hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-19 13:48:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,348 Commits 1,760 Branches 167 Tags
copilot/explore-codebase-and-create-plan
Commit Graph

191 Commits

Author SHA1 Message Date
Paolo Tranquilli
f9e42ac443 Merge pull request #21794 from github/post-release-prep/codeql-cli-2.25.4 
Post-release preparation for codeql-cli-2.25.4
 2026-05-07 14:43:24 +02:00
Owen Mansel-Chan
e6f587e761 Merge pull request #21715 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout 
Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries
 2026-05-06 11:52:30 +01:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
Kristen Newbury
39b6cf9468 Address review comments 2026-05-04 16:47:44 -04:00
Kristen Newbury
b0bc0fdd61 Adjust changenotes actions queries 2026-04-30 12:28:06 -04:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Paolo Tranquilli
5342cc79fb Merge pull request #21574 from github/redsun82/actions/remove-harden-runner-false-positive 
Remove false positive injection sink models for `docker/build-push-action` and `step-security/harden-runner`
 2026-04-17 09:43:45 +02:00
Kristen Newbury
589e1e5c19 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:27:06 -04:00
Kristen Newbury
c9e5dbda78 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:26:38 -04:00
Kristen Newbury
1233d81523 Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries 2026-04-15 14:11:17 -04:00
github-actions[bot]
242090e0ac Post-release preparation for codeql-cli-2.25.2 2026-04-06 13:49:20 +00:00
github-actions[bot]
4fe2f6d2b4 Release preparation for version 2.25.2 2026-04-06 10:30:38 +00:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Paolo Tranquilli
e0bc18c228 Add changenote for false positive sink model removals 2026-03-26 09:19:34 +01:00
Paolo Tranquilli
e807545591 Remove false positive docker/build-push-action context sink model 
The `context` input is passed as a single array element through
`docker/actions-toolkit` and `@actions/exec` all the way to
`child_process.spawn()`, which does not perform shell splitting.
No code injection is possible.

Fixes https://github.com/github/codeql/issues/21428
 2026-03-26 09:08:34 +01:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00
Paolo Tranquilli
55d16e8781 Remove false-positive command-injection sink model for step-security/harden-runner 
The `allowed-endpoints` input only flows to `execFileSync("echo", [content])`
(no shell) and `fs.writeFileSync` (JSON config), neither of which is a
command injection vector.

Fixes https://github.com/github/codeql/issues/21568
 2026-03-25 10:58:16 +01:00
github-actions[bot]
8cf0954796 Release preparation for version 2.25.1 2026-03-25 08:28:30 +00:00
github-actions[bot]
d6055754b6 Release preparation for version 2.25.0 2026-03-16 12:15:34 +00:00
github-actions[bot]
e152f08468 Post-release preparation for codeql-cli-2.24.3 2026-03-02 22:51:27 +00:00
github-actions[bot]
7795badd18 Release preparation for version 2.24.3 2026-03-02 13:23:40 +00:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Chris Smowton
a326ce34a8 change note 2026-01-23 15:47:17 +00:00
Chris Smowton
dc26a57548 Use posessive quantifier to avoid stack overflow on large ${{}} expressions 2026-01-23 15:35:24 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
github-actions[bot]
2cb932cf5d Post-release preparation for codeql-cli-2.23.9 2026-01-06 15:42:16 +00:00
github-actions[bot]
c00663766e Release preparation for version 2.23.9 2026-01-05 11:57:06 +00:00
Óscar San José
d972af9ef8 Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main 2025-12-12 13:22:08 +01:00
github-actions[bot]
2854330759 Post-release preparation for codeql-cli-2.23.8 2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e Release preparation for version 2.23.8 2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20 2025-12-05 19:31:47 +01:00
Owen Mansel-Chan
4a16de2bc8 Pull out logic into separate predicate 2025-12-04 16:50:39 +00:00
Owen Mansel-Chan
fb841ea591 Make predicates containing query logic more self-contained 2025-12-04 16:50:37 +00:00
Owen Mansel-Chan
8bac1dec83 Add change note 2025-12-04 16:50:36 +00:00
Owen Mansel-Chan
f6bdb3a126 Fix filtering of code injection alerts between medium and critical 2025-12-04 16:50:34 +00:00
github-actions[bot]
085faa2bdb Post-release preparation for codeql-cli-2.23.7 2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac Release preparation for version 2.23.7 2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0 Release preparation for version 2.23.7 2025-12-01 16:07:37 +00:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
974d174757 Actions/CodeInjectionQuery 
actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql

actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
 2025-10-28 09:41:24 +01:00