hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
594 Commits 1,741 Branches 166 Tags
b2f6ef246c0ae603ca9eff909dec2b014d9764ef
Commit Graph

594 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
b2f6ef246c Merge pull request #78 from github/rasmuswl/syntax-error-query 2024-09-06 15:48:35 +02:00
Rasmus Wriedt Larsen
2f68e6f26e Add missing test file 2024-09-06 14:53:46 +02:00
Rasmus Wriedt Larsen
4820626f29 Add SyntaxError query 
This can be used by autofix, but might also be nice to help find YAML syntax errors 🤷
 2024-09-06 14:04:46 +02:00
Alvaro Muñoz
ac7b7b7162 Bump qlpack versions 2024-09-06 10:50:58 +02:00
Alvaro Muñoz
4f57aade35 Improve accuracy of actions/download-artifact as a source 
If upload is on the same workflow, it needs to be triggered by a priv
workflow
 2024-09-06 10:49:27 +02:00
Alvaro Muñoz
0cabcf8ec7 Merge pull request #76 from github/pwntester-patch-1 
Update ArgumentInjectionCritical.md
 2024-08-23 17:40:48 +02:00
Alvaro Muñoz
293dd1a32b Update ArgumentInjectionCritical.md 2024-08-23 17:40:25 +02:00
Alvaro Muñoz
1ca985b415 Update qlpack.yml 2024-08-12 13:09:06 +02:00
Alvaro Muñoz
0baf7e3cef Update qlpack.yml 2024-08-12 13:08:38 +02:00
Jaroslav Lobačevski
90b3c96a38 Merge pull request #74 from github/docs/help_files 
docs/help files
 2024-08-12 11:59:07 +02:00
Jaroslav Lobačevski
d6027267aa fix variable name 2024-08-12 09:31:58 +00:00
Jaroslav Lobačevski
e83841bba9 fixes 2024-08-12 09:29:26 +00:00
Jaroslav Lobačevski
a282818272 grammar 2024-08-10 10:52:06 +00:00
Jaroslav Lobačevski
77ecca9f5e grammar 2024-08-10 10:17:40 +00:00
Jaroslav Lobačevski
cc6badaea6 grammar 2024-08-10 09:54:23 +00:00
Alvaro Muñoz
23754b6d2f Update publish.yml 2024-08-09 17:38:57 +02:00
Alvaro Muñoz
2b8169b000 Update publish.yml 2024-08-09 17:37:52 +02:00
Alvaro Muñoz
d166b7c03a Create publish.yml 2024-08-09 17:34:42 +02:00
Alvaro Muñoz
569e80b678 Fix ImproperAccess query 2024-08-09 17:17:18 +02:00
Alvaro Muñoz
9411fac4d0 New Descriptions 2024-08-09 17:06:06 +02:00
Alvaro Muñoz
d8df3ff6b3 Use ControlCheck.dominates in the ImproperAccessControl query 2024-08-09 17:05:41 +02:00
Alvaro Muñoz
9977f25f0f Move some queries to experimental 2024-08-09 17:05:17 +02:00
Alvaro Muñoz
f4f18f38cc Move Argument injection queries to its own CWE 2024-08-09 17:04:32 +02:00
Alvaro Muñoz
8ebe76668c Bump qlpack versions 2024-08-07 17:24:59 +02:00
Alvaro Muñoz
88f6eff724 Merge pull request #73 from github/fix/control_checks_actor 
fix(controlcheck): Improve checks for actors
 2024-08-07 17:24:27 +02:00
Alvaro Muñoz
1750ebac18 fix(controlcheck): Improve checks for actors 2024-08-07 17:09:50 +02:00
Alvaro Muñoz
b251c661f8 Bump qlpack versions 2024-08-07 13:46:50 +02:00
Alvaro Muñoz
e4559e19d8 Move Output Clobbering to CWE-074 2024-08-07 13:46:27 +02:00
Alvaro Muñoz
ea9bb36ae0 Bump qlpack versions 2024-08-07 13:21:03 +02:00
Alvaro Muñoz
856077233d Merge pull request #72 from github/query/output_clobbering 
feat(queries): Improve Output Clobbering query
 2024-08-07 13:19:54 +02:00
Alvaro Muñoz
473251371b feat(queries): Improve Output Clobbering query 
Add support for clobbering of `set-output` workflow command
 2024-08-07 13:17:36 +02:00
Alvaro Muñoz
c442f1b96b Bump qlpack versions 2024-08-06 23:30:47 +02:00
Alvaro Muñoz
ff41cda8fc Merge pull request #71 from github/query/secret_handling 
feat(query): New queries for incorrect secrets handling
 2024-08-06 23:29:41 +02:00
Alvaro Muñoz
6842babd16 feat(query): New queries for incorrect secrets handling 
ExcessiveSecretsExposure: Reports when all secrets are passed to the
workflow runner since that violates the principle of least privelege.
