hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
414 Commits 1,673 Branches 157 Tags
e2fb677abb6df7e47cb3f0e2d7f56ea5fabd950f
Commit Graph

414 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
e2fb677abb Remove DS_Store 2024-06-12 09:48:27 +02:00
Alvaro Muñoz
63fd73020c Update lock files 2024-06-12 08:54:01 +02:00
Alvaro Muñoz
df3d6131a8 Update lock files 2024-06-12 08:50:49 +02:00
Alvaro Muñoz
ad1f35c86a Move from yaml to js extractor 2024-06-11 21:24:22 +02:00
Alvaro Muñoz
92cd50393b Bump qlpack versions 2024-06-07 10:06:46 +02:00
Alvaro Muñoz
3f0f75a7c5 Make CachePoisoning queries high severity 2024-06-07 10:05:39 +02:00
Alvaro Muñoz
c45d4d37aa Bump qlpack versions 2024-06-06 17:34:42 +02:00
Alvaro Muñoz
49a2fd82b1 Bump qlpack versions 2024-06-06 17:32:11 +02:00
Alvaro Muñoz
dea36402a6 Merge branch 'master' of https://github.com/github/codeql-actions 2024-06-06 17:30:49 +02:00
Alvaro Muñoz
d13a937a5d Update Cache Poisoning 2024-06-06 17:30:43 +02:00
Alvaro Muñoz
ba4dd2b0ed Update to latest dataflow shared library 2024-06-06 17:23:40 +02:00
Alvaro Muñoz
d344d9b97a Update to latest dataflow shared library 2024-06-06 17:23:10 +02:00
Alvaro Muñoz
2c96127425 Improve event context sources + test 2024-06-05 16:34:52 +02:00
Alvaro Muñoz
284c52f972 Bump qlpack versions 2024-06-05 10:54:37 +02:00
Alvaro Muñoz
28af21c556 Update ql suites 2024-06-05 08:57:43 +02:00
Alvaro Muñoz
fa05b684d7 Dont consider pull_request with write permissions as priv 2024-06-03 22:17:42 +02:00
Alvaro Muñoz
65b51996a6 new tests 2024-06-03 18:59:51 +02:00
Alvaro Muñoz
a5c6df3070 Move from yaml to js extractor 2024-06-03 18:13:01 +02:00
Alvaro Muñoz
88465bd0e3 Improve privleged detection 2024-06-03 11:26:51 +02:00
Alvaro Muñoz
844b6e014b Bump qlpack versions 2024-05-31 19:04:32 +02:00
Alvaro Muñoz
842b741611 Bump qlpack versions 2024-05-31 16:02:51 +02:00
Alvaro Muñoz
39e517ebd3 Merge pull request #40 from github/improve_regexps 
Improve bash and source regexpps
 2024-05-31 16:02:01 +02:00
Alvaro Muñoz
3e9c19044e Improve bash and source regexpps 2024-05-31 16:01:27 +02:00
Alvaro Muñoz
c6e3bafe00 Bump qlpack versions 2024-05-24 09:35:06 +02:00
Alvaro Muñoz
1fc45eb296 Improve ControlCheck for untrusted checkouts 2024-05-24 09:33:35 +02:00
Alvaro Muñoz
16a7522807 Improve Untrusted checkout queries 2024-05-22 23:24:17 +02:00
Alvaro Muñoz
33ae3b1625 minor updates 2024-05-22 18:53:39 +02:00
Alvaro Muñoz
367531a659 Bump qlpack versions 2024-05-22 11:08:22 +02:00
Alvaro Muñoz
4d28d6aa7c Improve toctou queries 2024-05-22 11:07:52 +02:00
Alvaro Muñoz
e86fa9744a Bump qlpack versions 2024-05-21 23:05:30 +02:00
Alvaro Muñoz
e5b5a0db04 Merge pull request #39 from github/externally_triggereable_jobs 
externally triggereable jobs
 2024-05-21 23:03:00 +02:00
Alvaro Muñoz
5d32071adc resolve conflicts 2024-05-21 23:02:34 +02:00
Alvaro Muñoz
313acfcac2 Add externally triggereable data model and predicates 2024-05-21 23:00:40 +02:00
Alvaro Muñoz
d3bff87f9a Add github to json contexts 2024-05-17 23:10:29 +02:00
Alvaro Muñoz
5f8bab0608 Bump qlpack versions 2024-05-17 22:36:26 +02:00
Alvaro Muñoz
66138df61d Merge pull request #37 from github/toctou_refinements 
Reduce FP for actor/association checks that cannot be bypassed this way
 2024-05-17 11:25:39 +02:00
Alvaro Muñoz
0456dcdc8f Merge pull request #38 from github/expr_trigger_mapping 
Ensure event sources are available for triggering events
 2024-05-17 11:25:14 +02:00
Alvaro Muñoz
47a66e1075 Add TODO 2024-05-16 21:43:00 +02:00
Alvaro Muñoz
dfeefe0caa Consider actor and association checks as bypassable checks ONLY for issueOps 2024-05-16 16:17:26 +02:00
Alvaro Muñoz
84d4c573f9 Merge branch 'toctou_refinements' of https://github.com/github/codeql-actions into toctou_refinements 2024-05-16 16:14:48 +02:00
Alvaro Muñoz
612be64ffc Consider actor and association checks as bypassable checks ONLY for issueOps 2024-05-16 16:10:26 +02:00
Jaroslav Lobačevski
558bea84d4 Create label_actor.yml 2024-05-16 15:57:13 +02:00
Alvaro Muñoz
e28ad1d644 Reduce FP for actor/association checks that cannot be bypassed this way 2024-05-16 15:57:13 +02:00
Alvaro Muñoz
f325d40a22 Ensure event sources are available for triggering events 2024-05-16 15:55:12 +02:00
Alvaro Muñoz
1b4246e7f1 Update tests for cache poisoning 2024-05-16 11:32:21 +02:00
Jaroslav Lobačevski
c47fdd123d Create label_actor.yml 2024-05-16 10:56:01 +02:00
Alvaro Muñoz
888b9fecca Reduce FP for actor/association checks that cannot be bypassed this way 2024-05-16 10:28:24 +02:00
Alvaro Muñoz
446765bcbb Update Cache Poisoning rule 2024-05-15 22:08:03 +02:00
Alvaro Muñoz
731889bf88 Bump qlpack versions 2024-05-15 21:29:51 +02:00
Alvaro Muñoz
d15dc68e43 Merge pull request #35 from github/default_branch_name 2024-05-15 17:57:25 +02:00