hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
221 Commits 1,712 Branches 163 Tags
ed70ef03078077d943baebd2e4480db9b6830b17
Commit Graph

40 Commits

Author SHA1 Message Date
Alvaro Muñoz
ed70ef0307 Make Artifact poisoning query a path problem 2024-04-11 15:46:49 +02:00
Alvaro Muñoz
b761565dcf Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-04-11 15:18:19 +02:00
Alvaro Muñoz
1b2e02df64 Add support for multiline assigments 2024-04-11 15:18:09 +02:00
Alvaro Muñoz
4f0ec73307 Merge pull request #46 from GitHubSecurityLab/ca-rw-sinks 
Add models for composite actions and reusable workflows sinks
 2024-04-11 12:02:01 +02:00
jorgectf
c56f220b13 Add provenance field 2024-04-11 11:23:28 +02:00
Alvaro Muñoz
8d2b8be133 Add github.event as a source 2024-04-10 22:32:49 +02:00
Alvaro Muñoz
58b21d4684 Improve assignments to GITHUB ENVARS detection 2024-04-08 18:52:13 +02:00
Alvaro Muñoz
31a1ea9593 Improve envvar injection 2024-04-08 17:12:00 +02:00
Alvaro Muñoz
56d2d8ec10 Update test results 2024-04-08 12:54:30 +02:00
Alvaro Muñoz
2651e5a673 Improve Artifact poisoning related queries 2024-04-08 12:52:10 +02:00
Alvaro Muñoz
28ccf4fa68 Improve Artifact Poisoning query 2024-04-05 09:18:01 +02:00
Alvaro Muñoz
2988bc8885 Centralize isPrivileged decisions 2024-04-03 15:39:00 +02:00
Alvaro Muñoz
152d29da38 Add Artifact poisoning and Env Injection queries 2024-04-01 18:53:37 +02:00
Alvaro Muñoz
822e9bcaab env var injection query 2024-03-23 21:55:54 +01:00
Alvaro Muñoz
2ed3aceddf feat(sources): Do not take triggers into consideration 2024-03-22 13:32:29 +01:00
Alvaro Muñoz
9d5b026fde Merge branch 'master' of https://github.com/GitHubSecurityLab/codeql-actions 2024-03-21 14:21:30 +01:00
Alvaro Muñoz
06747cd98b Add tests for untrusted checkouts in workflow_run triggered workflows 2024-03-21 14:19:46 +01:00
Alvaro Muñoz
9683ae35bc Add tests 2024-03-18 13:04:57 +01:00
Alvaro Muñoz
8023a527a4 fix(untrusted_co): Do not report Reusable workflows called from pull_request 2024-03-18 13:02:11 +01:00
Alvaro Muñoz
6cb15f06bc fix(fn): Apply json wrappers to source regexps 2024-03-15 13:54:21 +01:00
Alvaro Muñoz
169e57e874 Refactor queries 2024-03-15 11:10:41 +01:00
Alvaro Muñoz
46afa9c1f3 Add new tests 2024-03-14 22:41:01 +01:00
Alvaro Muñoz
778d8978b0 DF support for untrusted checkout query 2024-03-14 13:55:10 +01:00
Alvaro Muñoz
22d0600da8 Support more PR head checkouts 2024-03-14 13:28:39 +01:00
Alvaro Muñoz
d12b24886f Merge branch 'untrusted_co' of https://github.com/GitHubSecurityLab/codeql-actions into untrusted_co 2024-03-14 12:58:56 +01:00
Alvaro Muñoz
35df9519e1 Support more untrusted checkout cases 2024-03-14 12:58:47 +01:00
Alvaro Muñoz
3150f24d3f Update tests and fix regexp 2024-03-14 12:21:16 +01:00
Alvaro Muñoz
7160f08222 Update ql/test/query-tests/Security/CWE-829/.github/workflows/auto_ci.yml 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2024-03-14 12:03:40 +01:00
Alvaro Muñoz
03277cc24b Add test for self-referencing jobs 2024-03-14 11:58:44 +01:00
Alvaro Muñoz
872b1f88f0 More regexp improvements 2024-03-13 22:47:19 +01:00
Alvaro Muñoz
839d16cde5 Treat If's values as expression no matter the delimiters 2024-03-13 18:41:17 +01:00
Alvaro Muñoz
1bf2431c99 Improve UntrustedCheckout query 
Account for more events, more triggers and heuristics to detect git checkouts
 2024-03-13 15:41:57 +01:00
Alvaro Muñoz
0b71d02407 fix: clean debug lefovers 2024-03-13 13:49:50 +01:00
Alvaro Muñoz
9b97dbd870 Refactor ast nodes 2024-03-12 10:16:43 +01:00
Alvaro Muñoz
96246f4b74 Add Expression nodes and their corresponding locations 2024-03-07 15:35:47 +01:00
Alvaro Muñoz
6875640c64 Refactor getXXXExpr methods 2024-03-04 10:33:26 +01:00
Alvaro Muñoz
1c2f19f4e1 Merge Actions.qll and Ast.qll 2024-03-01 16:06:06 +01:00
Alvaro Muñoz
bcf3081259 Refactor Input/Outpts 2024-03-01 11:17:23 +01:00
Alvaro Muñoz
0eabdd9507 Rename classes 2024-03-01 09:44:33 +01:00
Alvaro Muñoz
6b11506abb test: Add tests 2024-02-29 13:23:59 +01:00