codeql

mirror of https://github.com/github/codeql.git synced 2026-01-10 21:20:22 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	eb4eb4e931	Merge branch 'master' into cache_poisoning_actions	2024-05-08 22:43:22 +02:00
Alvaro Muñoz	d6fb0ae84e	Update tests	2024-05-08 22:41:05 +02:00
Alvaro Muñoz	ad45d319c5	Resolve conflict	2024-05-08 22:37:22 +02:00
Alvaro Muñoz	1ea0312f36	Bump qlpack versions	2024-05-08 22:35:25 +02:00
Alvaro Muñoz	d2e9411e12	Update and new tests	2024-05-08 22:35:17 +02:00
Alvaro Muñoz	44377acb08	Improve Cache Poisoning quer	2024-05-08 22:35:06 +02:00
Alvaro Muñoz	2d09d1e6d8	Fix alert text	2024-05-08 22:34:30 +02:00
Alvaro Muñoz	f95a3e5298	Refactor eventtrigger and privileged methods Move them from Workflows to Jobs	2024-05-08 22:34:11 +02:00
Alvaro Muñoz	ddf72a2cf3	Add more poisonable steps	2024-05-08 22:32:24 +02:00
Alvaro Muñoz	e8f2bc3ef6	Remove debug method	2024-05-08 22:32:11 +02:00
Alvaro Muñoz	409a6aa137	Update ql/src/Security/CWE-349/CachePoisoning.ql Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>	2024-05-08 18:48:16 +02:00
Alvaro Muñoz	fafb44d4f6	Add CachePoisoning by Code Injection query	2024-05-08 15:20:48 +02:00
Alvaro Muñoz	b965a55339	Fix error in select Casting to CachingWritingStep in the select clause was shadowing all the Poisonable result	2024-05-08 15:04:48 +02:00
Alvaro Muñoz	c39e802c17	Fix sources for tj-actions/verify-changed-files	2024-05-08 13:56:49 +02:00
Alvaro Muñoz	1df74e29c1	Merge branch 'master' of https://github.com/github/codeql-actions	2024-05-08 09:44:58 +02:00
Alvaro Muñoz	d3bb6668f6	Missing getMajorVersion predicate	2024-05-08 09:44:48 +02:00
Alvaro Muñoz	6a87192f64	Account for insecure action versions	2024-05-08 09:43:32 +02:00
Alvaro Muñoz	de74b88866	Update	2024-05-08 09:43:32 +02:00
Alvaro Muñoz	778c6ad923	Fix tj-actions/changed-files sources	2024-05-08 09:43:32 +02:00
Jorge	2a84b9cbfb	Merge pull request #8 from github/jorgectf-patch-1 Copy master branch only	2024-05-07 09:49:56 +02:00
Jorge	5d6a3c4900	Copy master branch only	2024-05-07 09:45:12 +02:00
Alvaro Muñoz	b7960776cc	Merge pull request #7 from github/fix_dorny_paths_filter_source Fix incorrect source for dorny path filters	2024-05-07 09:45:04 +02:00
Alvaro Muñoz	b22e305699	Fix untrusted checkout tests	2024-05-06 23:32:42 +02:00
Alvaro Muñoz	ddf4bb194e	Fix incorrect source for dorny path filters	2024-05-06 23:32:06 +02:00
Alvaro Muñoz	1ddfbb05f3	Update actions fragment	2024-05-06 22:19:02 +02:00
Alvaro Muñoz	0ea34dfb52	Update action.yml	2024-05-06 22:11:43 +02:00
Alvaro Muñoz	c3c6410a73	Update action.yml	2024-05-06 20:01:48 +02:00
Alvaro Muñoz	254664d274	Bump qlpack versions	2024-05-06 18:39:15 +02:00
Alvaro Muñoz	c14d069ad6	Merge pull request #5 from github/cache_poisoning Add Cache Poisoning Query	2024-05-06 18:37:52 +02:00
Alvaro Muñoz	2980139283	Merge pull request #6 from github/untrusted_checkout_improvments untrusted checkout improvments	2024-05-06 18:37:13 +02:00
Alvaro Muñoz	373e0a278a	Rename untrusted checkout queries	2024-05-06 18:36:46 +02:00
Alvaro Muñoz	f6b1daa59c	Improve query	2024-05-06 18:26:58 +02:00
Alvaro Muñoz	2359e2de90	Clean query	2024-05-06 17:24:43 +02:00
Alvaro Muñoz	9417e1d164	Classify checkout steps	2024-05-06 17:13:00 +02:00
Alvaro Muñoz	bb028e41d4	Add Cache Poisoning Query	2024-05-06 17:10:34 +02:00
Alvaro Muñoz	addedd0e2a	Comment out unused source	2024-05-04 23:29:55 +02:00
Alvaro Muñoz	4be3011887	Merge pull request #4 from github/refactor_untrusted_checkout Refactor untrusted checkout queries	2024-05-04 23:28:15 +02:00
Alvaro Muñoz	16c77cbe25	Refactor untrusted checkout queries	2024-05-04 23:27:26 +02:00
Alvaro Muñoz	9843f375ee	ignore runtime info for pull_request triggered workflows	2024-04-30 12:20:53 +02:00
Alvaro Muñoz	186f9d018d	Merge pull request #2 from github/separate_sources Split sources by taint type	2024-04-28 12:04:02 +02:00
Alvaro Muñoz	831b8cfaa6	Bump qlpack versions	2024-04-28 12:03:40 +02:00
Alvaro Muñoz	0f3281c386	Support bash heredoc	2024-04-28 09:36:27 +02:00
Alvaro Muñoz	00f6ff8c01	Split sources by taint type	2024-04-27 11:02:33 +02:00
Alvaro Muñoz	27d0a3406d	Improve Env path/var injection queries	2024-04-26 16:17:29 +02:00
Alvaro Muñoz	39308fd89f	Fix typo	2024-04-24 22:09:03 +02:00
Alvaro Muñoz	0ff967b102	Fix typo	2024-04-24 22:07:18 +02:00
Alvaro Muñoz	fbf03fa8e2	New expression is always true tests	2024-04-24 21:51:27 +02:00
Alvaro Muñoz	c9b2dac128	Update action.yml	2024-04-24 15:07:05 +02:00
Alvaro Muñoz	944bd84a58	Add missing spaces	2024-04-23 15:15:16 +02:00
Alvaro Muñoz	16cf60af00	Add double quotes to env var	2024-04-23 15:05:40 +02:00

1 2 3 4 5 ...

326 Commits