hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 07:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
91 Commits 1,712 Branches 163 Tags
ecefb7ffb57aaf1e82293143dcd5a29397a62415
Commit Graph

91 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alvaro Muñoz
ecefb7ffb5 feat(untrusted checkout query): Add new query and tests 2024-02-22 13:12:37 +01:00
Alvaro Muñoz
d0b904a590 Fix QLpack names 2024-02-21 21:57:45 +01:00
Alvaro Muñoz
7a1369d9d0 Merge pull request #19 from GitHubSecurityLab/steps 2024-02-21 18:38:44 +01:00
Jorge
9e2be7d674 Apply suggestions from code review 
Co-authored-by: Alvaro Muñoz <pwntester@github.com>
 2024-02-21 17:27:39 +01:00
Alvaro Muñoz
d6f6e1fc0b Merge pull request #18 from GitHubSecurityLab/triggers 
feat(triggers): New query and support for trigger-based severity decisions
 2024-02-21 16:51:16 +01:00
Alvaro Muñoz
3d5567d698 Update ql/lib/codeql/actions/Ast.qll 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2024-02-21 16:50:44 +01:00
Alvaro Muñoz
a28f8e90f0 Update ql/lib/ext/tj-actions_branch-names.model.yml 2024-02-21 16:50:33 +01:00
Jorge
3ca7adab4f Merge branch 'master' into steps 2024-02-21 15:31:42 +01:00
jorgectf
e1d6c7dac4 Add some steps 2024-02-21 15:29:27 +01:00
Alvaro Muñoz
a2b0a01298 fix: fix merge conflict 2024-02-21 10:57:51 +01:00
Alvaro Muñoz
ea29a09fd7 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
3aa4f7f1af feat(triggers): Add getEnclosingWorkflowStmt to Statement class 2024-02-21 10:56:17 +01:00
Alvaro Muñoz
3814462266 feat(triggers): New query for critical issues 
Adds a new query and the required changes to be able to account for the trigger events so that we dont report issues if they are not likely exploitable.
 2024-02-21 10:23:37 +01:00
Alvaro Muñoz
4b9cec79dc Merge pull request #17 from GitHubSecurityLab/reusable_workflow_models 
feat(reusable-workflow-models): Reusable workflow MaD
 2024-02-21 10:20:40 +01:00
Alvaro Muñoz
a2210dca79 feat(triggers): Add getEnclosingWorkflowStmt to Statement class 2024-02-20 21:48:29 +01:00
Alvaro Muñoz
c84e64e76c Merge pull request #16 from GitHubSecurityLab/model-gen-queries 
feat(model-generation): Add more model generation queries
 2024-02-20 12:05:12 +01:00
Alvaro Muñoz
010d7df71d feat(reusable-workflow-models): Reusable workflow MaD 
Add support to define sources/sinks/summaries for Reusable Workflows as
MaD entries.
 2024-02-20 11:58:54 +01:00
Alvaro Muñoz
1d582a4c4d feat(model-generation): Add more model generation queries 
Add new queries for finding reusable workflows that behave as summaries, sources or sinks.
Add new query for finding composite actions that behave as sinks.
Add `github.event.inputs` context to the regular expression matching input var accesses.
