14 12:21:16 +01:00
Alvaro Muñoz
03277cc24b Add test for self-referencing jobs 2024-03-14 11:58:44 +01:00
Alvaro Muñoz
8e2c1a4f4e Expose predicates to check local flow 2024-03-14 11:58:07 +01:00
Alvaro Muñoz
3e2dffce8b Rename ContextExpression to SimpleReferenceExpression 2024-03-14 11:57:43 +01:00
Alvaro Muñoz
e726f9fff1 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:24:32 +01:00
Alvaro Muñoz
aa37339deb Apply suggestions from code review 2024-03-14 09:22:40 +01:00
Alvaro Muñoz
fe1bf58ae5 Apply suggestions from code review 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 09:22:05 +01:00
Alvaro Muñoz
872b1f88f0 More regexp improvements 2024-03-13 22:47:19 +01:00
Alvaro Muñoz
0e50204672 More regexp improvements 2024-03-13 22:19:55 +01:00
Alvaro Muñoz
87b284e5e6 update 2024-03-13 19:14:57 +01:00
Alvaro Muñoz
839d16cde5 Treat If's values as expression no matter the delimiters 2024-03-13 18:41:17 +01:00
Alvaro Muñoz
1bf2431c99 Improve UntrustedCheckout query 
Account for more events, more triggers and heuristics to detect git checkouts
 2024-03-13 15:41:57 +01:00
Alvaro Muñoz
aa62603899 Merge pull request #29 from GitHubSecurityLab/clean 
fix: clean debug lefovers
 2024-03-13 13:50:11 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Alvaro Muñoz
37331c3d43 Merge pull request #28 from GitHubSecurityLab/new_ast_refactor 
Refactor ast nodes
 2024-03-12 10:17:34 +01:00
Alvaro Muñoz
9b97dbd870 Refactor ast nodes 2024-03-12 10:16:43 +01:00
Alvaro Muñoz
86075c95bd Improve ExpressionNode Location handling 2024-03-07 22:28:54 +01:00
Alvaro Muñoz
4f7cce9c11 Merge pull request #27 from GitHubSecurityLab/refactor_astnode 
Add Expression nodes and locations
 2024-03-07 15:36:54 +01:00
Alvaro Muñoz
96246f4b74 Add Expression nodes and their corresponding locations 2024-03-07 15:35:47 +01:00
Alvaro Muñoz
e5527d7a18 Refactor ast nodes 2024-03-05 19:59:43 +01:00
Alvaro Muñoz
b3cecfc7e8 Merge pull request #26 from GitHubSecurityLab/refactor_ast 
Refactor AST layer
 2024-03-04 17:39:56 +01:00
Alvaro Muñoz
c8e89797eb remove test db 2024-03-04 15:43:38 +01:00
Alvaro Muñoz
6875640c64 Refactor getXXXExpr methods 2024-03-04 10:33:26 +01:00
Alvaro Muñoz
1c2f19f4e1 Merge Actions.qll and Ast.qll 2024-03-01 16:06:06 +01:00
Alvaro Muñoz
bcf3081259 Refactor Input/Outpts 2024-03-01 11:17:23 +01:00
Alvaro Muñoz
0eabdd9507 Rename classes 2024-03-01 09:44:33 +01:00
Alvaro Muñoz
e979f51956 Merge pull request #25 from GitHubSecurityLab/add_tests 
test: Add tests
 2024-02-29 13:47:57 +01:00
Alvaro Muñoz
6b11506abb test: Add tests 2024-02-29 13:23:59 +01:00
Alvaro Muñoz
cbe43bf72b Merge pull request #24 from GitHubSecurityLab/matrix_ctx 
matrix ctx
 2024-02-29 12:08:20 +01:00
Alvaro Muñoz
5b40d98849 Update test db build script 2024-02-28 14:36:21 +01:00
Alvaro Muñoz
8a9ec88b36 feat(matrix): Add support for flow through matrix vars 2024-02-28 13:21:29 +01:00
Alvaro Muñoz
447b65e7a9 Add script to build full DBs (testproj ones remove source code origin) 2024-02-28 12:37:41 +01:00
Alvaro Muñoz
8e7e5d03a5 fix(test): Add expected files 2024-02-28 11:15:38 +01:00
Mathew Payne
409d35ba1f Merge pull request #23 from GitHubSecurityLab/IAC_queries 
feat(queries): Migrate queries from AdvancedSecurity repo
 2024-02-27 20:11:12 +00:00
Alvaro Muñoz
fe976faf6a feat(queries): Migrate queries from AdvancedSecurity repo 2024-02-27 15:20:35 +01:00
Alvaro Muñoz
c29f3a7779 Merge pull request #21 from GitHubSecurityLab/refactor_env_access 
refactor env access
 2024-02-26 13:02:33 +01:00
Alvaro Muñoz
98f3a1e7bf fix(env): Improve env access support 2024-02-26 10:43:55 +01:00
Alvaro Muñoz
645177cc80 Account for github.event.label check as a sanitizer for untrusted checkout 2024-02-26 09:39:42 +01:00
Alvaro Muñoz
1458434504 Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-02-23 11:54:41 +01:00
Alvaro Muñoz
f513a19c24 fix: restrict EnvCtxAccessExpr to Env decarlations on the same file 2024-02-23 11:53:47 +01:00
Alvaro Muñoz
f5355e722d Merge pull request #20 from GitHubSecurityLab/untrusted_checkout 2024-02-22 15:52:08 +01:00
Alvaro Muñoz
68f15f2b85 rename query id 2024-02-22 13:14:53 +01:00
Alvaro Muñoz
ecefb7ffb5 feat(untrusted checkout query): Add new query and tests 2024-02-22 13:12:37 +01:00
Alvaro Muñoz
d0b904a590 Fix QLpack names 2024-02-21 21:57:45 +01:00
Alvaro Muñoz
7a1369d9d0 Merge pull request #19 from GitHubSecurityLab/steps 2024-02-21 18:38:44 +01:00
Jorge
9e2be7d674 Apply suggestions from code review 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2024-02-21 17:27:39 +01:00
Alvaro Muñoz
d6f6e1fc0b Merge pull request #18 from GitHubSecurityLab/triggers 
feat(triggers): New query and support for trigger-based severity decisions
 2024-02-21 16:51:16 +01:00
Alvaro Muñoz
3d5567d698 Update ql/lib/codeql/actions/Ast.qll 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-02-21 16:50:44 +01:00
Alvaro Muñoz
a28f8e90f0 Update ql/lib/ext/tj-actions_branch-names.model.yml 2024-02-21 16:50:33 +01:00