codeql

mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	b3bab160d2	fix(actions): ql pack installation	2024-02-16 14:41:21 +01:00
Alvaro Muñoz	41639dd0e2	fix(actions): ql pack installation	2024-02-16 14:37:43 +01:00
Alvaro Muñoz	b11d8dad49	fix(actions): ql pack installation	2024-02-16 14:31:07 +01:00
Alvaro Muñoz	04a2ae9ad3	fix(actions): ql pack installation	2024-02-16 14:29:03 +01:00
Alvaro Muñoz	a94793fc09	fix(actions): pass the qlpack dirs	2024-02-16 14:14:53 +01:00
Alvaro Muñoz	e9f3006204	fix(actions): pass the qlpack dirs	2024-02-16 14:10:52 +01:00
Alvaro Muñoz	c58c4e0d54	feat(actions): refactor as composite action to be able to pass env vars	2024-02-16 14:06:46 +01:00
Alvaro Muñoz	e2699c31f8	feat(action): clone and install local packs	2024-02-16 13:56:58 +01:00
Alvaro Muñoz	959a974c8b	feat(action): clone pack (not use the registry)	2024-02-16 13:32:05 +01:00
Alvaro Muñoz	5d1264d3a4	feat(action): update references to qlpacks	2024-02-16 12:56:06 +01:00
Alvaro Muñoz	cf4ab41df2	feat(action): rename qlpacks to use githubsecuritylab prefix	2024-02-16 12:32:48 +01:00
Alvaro Muñoz	0105d63a44	Add Action to scan repos	2024-02-16 12:25:23 +01:00
Alvaro Muñoz	f5c6905a50	Merge pull request #13 from GitHubSecurityLab/github_ctx Improve regexs	2024-02-15 12:03:33 +01:00
Alvaro Muñoz	499c3e7ac3	Improve regexs	2024-02-15 12:03:06 +01:00
Alvaro Muñoz	65b226d36e	Merge pull request #12 from GitHubSecurityLab/ctx_expressions feat(bash-step): Improve bash step accuracy	2024-02-15 11:52:18 +01:00
Alvaro Muñoz	1cd32195a7	feat(bash-step): Improve bash step accuracy Only pass the taint when the env var is directlty set as the step output	2024-02-15 11:51:28 +01:00
Alvaro Muñoz	0f73080a7b	Merge pull request #11 from GitHubSecurityLab/fix_composite_actions feat(composite-actions): Fix summary and source queries for composite actions analysis	2024-02-14 18:11:12 +01:00
Alvaro Muñoz	3c12e43d3f	feat(composite-actions): Fix summary and source queries for composite actions analysis	2024-02-14 18:09:12 +01:00
Alvaro Muñoz	700882730c	Merge pull request #10 from GitHubSecurityLab/job_outputs feat(field-flow): Refactor flow through job outputs	2024-02-14 17:14:09 +01:00
Alvaro Muñoz	f65587e5cf	feat(fieldflow): Refactor flow through Job outputs Job output should flow to the “key” (YamlString) and be read from there from the JobOutputAccessExpr. - NeedsCtxAccessExpr.getRefExpr should point to the UsesExpr(RW calling Job) or to the OutputsStmt(Regular Job). - JobsCtxAccessExpr.getRefExpr should point to the OutputsStmt(Regular Job). - Create storeStep from OutputExpr to OutputStmt using output var name as the field name. - Create a readStep for CtxAccessExpr to read the referenced fields from the job outputs.	2024-02-14 17:08:13 +01:00
Alvaro Muñoz	90d1ae4a05	fix: simplify Ast	2024-02-14 14:06:28 +01:00
Alvaro Muñoz	494fb2470e	fix: refactor local, read and store steps	2024-02-14 14:05:13 +01:00
Alvaro Muñoz	ebaac5f5cb	fix: enforce input,output,env prefixes in MaD	2024-02-14 14:03:11 +01:00