UnmaskedSecretExposure: Reports when secrets are derived from a JSON
secret since they wont get masked by the workflow runner
 2024-08-06 23:08:52 +02:00
Alvaro Muñoz
9f79e51e89 Bump qlpack versions 2024-08-06 12:46:28 +02:00
Alvaro Muñoz
76210f53c8 Merge pull request #69 from github/improve_cache_poisoning 
Improve Cache Poisoning Query
 2024-08-06 12:45:51 +02:00
Alvaro Muñoz
d18179850d Split Cache Poisoning queries in 3 
Split them into 3 queries depending of how the cache can be poisoned:
- control of cached files
- execution of controlled code
- code injection

Remove `setup-XXX` actions from CacheWriting class since the cached
files are not in the CWD
 2024-08-06 12:04:34 +02:00
Alvaro Muñoz
fbc2e1e7e8 Remove caching actions that cache files outside of the CWD 2024-08-06 10:47:12 +02:00
Alvaro Muñoz
14f1672e74 Fix query message 2024-08-05 23:54:26 +02:00
Alvaro Muñoz
2273aadb4b Improve Cache Poisoning query 
The untrusted files path is compared with the path written to the cache
to check if the cache can really be poisoned
 2024-08-05 23:47:00 +02:00
Alvaro Muñoz
34b48d559b Add expected tests results 2024-08-05 23:45:51 +02:00
Alvaro Muñoz
c5314aeb6c Add new tests 2024-08-05 23:44:27 +02:00
Alvaro Muñoz
397eb2a762 Add getPath() to PRHeadCheckout and CacheWriting classes 
Add getPath() methods to get the path where a checkout step writes the
code and where a Cache write reads the files from.
 2024-08-05 23:44:20 +02:00
Alvaro Muñoz
0990774302 feat(poisonable_steps): Add python -m pip install 2024-08-05 18:53:53 +02:00
Alvaro Muñoz
ffe700c204 Merge pull request #68 from github/cat_env 
feat(bash): Add support for `cat hazelcast/.github/java-config.env >> $GITHUB_ENV`
 2024-08-02 15:49:19 +02:00
Alvaro Muñoz
8cf1a6afa7 feat(bash): Add support for cat hazelcast/.github/java-config.env >> $GITHUB_ENV 2024-08-02 15:48:57 +02:00
Alvaro Muñoz
90efdc7deb Bump qlpack versions 2024-08-02 12:47:16 +02:00
Alvaro Muñoz
4d7c985027 Merge pull request #67 from github/bash_script_parsing 
feat(bash): Improve bash command parsing
 2024-08-02 12:46:04 +02:00
Alvaro Muñoz
41fade5feb feat(bash): Improve bash command parsing 2024-08-02 12:44:43 +02:00
Alvaro Muñoz
c4d70e66e1 Bump qlpack versions 2024-08-01 17:49:13 +02:00