Jorge
9e2be7d674
Apply suggestions from code review
...
Co-authored-by: Alvaro Muñoz <pwntester@github.com >
2024-02-21 17:27:39 +01:00
Jorge
3ca7adab4f
Merge branch 'master' into steps
2024-02-21 15:31:42 +01:00
jorgectf
e1d6c7dac4
Add some steps
2024-02-21 15:29:27 +01:00
Alvaro Muñoz
4b9cec79dc
Merge pull request #17 from GitHubSecurityLab/reusable_workflow_models
...
feat(reusable-workflow-models): Reusable workflow MaD
2024-02-21 10:20:40 +01:00
Alvaro Muñoz
c84e64e76c
Merge pull request #16 from GitHubSecurityLab/model-gen-queries
...
feat(model-generation): Add more model generation queries
2024-02-20 12:05:12 +01:00
Alvaro Muñoz
010d7df71d
feat(reusable-workflow-models): Reusable workflow MaD
...
Add support to define sources/sinks/summaries for Reusable Workflows as
MaD entries.
2024-02-20 11:58:54 +01:00
Alvaro Muñoz
1d582a4c4d
feat(model-generation): Add more model generation queries
...
Add new queries for finding reusable workflows that behave as summaries, sources or sinks.
Add new query for finding composite actions that behave as sinks.
Add `github.event.inputs` context to the regular expression matching input var accesses.
2024-02-20 10:50:02 +01:00
jorgectf
334fda18ba
Fix copy workflow
2024-02-16 16:39:40 +01:00
Jorge
5cb9c21e05
Fetch before push
2024-02-16 16:06:05 +01:00
Alvaro Muñoz
55ff6ff8ee
Merge pull request #15 from GitHubSecurityLab/copy-workflow
...
Add copy workflow
2024-02-16 16:05:08 +01:00
Alvaro Muñoz
7c3503e6c7
fix: remove debug leftovers
2024-02-16 16:03:38 +01:00
Jorge
4e44444d5a
Add copy workflow
2024-02-16 16:03:01 +01:00
Alvaro Muñoz
43a55e80a9
feat(model-generator): New qls for modelling composite actions
2024-02-16 16:02:10 +01:00
Alvaro Muñoz
8ae1e26d5d
fix(action): qls reference
2024-02-16 15:49:29 +01:00
Alvaro Muñoz
76f245b337
feat(actions): use published actions packs
2024-02-16 15:34:20 +01:00
Alvaro Muñoz
8e59fb7558
fix(actions): ql pack installation
2024-02-16 14:47:34 +01:00
Alvaro Muñoz
003b8cc8c0
fix(actions): ql pack installation
2024-02-16 14:44:47 +01:00
Alvaro Muñoz
13c5ec07b4
fix(actions): ql pack installation
2024-02-16 14:41:47 +01:00
Alvaro Muñoz
b3bab160d2
fix(actions): ql pack installation
2024-02-16 14:41:21 +01:00
Alvaro Muñoz
41639dd0e2
fix(actions): ql pack installation
2024-02-16 14:37:43 +01:00
Alvaro Muñoz
b11d8dad49
fix(actions): ql pack installation
2024-02-16 14:31:07 +01:00
Alvaro Muñoz
04a2ae9ad3
fix(actions): ql pack installation
2024-02-16 14:29:03 +01:00
Alvaro Muñoz
a94793fc09
fix(actions): pass the qlpack dirs
2024-02-16 14:14:53 +01:00
Alvaro Muñoz
e9f3006204
fix(actions): pass the qlpack dirs
2024-02-16 14:10:52 +01:00
Alvaro Muñoz
c58c4e0d54
feat(actions): refactor as composite action to be able to pass env vars
2024-02-16 14:06:46 +01:00
Alvaro Muñoz
e2699c31f8
feat(action): clone and install local packs
2024-02-16 13:56:58 +01:00
Alvaro Muñoz
959a974c8b
feat(action): clone pack (not use the registry)
2024-02-16 13:32:05 +01:00
Alvaro Muñoz
5d1264d3a4
feat(action): update references to qlpacks
2024-02-16 12:56:06 +01:00
Alvaro Muñoz
cf4ab41df2
feat(action): rename qlpacks to use githubsecuritylab prefix
2024-02-16 12:32:48 +01:00
Alvaro Muñoz
0105d63a44
Add Action to scan repos
2024-02-16 12:25:23 +01:00
Alvaro Muñoz
f5c6905a50
Merge pull request #13 from GitHubSecurityLab/github_ctx
...