Alvaro Muñoz	7139d3b6d2	Merge pull request #8 from GitHubSecurityLab/changed-files-sources Add some changed-files sources	2024-02-14 10:56:20 +01:00
Alvaro Muñoz	2b3b3732b9	resolve conflicts	2024-02-14 10:55:31 +01:00
Alvaro Muñoz	6b83afebaa	Merge pull request #9 from GitHubSecurityLab/content_set feat(field-flow): enhance dataflow tracking	2024-02-14 10:49:11 +01:00
Alvaro Muñoz	e6b4676f90	feat(field-flow): enhance dataflow tracking implement field flow to reduce false positives	2024-02-14 10:47:00 +01:00
jorgectf	29b3d6c9ef	Prefix sources with `output.`	2024-02-13 15:00:53 +01:00
jorgectf	6627a858e3	Suffix with `.model`	2024-02-13 13:24:25 +01:00
jorgectf	fa91837f63	Trim yaml	2024-02-13 13:22:18 +01:00
jorgectf	68901e252c	Add some changed-files sources	2024-02-13 13:18:52 +01:00
Alvaro Muñoz	32b1d77b4a	Merge pull request #7 from GitHubSecurityLab/input_output_nodes Better handling of input and output expressions	2024-02-13 11:52:10 +01:00
Alvaro Muñoz	271c512f4d	better identification of Composite Actions input and output nodes	2024-02-13 11:40:22 +01:00
Alvaro Muñoz	cc3f2eed68	add characteristic predicates to InputExpr and OutputExpr	2024-02-13 11:24:16 +01:00
Alvaro Muñoz	3c5358c381	Merge pull request #6 from GitHubSecurityLab/composite_actions feat: support for composite action's analysis	2024-02-12 22:57:31 +01:00
Alvaro Muñoz	e9707af38d	feat: support for composite action's analysis	2024-02-12 22:55:58 +01:00
Alvaro Muñoz	9030cb3df4	Merge pull request #5 from GitHubSecurityLab/env_context Implement support for env context	2024-02-12 15:48:37 +01:00
Alvaro Muñoz	99358c62e2	Extend CFG to reach env expressions	2024-02-12 15:47:27 +01:00
Alvaro Muñoz	70d1741177	Merge pull request #4 from GitHubSecurityLab/improve_mad Refactor MaD semantics	2024-02-12 15:46:50 +01:00
Alvaro Muñoz	4b57cee300	Initial implementaion of env context support	2024-02-12 15:14:47 +01:00
Alvaro Muñoz	4f0b66ea03	Refactor MaD semantics	2024-02-12 13:47:44 +01:00
Alvaro Muñoz	f2fc411d6b	Merge pull request #3 from GitHubSecurityLab/extensible_predicates Add support for external definitions	2024-02-09 22:59:23 +01:00
Alvaro Muñoz	2eaca7e826	Add support for external definitions	2024-02-09 22:55:10 +01:00
Alvaro Muñoz	e9c1114f98	Merge pull request #2 from GitHubSecurityLab/refactor_cfgscope Refactor CfgScopes and Ast predicate names	2024-02-09 13:48:29 +01:00
Alvaro Muñoz	b54316fc9a	Refactor CfgScopes and Ast predicate names	2024-02-09 13:35:47 +01:00
Alvaro Muñoz	9c6fd20e5e	Move reusable tests to src pack	2024-02-09 12:29:48 +01:00
Alvaro Muñoz	96e41bb043	Merge pull request #1 from GitHubSecurityLab/reusable_workflows Add support for Reusable workflows	2024-02-09 12:28:17 +01:00
Alvaro Muñoz	3152ed71ba	dataflow through reusable workflows	2024-02-09 11:57:47 +01:00
Alvaro Muñoz	9659098ab6	Support for Reusable workflows	2024-02-08 15:40:06 +01:00
Alvaro Muñoz	db413361f7	Add Reusable Workflow test	2024-02-08 15:11:39 +01:00

1 2

62 Commits