294 Commits

Author	SHA1	Message	Date
yoff	6fd8aba560	actions: simplify using existing UsesStep	2025-04-01 17:07:21 +02:00
yoff	ee1eb199b5	actions: add description of actionsPermissionsDataModel	2025-04-01 17:07:02 +02:00
yoff	bd7c684c6c	actions: add test with empty permissions	2025-04-01 17:06:32 +02:00
Arthur Baars	0e23b86bf5	Merge pull request #19182 from github/post-release-prep/codeql-cli-2.21.0 ... Post-release preparation for codeql-cli-2.21.0	2025-04-01 15:12:29 +02:00
Marco Gario	d33ce423d8	Update UntrustedCheckoutCritical.ql	2025-04-01 13:58:37 +02:00
yoff	3cdd641b81	actions: fix typo	2025-04-01 13:43:00 +02:00
github-actions[bot]	10205cb990	Post-release preparation for codeql-cli-2.21.0	2025-04-01 11:30:43 +00:00
yoff	1ec3e8712b	Apply suggestions from code review ... Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-04-01 13:18:30 +02:00
Marco Gario	c0d7288696	Merge branch 'main' into marcogario-patch-1	2025-04-01 10:59:03 +02:00
Andrew Eisenberg	70150eea9a	Merge branch 'main' into marcogario/untrusted_checkout_name	2025-03-31 13:54:17 -07:00
Marco Gario	820dacd151	Merge branch 'main' into marcogario-patch-1	2025-03-31 20:42:12 +02:00
Marco Gario	8737acb6a9	Update actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql ... Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2025-03-31 20:42:03 +02:00
github-actions[bot]	84f6564cc0	Release preparation for version 2.21.0	2025-03-31 17:35:15 +00:00
Arthur Baars	bcd038c291	Actions: rename changenote file	2025-03-31 18:14:44 +02:00
yoff	e7bb47f335	ruby: add MaD model for permissions needed by actions ... Use this to suggest minimal set of nedded permissions	2025-03-31 16:48:37 +02:00
Tamas Vajk	34e8318797	Rename the CCR query suite to code-quality	2025-03-27 08:36:53 +01:00
Marco Gario	288fcb6092	Update CWE-829 description for clarity	2025-03-26 15:53:20 +01:00
Marco Gario	b1737858fa	UntrustedCheckout: Try and differentiate between two versions of the rule	2025-03-26 12:49:48 +00:00
Marco Gario	29a23a3d20	Update UseOfKnownVulnerableAction.ql ... Name should not end in a `.`	2025-03-26 13:28:34 +01:00
Aditya Sharad	fe7660f396	Merge pull request #19085 from JarLob/nonpriv ... Fix potentially privileged pull request medium query	2025-03-25 20:25:31 +05:30
Jaroslav Lobačevski	fe7d9eeb23	Update actions/ql/lib/change-notes/2025-03-20.md ... Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-03-20 22:01:11 +01:00
Jaroslav Lobačevski	b85d4b590d	move the change note to the correct directory	2025-03-20 20:29:35 +00:00
Jaroslav Lobačevski	5f63fc2048	Fix potentially privileged pull request medium query	2025-03-20 20:23:07 +00:00
Chris Smowton	9a2a13ed55	Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc317-into-main	2025-03-19 16:01:29 +00:00
github-actions[bot]	51cdeefafb	Post-release preparation for codeql-cli-2.20.7	2025-03-17 13:00:41 +00:00
github-actions[bot]	2d64a618e6	Release preparation for version 2.20.7	2025-03-17 12:15:54 +00:00
Aditya Sharad	956b5bf6d6	Actions: Fix typos in query names for env var injection ... This will reflect in the UI titles of existing and new alerts once shipped but should not churn any existing alerts.	2025-03-13 17:02:04 -07:00
Andrew Eisenberg	02051ff7b1	Update the security experimental suite	2025-03-12 11:46:03 -07:00
Andrew Eisenberg	cd63e7cf54	Fix the actions-security-and-quality.qls suite ... It was not using the proper selectors. It is now the same as other quality suites in other languages.	2025-03-12 11:43:59 -07:00
Arthur Baars	b2e0eaf664	Merge pull request #18965 from JarLob/docs ... Minor example workflow fix	2025-03-12 11:17:42 +01:00
Remco Vermeulen	8f603251d7	Add missing dependency ... The query pack has suites that rely on the `codeql/suite-helpers` pack, but doesn't include it as a dependency. This will cause error when resolving suites referring the Actions query pack.	2025-03-10 18:31:01 -07:00
Jaroslav Lobačevski	fa35d6c3ac	Minor example workflow fix	2025-03-10 20:43:16 +00:00
Andrew Eisenberg	2a0e133768	Move UnversionedImmutableAction.ql to experimental ... This query will give too many false positives for users until immutable actions is released.	2025-03-06 15:08:02 -08:00
github-actions[bot]	58f355ae5a	Post-release preparation for codeql-cli-2.20.6	2025-03-03 18:18:15 +00:00
github-actions[bot]	fa850cccb1	Release preparation for version 2.20.6	2025-03-03 17:13:19 +00:00
Chris Smowton	ee08e8b1fb	Merge pull request #18888 from github/dbartol/actions-executable-bit ... Set the executable bit on the scripts in the Actions extractor	2025-03-03 08:53:50 +00:00
Dave Bartolomeo	ac555ff0a3	Set the executable bit on the scripts in the Actions extractor	2025-02-27 20:06:14 +00:00
Dave Bartolomeo	2dde9ab6b9	Move immutable-actions-list pack to codeql org	2025-02-27 12:30:11 -05:00
Dave Bartolomeo	abc174858e	Remove octokit as trusted Actions owner	2025-02-27 12:15:40 -05:00
Dave Bartolomeo	160346f51b	Add warnOnImplicitThis: true	2025-02-27 12:05:00 -05:00
Dave Bartolomeo	4e47da463e	Add change note	2025-02-27 12:04:09 -05:00
Dave Bartolomeo	86c5d9f1cd	Move list of immutable actions into internal model pack for now.	2025-02-27 11:48:27 -05:00
Chris Smowton	4567e02b8c	Regularise extractor pack licenses to all cite the MIT license that covers the whole CodeQL repository	2025-02-20 18:55:55 +00:00
github-actions[bot]	ad24f94a77	Post-release preparation for codeql-cli-2.20.5	2025-02-17 17:58:24 +00:00
github-actions[bot]	6f4562f3bd	Release preparation for version 2.20.5	2025-02-17 16:55:54 +00:00
martincostello	31913c4a55	Fix test ... Fix failing test.	2025-02-14 19:46:46 +00:00
martincostello	f1723321fa	Format Document ... Fix lint warning.	2025-02-14 18:06:00 +00:00
Martin Costello	979d604bf6	Apply suggestions from code review ... Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-02-14 17:21:24 +00:00
martincostello	5d2409e652	Fix query ... Forgot to move the `and`.	2025-02-14 13:36:09 +00:00
martincostello	9a7ed7f3f7	Re-order conditions ... Makes for a neater diff.	2025-02-14 13:35:20 +00:00