Improve regexs
2024-02-15 12:03:33 +01:00
Alvaro Muñoz
499c3e7ac3
Improve regexs
2024-02-15 12:03:06 +01:00
Alvaro Muñoz
65b226d36e
Merge pull request #12 from GitHubSecurityLab/ctx_expressions
...
feat(bash-step): Improve bash step accuracy
2024-02-15 11:52:18 +01:00
Alvaro Muñoz
1cd32195a7
feat(bash-step): Improve bash step accuracy
...
Only pass the taint when the env var is directlty set as the step output
2024-02-15 11:51:28 +01:00
Alvaro Muñoz
0f73080a7b
Merge pull request #11 from GitHubSecurityLab/fix_composite_actions
...
feat(composite-actions): Fix summary and source queries for composite actions analysis
2024-02-14 18:11:12 +01:00
Alvaro Muñoz
3c12e43d3f
feat(composite-actions): Fix summary and source queries for composite actions analysis
2024-02-14 18:09:12 +01:00
Alvaro Muñoz
700882730c
Merge pull request #10 from GitHubSecurityLab/job_outputs
...
feat(field-flow): Refactor flow through job outputs
2024-02-14 17:14:09 +01:00
Alvaro Muñoz
f65587e5cf
feat(fieldflow): Refactor flow through Job outputs
...
Job output should flow to the “key” (YamlString) and be read from there
from the JobOutputAccessExpr.
- NeedsCtxAccessExpr.getRefExpr should point to the UsesExpr(RW calling Job)
or to the OutputsStmt(Regular Job).
- JobsCtxAccessExpr.getRefExpr should point to the OutputsStmt(Regular Job).
- Create storeStep from OutputExpr to OutputStmt using output var name
as the field name.
- Create a readStep for CtxAccessExpr to read the referenced fields from
the job outputs.
2024-02-14 17:08:13 +01:00
Alvaro Muñoz
90d1ae4a05
fix: simplify Ast
2024-02-14 14:06:28 +01:00
Alvaro Muñoz
494fb2470e
fix: refactor local, read and store steps
2024-02-14 14:05:13 +01:00
Alvaro Muñoz
ebaac5f5cb
fix: enforce input,output,env prefixes in MaD
2024-02-14 14:03:11 +01:00
Alvaro Muñoz
7139d3b6d2
Merge pull request #8 from GitHubSecurityLab/changed-files-sources
...
Add some changed-files sources
2024-02-14 10:56:20 +01:00
Alvaro Muñoz
2b3b3732b9
resolve conflicts
2024-02-14 10:55:31 +01:00
Alvaro Muñoz
6b83afebaa
Merge pull request #9 from GitHubSecurityLab/content_set
...
feat(field-flow): enhance dataflow tracking
2024-02-14 10:49:11 +01:00
Alvaro Muñoz
e6b4676f90
feat(field-flow): enhance dataflow tracking
...
implement field flow to reduce false positives
2024-02-14 10:47:00 +01:00
jorgectf
29b3d6c9ef
Prefix sources with output.
2024-02-13 15:00:53 +01:00
jorgectf
6627a858e3
Suffix with .model
2024-02-13 13:24:25 +01:00
jorgectf
fa91837f63
Trim yaml
2024-02-13 13:22:18 +01:00
jorgectf
68901e252c
Add some changed-files sources
2024-02-13 13:18:52 +01:00
Alvaro Muñoz
32b1d77b4a
Merge pull request #7 from GitHubSecurityLab/input_output_nodes
...
Better handling of input and output expressions
2024-02-13 11:52:10 +01:00
