github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-30 02:40:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,274 Commits 350 Branches 538 Tags
codeql-bundle-20220224
Commit Graph

10 Commits

Author SHA1 Message Date
Robert 61b561867b Update unguarded-action-lib.ql 2021-06-02 16:51:30 +01:00
Andrew Eisenberg 4164096c0d Use the version from package.json in the runner 
Update the ql queries to account for change in how we look for runner

Previously, we guarded blocks of code to be run by the runner or the
action using if statements like this:

```js
if (mode === "actions") ...
```

We are no longer doing this. And now, the `unguarded-action-lib.ql`
query is out of date. This query checks that runner code does not
unintentionally access actions-only methods in the libraries.

With these changes, we now ensure that code scanning is happy.
 2021-05-31 09:34:41 -07:00
Robert 8207018b75 make query more robust 2021-04-23 10:01:28 +01:00
Robert 8c91ba83e2 Introduce our own toolcache implementation for use by the runnner 2021-04-22 15:31:15 +01:00
Robert 378f30f95d call setupActionsVars in the tests too 2021-03-16 13:43:28 +00:00
Robert d698cb3d2b Make unguarded-action-lib better at ignoring uses of toolcache 2021-03-16 13:14:17 +00:00
Robert Brignull b4d142e980 whitelist @actions/exec/lib/toolrunner 2020-09-01 14:44:38 +01:00
Robert Brignull 217483dfd6 Convert rest of the actions 2020-08-26 16:20:36 +01:00
Robert Brignull 09677dada5 rename CLI to runner 2020-08-25 17:44:30 +01:00
Robert Brignull f92a68048c add query to detect use of actions libs 2020-08-17 12:32:22 +01:00