765807bee7
Add `RUNNER_ENVIRONMENT` to the list of known default setup variables
2023-09-20 14:08:00 +02:00
97ce1b094a
Ignore test files in env vars query
2023-08-07 17:31:09 +01:00
ba5812e64f
Add `ImageVersion` to safe env vars for default setup
2023-08-07 17:29:12 +01:00
9632771630
Address review comments
2023-05-31 14:23:43 +01:00
d427c89ed7
Ignore internal Actions
2023-05-30 20:31:56 +01:00
125ff5530c
Fix deprecation warnings
2023-05-30 20:31:40 +01:00
86ead5e019
Only flag up the deepest properties
2023-05-30 19:50:56 +01:00
eac5e24aee
Downgrade query severity to warning
2023-05-16 11:06:13 +01:00
8065746a2a
Add query to find context variables that may not work with default setup
2023-05-12 19:35:08 +01:00
abb267d186
Add query to identify env vars that may not work with default setup
2023-05-12 18:46:31 +01:00
9953504776
Use new packaging mechanism for internal queries
2023-05-11 18:43:36 +01:00
182342cdd7
Remove unguarded Actions library query
...
It is enough to pass the checks now that we only use the runner for PR
checks.
2022-08-24 11:50:07 +01:00
70b730eb7d
Add RAM and threads options to init action
2021-10-28 15:09:59 -07:00
61b561867b
Update unguarded-action-lib.ql
2021-06-02 16:51:30 +01:00
4164096c0d
Use the version from package.json in the runner
...
Update the ql queries to account for change in how we look for runner
Previously, we guarded blocks of code to be run by the runner or the
action using if statements like this:
```js
if (mode === "actions") ...
```
We are no longer doing this. And now, the `unguarded-action-lib.ql`
query is out of date. This query checks that runner code does not
unintentionally access actions-only methods in the libraries.
With these changes, we now ensure that code scanning is happy.
2021-05-31 09:34:41 -07:00
8207018b75
make query more robust
2021-04-23 10:01:28 +01:00
8c91ba83e2
Introduce our own toolcache implementation for use by the runnner
2021-04-22 15:31:15 +01:00
378f30f95d
call setupActionsVars in the tests too
2021-03-16 13:43:28 +00:00
d698cb3d2b
Make unguarded-action-lib better at ignoring uses of toolcache
2021-03-16 13:14:17 +00:00
b03b9fe641
Add a query to detect binary planting vulnerabilities.
2020-11-20 11:34:33 +00:00
1870040fac
fix: small typo in import-action-entrypoint.ql
2020-11-10 00:38:46 +01:00
090a7013dd
add explanation to query
2020-09-16 11:03:19 +01:00
d88fa5cef6
Add queries
2020-09-15 18:33:37 +01:00
b4d142e980
whitelist @actions/exec/lib/toolrunner
2020-09-01 14:44:38 +01:00
217483dfd6
Convert rest of the actions
2020-08-26 16:20:36 +01:00
09677dada5
rename CLI to runner
2020-08-25 17:44:30 +01:00
f92a68048c
add query to detect use of actions libs
2020-08-17 12:32:22 +01:00
c7c1aa8045
fix undeclared action inputs
2020-07-16 14:54:15 +01:00
dcd81b5847
Make use of getContainer
2020-05-04 15:16:23 +01:00
d90fca396a
Create undeclared-action-input.ql
2020-05-04 14:16:59 +01:00
28ccc3db2d
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
2020-04-28 17:23:37 +02:00
Paolo Tranquilli
Henry Mercer
Chuan-kai Lin
Robert
Andrew Eisenberg
Chris Gavin
0xflotus
Robert Brignull
anaarmas