hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
342 Commits 1,679 Branches 158 Tags
ca59423c8a47ba15afebfa5213a9566bdf962de3
Commit Graph

342 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
ca59423c8a Bump qlpack versions 2024-05-14 15:32:40 +02:00
Alvaro Muñoz
ff2cfa568d Merge pull request #31 from github/branch_deploy_head_source 
Treat branch-deploy action as a source of HEAD ref for untrusted checkouts
 2024-05-14 15:30:11 +02:00
Alvaro Muñoz
a0939bb0a3 Bump qlpack versions 2024-05-14 15:29:45 +02:00
Alvaro Muñoz
0473c3824f Treat branch-deploy action as a source of HEAD ref for untrusted checkouts 2024-05-14 11:38:39 +02:00
Alvaro Muñoz
54d103ffe4 Merge pull request #28 from github/feat/matrix_expressions 
Resolve Matrix expression to their possible values
 2024-05-13 16:25:52 +02:00
Alvaro Muñoz
cee0389d6e Update SelfHostedQuery.qll 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-05-13 15:33:28 +02:00
Alvaro Muñoz
a1efc78ac7 Refactor regexps 2024-05-13 13:47:01 +02:00
Alvaro Muñoz
9ee9314cb9 Resolve conflicts after rebasing 2024-05-13 10:37:42 +02:00
Alvaro Muñoz
9310150fb0 Resolve conflict 2024-05-13 09:20:45 +02:00
Alvaro Muñoz
b2d7c823b3 Merge pull request #25 from github/support_trigger_events 
New `On` and `Event` classes
 2024-05-13 09:18:53 +02:00
Alvaro Muñoz
510cefecbe Remove debug left-overs 2024-05-10 14:59:12 +02:00
Alvaro Muñoz
e0d147f39a Add On and Event AST nodes 
Capture information about trigger events on the new On and Event classes
 2024-05-10 14:13:44 +02:00
Alvaro Muñoz
8590a0ba8f Refactor runOnDefaultBranch 2024-05-10 14:12:54 +02:00
Alvaro Muñoz
4d61204404 New tests 2024-05-10 14:12:25 +02:00
Alvaro Muñoz
a30c2aa5de Update PoisonableSteps 2024-05-09 23:32:21 +02:00
Alvaro Muñoz
3b684d8c94 Merge pull request #19 from github/cache_poisoning_actions 
Fix error in select
 2024-05-08 22:44:57 +02:00
Alvaro Muñoz
eb4eb4e931 Merge branch 'master' into cache_poisoning_actions 2024-05-08 22:43:22 +02:00
Alvaro Muñoz
d6fb0ae84e Update tests 2024-05-08 22:41:05 +02:00
Alvaro Muñoz
ad45d319c5 Resolve conflict 2024-05-08 22:37:22 +02:00
Alvaro Muñoz
1ea0312f36 Bump qlpack versions 2024-05-08 22:35:25 +02:00
Alvaro Muñoz
d2e9411e12 Update and new tests 2024-05-08 22:35:17 +02:00
Alvaro Muñoz
44377acb08 Improve Cache Poisoning quer 2024-05-08 22:35:06 +02:00
Alvaro Muñoz
2d09d1e6d8 Fix alert text 2024-05-08 22:34:30 +02:00
Alvaro Muñoz
f95a3e5298 Refactor eventtrigger and privileged methods 
Move them from Workflows to Jobs
 2024-05-08 22:34:11 +02:00
Alvaro Muñoz
ddf72a2cf3 Add more poisonable steps 2024-05-08 22:32:24 +02:00
Alvaro Muñoz
e8f2bc3ef6 Remove debug method 2024-05-08 22:32:11 +02:00
Alvaro Muñoz
409a6aa137 Update ql/src/Security/CWE-349/CachePoisoning.ql 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-05-08 18:48:16 +02:00
Alvaro Muñoz
fafb44d4f6 Add CachePoisoning by Code Injection query 2024-05-08 15:20:48 +02:00
Alvaro Muñoz
b965a55339 Fix error in select 
Casting to CachingWritingStep in the select clause was shadowing all the Poisonable result
 2024-05-08 15:04:48 +02:00
Alvaro Muñoz
c39e802c17 Fix sources for tj-actions/verify-changed-files 2024-05-08 13:56:49 +02:00
Alvaro Muñoz
1df74e29c1 Merge branch 'master' of https://github.com/github/codeql-actions 2024-05-08 09:44:58 +02:00
Alvaro Muñoz
d3bb6668f6 Missing getMajorVersion predicate 2024-05-08 09:44:48 +02:00
Alvaro Muñoz
6a87192f64 Account for insecure action versions 2024-05-08 09:43:32 +02:00
Alvaro Muñoz
de74b88866 Update 2024-05-08 09:43:32 +02:00
Alvaro Muñoz
778c6ad923 Fix tj-actions/changed-files sources 2024-05-08 09:43:32 +02:00
Jorge
2a84b9cbfb Merge pull request #8 from github/jorgectf-patch-1 
Copy master branch only
 2024-05-07 09:49:56 +02:00
Jorge
5d6a3c4900 Copy master branch only 2024-05-07 09:45:12 +02:00
Alvaro Muñoz
b7960776cc Merge pull request #7 from github/fix_dorny_paths_filter_source 
Fix incorrect source for dorny path filters
 2024-05-07 09:45:04 +02:00
Alvaro Muñoz
b22e305699 Fix untrusted checkout tests 2024-05-06 23:32:42 +02:00
Alvaro Muñoz
ddf4bb194e Fix incorrect source for dorny path filters 2024-05-06 23:32:06 +02:00
Alvaro Muñoz
1ddfbb05f3 Update actions fragment 2024-05-06 22:19:02 +02:00
Alvaro Muñoz
0ea34dfb52 Update action.yml 2024-05-06 22:11:43 +02:00
Alvaro Muñoz
c3c6410a73 Update action.yml 2024-05-06 20:01:48 +02:00
Alvaro Muñoz
254664d274 Bump qlpack versions 2024-05-06 18:39:15 +02:00
Alvaro Muñoz
c14d069ad6 Merge pull request #5 from github/cache_poisoning 
Add Cache Poisoning Query
 2024-05-06 18:37:52 +02:00
Alvaro Muñoz
2980139283 Merge pull request #6 from github/untrusted_checkout_improvments 
untrusted checkout improvments
 2024-05-06 18:37:13 +02:00
Alvaro Muñoz
373e0a278a Rename untrusted checkout queries 2024-05-06 18:36:46 +02:00
Alvaro Muñoz
f6b1daa59c Improve query 2024-05-06 18:26:58 +02:00
Alvaro Muñoz
2359e2de90 Clean query 2024-05-06 17:24:43 +02:00
Alvaro Muñoz
9417e1d164 Classify checkout steps 2024-05-06 17:13:00 +02:00