61b561867b
Update unguarded-action-lib.ql
2021-06-02 16:51:30 +01:00
4164096c0d
Use the version from package.json in the runner
...
Update the ql queries to account for change in how we look for runner
Previously, we guarded blocks of code to be run by the runner or the
action using if statements like this:
```js
if (mode === "actions") ...
```
We are no longer doing this. And now, the `unguarded-action-lib.ql`
query is out of date. This query checks that runner code does not
unintentionally access actions-only methods in the libraries.
With these changes, we now ensure that code scanning is happy.
2021-05-31 09:34:41 -07:00
8207018b75
make query more robust
2021-04-23 10:01:28 +01:00
8c91ba83e2
Introduce our own toolcache implementation for use by the runnner
2021-04-22 15:31:15 +01:00
378f30f95d
call setupActionsVars in the tests too
2021-03-16 13:43:28 +00:00
d698cb3d2b
Make unguarded-action-lib better at ignoring uses of toolcache
2021-03-16 13:14:17 +00:00
b03b9fe641
Add a query to detect binary planting vulnerabilities.
2020-11-20 11:34:33 +00:00
1870040fac
fix: small typo in import-action-entrypoint.ql
2020-11-10 00:38:46 +01:00
090a7013dd
add explanation to query
2020-09-16 11:03:19 +01:00
d88fa5cef6
Add queries
2020-09-15 18:33:37 +01:00
b4d142e980
whitelist @actions/exec/lib/toolrunner
2020-09-01 14:44:38 +01:00
217483dfd6
Convert rest of the actions
2020-08-26 16:20:36 +01:00
09677dada5
rename CLI to runner
2020-08-25 17:44:30 +01:00
f92a68048c
add query to detect use of actions libs
2020-08-17 12:32:22 +01:00
c7c1aa8045
fix undeclared action inputs
2020-07-16 14:54:15 +01:00
dcd81b5847
Make use of getContainer
2020-05-04 15:16:23 +01:00
d90fca396a
Create undeclared-action-input.ql
2020-05-04 14:16:59 +01:00
28ccc3db2d
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
2020-04-28 17:23:37 +02:00
Robert
Andrew Eisenberg
Chris Gavin
0xflotus
Robert Brignull
anaarmas