Alvaro Muñoz
|
ef37e3c594
|
Bump qlpack versions
|
2024-10-01 14:22:08 +02:00 |
|
Alvaro Muñoz
|
853fdf0d35
|
Merge pull request #97 from github/rasmuswl/avoid-duplicate-code-injection-alerts
Suppress `actions/cache-poisoning/code-injection` alerts covered by `actions/code-injection/critical`
|
2024-10-01 11:47:41 +02:00 |
|
Alvaro Muñoz
|
4274673628
|
Merge pull request #95 from github/rasmuswl/fix-qhelp-file
|
2024-10-01 10:10:27 +02:00 |
|
Rasmus Wriedt Larsen
|
726392c8b7
|
Suppress actions/cache-poisoning/code-injection alerts covered by actions/code-injection/critical
|
2024-10-01 09:48:16 +02:00 |
|
Alvaro Muñoz
|
c7fde2a40d
|
Bump qlpack versions
|
2024-09-30 15:35:00 +02:00 |
|
Alvaro Muñoz
|
7e89c04e61
|
Merge pull request #96 from github/fix/repo_control_check
fix: Repository checks do not protect workflow_run triggered jobs
|
2024-09-30 15:28:07 +02:00 |
|
Alvaro Muñoz
|
e0a2eb93d6
|
fix: Repository checks do not protect workflow_run triggered jobs
|
2024-09-30 15:27:15 +02:00 |
|
Rasmus Wriedt Larsen
|
c10d5a113e
|
Rename help-file to match .ql file
Reported by running
```
codeql generate query-help --format sarifv2.1.0 --output help.sairf ql/src/codeql-suites/actions-code-scanning.qls
```
|
2024-09-30 15:13:32 +02:00 |
|
Alvaro Muñoz
|
4edfdb4101
|
Bump qlpack versions
|
2024-09-28 23:59:23 +02:00 |
|
Alvaro Muñoz
|
fce300ee92
|
Merge pull request #94 from github/fix/sanitizer_scalar_value
Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue)
|
2024-09-28 23:58:47 +02:00 |
|
Alvaro Muñoz
|
f2c5a14883
|
Fix: ControlChecks protects/dominates only work with Steps. A sink can be in a sub-step node (eg: ScalarValue)
|
2024-09-28 23:57:32 +02:00 |
|
Alvaro Muñoz
|
1b3b47bb1e
|
Bump qlpack versions
|
2024-09-27 21:39:51 +02:00 |
|
Alvaro Muñoz
|
05d4b3c9f4
|
Merge pull request #93 from github/ppe_from_rfs
Add remote flow sources as a mutable ref source for untrusted checkouts
|
2024-09-27 21:39:16 +02:00 |
|
Alvaro Muñoz
|
4fffde2fc5
|
Add remote flow sources as a mutable ref source for untrusted checkouts
|
2024-09-27 21:38:38 +02:00 |
|
Alvaro Muñoz
|
294ebe56c6
|
Merge branch 'master' of https://github.com/github/codeql-actions
|
2024-09-27 18:33:55 +02:00 |
|
Alvaro Muñoz
|
1a5a3044c2
|
Bump qlpack versions
|
2024-09-27 18:25:31 +02:00 |
|
Alvaro Muñoz
|
2e6f004bda
|
Merge pull request #92 from github/fix/direct_cache_poison
Improve path checks for Artifact and Cache poisoning queries
|
2024-09-27 18:25:00 +02:00 |
|
Alvaro Muñoz
|
9d26a8da26
|
Improve path checks for Artifact and Cache poisoning queries
|
2024-09-27 18:22:35 +02:00 |
|
Alvaro Muñoz
|
65d09b3a4b
|
Merge pull request #91 from github/fix/artpoison
Improve artifact poisoning query
|
2024-09-27 12:45:59 +02:00 |
|
Alvaro Muñoz
|
86c1d9c30f
|
Improve artifact poisoning query
Better check of download path
Add downloading to /tmp as a sanitizer
|
2024-09-27 12:35:10 +02:00 |
|
Alvaro Muñoz
|
26f829eff4
|
Bump qlpack versions
|
2024-09-27 10:29:47 +02:00 |
|
Alvaro Muñoz
|
27752c7590
|