 2024-02-20 10:50:02 +01:00
jorgectf
334fda18ba Fix copy workflow 2024-02-16 16:39:40 +01:00
Jorge
5cb9c21e05 Fetch before push 2024-02-16 16:06:05 +01:00
Alvaro Muñoz
55ff6ff8ee Merge pull request #15 from GitHubSecurityLab/copy-workflow 
Add copy workflow
 2024-02-16 16:05:08 +01:00
Alvaro Muñoz
7c3503e6c7 fix: remove debug leftovers 2024-02-16 16:03:38 +01:00
Jorge
4e44444d5a Add copy workflow 2024-02-16 16:03:01 +01:00
Alvaro Muñoz
43a55e80a9 feat(model-generator): New qls for modelling composite actions 2024-02-16 16:02:10 +01:00
Alvaro Muñoz
8ae1e26d5d fix(action): qls reference 2024-02-16 15:49:29 +01:00
Alvaro Muñoz
76f245b337 feat(actions): use published actions packs 2024-02-16 15:34:20 +01:00
Alvaro Muñoz
8e59fb7558 fix(actions): ql pack installation 2024-02-16 14:47:34 +01:00
Alvaro Muñoz
003b8cc8c0 fix(actions): ql pack installation 2024-02-16 14:44:47 +01:00
Alvaro Muñoz
13c5ec07b4 fix(actions): ql pack installation 2024-02-16 14:41:47 +01:00
Alvaro Muñoz
b3bab160d2 fix(actions): ql pack installation 2024-02-16 14:41:21 +01:00
Alvaro Muñoz
41639dd0e2 fix(actions): ql pack installation 2024-02-16 14:37:43 +01:00
Alvaro Muñoz
b11d8dad49 fix(actions): ql pack installation 2024-02-16 14:31:07 +01:00
Alvaro Muñoz
04a2ae9ad3 fix(actions): ql pack installation 2024-02-16 14:29:03 +01:00
Alvaro Muñoz
a94793fc09 fix(actions): pass the qlpack dirs 2024-02-16 14:14:53 +01:00
Alvaro Muñoz
e9f3006204 fix(actions): pass the qlpack dirs 2024-02-16 14:10:52 +01:00
Alvaro Muñoz
c58c4e0d54 feat(actions): refactor as composite action to be able to pass env vars 2024-02-16 14:06:46 +01:00
Alvaro Muñoz
e2699c31f8 feat(action): clone and install local packs 2024-02-16 13:56:58 +01:00
Alvaro Muñoz
959a974c8b feat(action): clone pack (not use the registry) 2024-02-16 13:32:05 +01:00
Alvaro Muñoz
5d1264d3a4 feat(action): update references to qlpacks 2024-02-16 12:56:06 +01:00
Alvaro Muñoz
cf4ab41df2 feat(action): rename qlpacks to use githubsecuritylab prefix 2024-02-16 12:32:48 +01:00
Alvaro Muñoz
0105d63a44 Add Action to scan repos 2024-02-16 12:25:23 +01:00
Alvaro Muñoz
f5c6905a50 Merge pull request #13 from GitHubSecurityLab/github_ctx 
Improve regexs
 2024-02-15 12:03:33 +01:00
Alvaro Muñoz
499c3e7ac3 Improve regexs 2024-02-15 12:03:06 +01:00
Alvaro Muñoz
65b226d36e Merge pull request #12 from GitHubSecurityLab/ctx_expressions 
feat(bash-step): Improve bash step accuracy
 2024-02-15 11:52:18 +01:00
Alvaro Muñoz
1cd32195a7 feat(bash-step): Improve bash step accuracy 
Only pass the taint when the env var is directlty set as the step output
 2024-02-15 11:51:28 +01:00
Alvaro Muñoz
0f73080a7b Merge pull request #11 from GitHubSecurityLab/fix_composite_actions 
feat(composite-actions): Fix summary and source queries for composite actions analysis
 2024-02-14 18:11:12 +01:00
Alvaro Muñoz
3c12e43d3f feat(composite-actions): Fix summary and source queries for composite actions analysis 2024-02-14 18:09:12 +01:00
Alvaro Muñoz
700882730c Merge pull request #10 from GitHubSecurityLab/job_outputs 
feat(field-flow): Refactor flow through job outputs
 2024-02-14 17:14:09 +01:00
Alvaro Muñoz
f65587e5cf feat(fieldflow): Refactor flow through Job outputs 
Job output should flow to the “key” (YamlString) and be read from there
from the JobOutputAccessExpr.

- NeedsCtxAccessExpr.getRefExpr should point to the UsesExpr(RW calling Job)
  or to the OutputsStmt(Regular Job).
- JobsCtxAccessExpr.getRefExpr should point to the OutputsStmt(Regular Job).
- Create storeStep from OutputExpr to OutputStmt using output var name
  as the field name.
- Create a readStep for CtxAccessExpr to read the referenced fields from
  the job outputs.
 2024-02-14 17:08:13 +01:00
Alvaro Muñoz
90d1ae4a05 fix: simplify Ast 2024-02-14 14:06:28 +01:00