Merge pull request #90 from github/regexp_actions
Add new sources and summary steps
|
2024-09-27 10:29:06 +02:00 |
|
Alvaro Muñoz
|
010ad359d7
|
Add new sources and summary steps
|
2024-09-27 10:28:44 +02:00 |
|
Alvaro Muñoz
|
71960b3ddd
|
Bump qlpack versions
|
2024-09-25 18:22:46 +02:00 |
|
Alvaro Muñoz
|
62162a5771
|
Merge pull request #89 from github/change_sources
Add new sources for github.event.changes
|
2024-09-25 18:22:14 +02:00 |
|
Alvaro Muñoz
|
16f1a53584
|
Add new sources for github.event.changes
|
2024-09-25 18:21:54 +02:00 |
|
Alvaro Muñoz
|
e147a0bc71
|
Bump qlpack versions
|
2024-09-25 15:26:31 +02:00 |
|
Alvaro Muñoz
|
b1ddbc9d13
|
Improve Control Checks
|
2024-09-25 15:25:56 +02:00 |
|
Alvaro Muñoz
|
153fb492f7
|
Update tests
|
2024-09-24 23:14:37 +02:00 |
|
Alvaro Muñoz
|
43b61eb072
|
Bump qlpack versions
|
2024-09-24 23:04:57 +02:00 |
|
Alvaro Muñoz
|
356c200158
|
Composite Action steps's getEnclosingJob should return the calling job
|
2024-09-24 23:03:55 +02:00 |
|
Alvaro Muñoz
|
0d55b4e784
|
Bump qlpack versions
|
2024-09-24 21:59:10 +02:00 |
|
Alvaro Muñoz
|
f26e41db3f
|
Merge pull request #88 from github/DFG/composite_actions
DFG/composite actions
|
2024-09-24 21:58:07 +02:00 |
|
Alvaro Muñoz
|
f095622a9b
|
Update expected test results
|
2024-09-24 21:50:59 +02:00 |
|
Alvaro Muñoz
|
e8a667fdc6
|
Add new tests
|
2024-09-24 21:43:31 +02:00 |
|
Alvaro Muñoz
|
4fc9e3f0f1
|
Add Composite action's outputs as a return node
|
2024-09-24 21:43:10 +02:00 |
|
Alvaro Muñoz
|
7c2386bbee
|
Simplify callable/call matches
|
2024-09-24 21:42:52 +02:00 |
|
Alvaro Muñoz
|
ef549ef795
|
Add Outputs nodes as CFG/DFG nodes
|
2024-09-24 21:41:03 +02:00 |
|
Alvaro Muñoz
|
ffbddb1073
|
Simplify Callable/call match
|
2024-09-24 21:40:15 +02:00 |
|
Alvaro Muñoz
|
090d22fa7a
|
Add GetRepoRoot helper function
|
2024-09-24 21:38:42 +02:00 |
|
Alvaro Muñoz
|
abd49d5b11
|
Improve privilege workflow detection
|
2024-09-24 12:12:29 +02:00 |
|
Alvaro Muñoz
|
fe06c9e5fa
|
d /Users/pwntester/src/github.com/github/codeql-actions/ql
|
2024-09-24 12:12:09 +02:00 |
|
Alvaro Muñoz
|
2bfb156508
|
d /Users/pwntester/src/github.com/github/codeql-actions/ql
|
2024-09-23 23:08:58 +02:00 |
|
Alvaro Muñoz
|
610dcaf23d
|
Bump qlpack versions
|
2024-09-23 12:31:19 +02:00 |
|
Alvaro Muñoz
|
53f82d3d6c
|
Control Checks in Run/Uses steps also protect Jobs that depend on them
|
2024-09-23 12:29:35 +02:00 |
|
Alvaro Muñoz
|
269c1de902
|
Bump qlpack versions
|
2024-09-23 10:22:18 +02:00 |
|
Alvaro Muñoz
|
5e74f89255
|
Merge pull request #87 from github/reusable_workflow_priv_checks
Consider a Reusable Workflow privileged if a caller is
|
2024-09-23 10:19:00 +02:00 |
|
Alvaro Muñoz
|
df59e6f5d2
|
Consider a Reusable Workflow privileged if a caller is
|
2024-09-23 10:18:29 +02:00 |
|
Alvaro Muñoz
|
1dd7c3d2ef
|
Bump qlpack versions
|
2024-09-22 22:06:35 +02:00 |
|
Alvaro Muñoz
|
b685a8df4d
|
Merge pull request #86 from github/analyze_reusable_workflows
Cross remote Reusable Workflow analysis
|
2024-09-22 22:06:05 +02:00 |
|