294 Commits

Author	SHA1	Message	Date
martincostello	99bb0f0b4f	Use if then else ... Apply code review suggestion. Co-Authored-By: Taus <1104778+tausbn@users.noreply.github.com>	2025-02-14 13:30:55 +00:00
martincostello	cf8abb7989	Add change note ... Add change note.	2025-02-14 13:27:36 +00:00
martincostello	71bc89beda	Fix query ... Fix various issues with the query.	2025-02-14 12:59:02 +00:00
Martin Costello	9a29cebe58	Fix docker SHA false positive ... Fix false positives for pinned Docker container images.	2025-02-14 12:35:55 +00:00
Dave Bartolomeo	0b2e307f9a	Merge pull request #18705 from github/dbartol/actions-suite-selectors ... Use default query selectors for Actions suites	2025-02-07 14:06:00 -05:00
Dave Bartolomeo	0e4725bfe2	Merge pull request #18435 from felickz/felickz/actions-trusted-owner-data-extensions ... Convert trusted actions list to data extension	2025-02-07 10:25:41 -05:00
Dave Bartolomeo	3b02f4d7bc	Update change note	2025-02-07 10:09:31 -05:00
Dave Bartolomeo	42562b5187	Merge pull request #18704 from github/dbartol/actions-suites ... Actions: Move experimental queries to `experimental` directory	2025-02-07 10:03:31 -05:00
Chad Bentz	fd404bcbcd	Update actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md ... Co-authored-by: Dave Bartolomeo <dbartol@github.com>	2025-02-06 14:28:07 -05:00
Dave Bartolomeo	ca7bcc9714	Add change note	2025-02-06 11:50:59 -05:00
Dave Bartolomeo	cb7aeea516	Use standard query selectors for actions-code-scanning and actions-security-extended	2025-02-06 11:34:43 -05:00
Dave Bartolomeo	74619d49b3	Update precision and severity for unpinned-tag ... This ensures that it will be in `security-extended`, but not the default suite.	2025-02-06 11:33:17 -05:00
Dave Bartolomeo	81ff4dd81c	Update severity for excessive-secrets-exposure ... This ensures that it will remain in the default suite.	2025-02-06 11:32:32 -05:00
Dave Bartolomeo	d7259c17db	Add security tag for missing-actions-permissions ... This ensures that it will remain in the default suite.	2025-02-06 11:31:36 -05:00
Dave Bartolomeo	909de5280c	Update severity and precision of a few injection queries ... These will wind up in `security-extended`, when previously they were not in any of the standard suites.	2025-02-06 11:30:43 -05:00
Dave Bartolomeo	e2ab65ea3e	Update qlref paths	2025-02-06 11:20:19 -05:00
Dave Bartolomeo	604dbfd0d0	Actions: Move experimental to experimental directory ... This is consistent with how other languages manage experimental queries. I've left the `experimental` tags in place.	2025-02-06 10:54:25 -05:00
Asger F	83ccdb76ed	Merge pull request #18686 from asgerf/ac/bash-quotation-oom ... Actions: avoid N^2 parsing in common cases	2025-02-06 09:59:23 +01:00
Asger F	4ec84e9327	Actions: update expected output	2025-02-05 13:36:38 +01:00
Asger F	1904b026b2	Actions: Avoid blowup in quotation parser ... The parser has an inherent N^2 blowup and will need a rewrite eventually. For now I'm just trying to make it not blow up as often.	2025-02-05 13:35:52 +01:00
Asger F	e6b5040909	Actions: add test with many quoted strings	2025-02-05 13:35:50 +01:00
Remco Vermeulen	9894e9ef9f	Add CCR suites	2025-02-05 01:58:34 +00:00
github-actions[bot]	f1b05a79a4	Post-release preparation for codeql-cli-2.20.4	2025-02-04 09:25:09 +00:00
github-actions[bot]	573e53e454	Release preparation for version 2.20.4	2025-02-03 15:19:35 +00:00
Asger F	16634e6dc9	Merge pull request #18540 from JarLob/bash ... Actions: Improve bash support	2025-01-28 09:49:58 +01:00
Jaroslav Lobačevski	9521467a06	Update actions/ql/lib/codeql/actions/Bash.qll ... Co-authored-by: Asger F <asgerf@github.com>	2025-01-24 12:59:41 +01:00
Simon Friis Vindum	a6cd53eeb8	Merge pull request #18497 from paldepind/shared-basic-block-library ... Add shared basic block library	2025-01-24 10:49:33 +01:00
Rasmus Wriedt Larsen	bafed4e098	Merge pull request #18560 from JarLob/downloadartifact ... Actions: Fix version range for known vulnerable actions	2025-01-24 10:39:53 +01:00
Simon Friis Vindum	e13a7a224f	Merge branch 'main' into shared-basic-block-library	2025-01-24 09:54:26 +01:00
Jaroslav Lobačevski	329ed5223a	Update actions/ql/lib/change-notes/2025-01-22-version.md ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2025-01-23 10:25:58 +01:00
Jaroslav Lobačevski	e242190e04	Fix rlespinasse/github-slug-action upper bound	2025-01-22 22:22:21 +00:00
Dave Bartolomeo	1c9d7b3402	Add powershell versions	2025-01-22 12:23:58 -05:00
Michael Recachinas	661e9da799	Add comment for why we're adding reusable workflows to the autobuild script	2025-01-22 12:11:51 -05:00
Michael Recachinas	7c12da4f48	Include reusable workflows directories in autobuild script	2025-01-22 12:07:01 -05:00
Jaroslav Lobačevski	ab20625b8f	Fix the upper bound of the range	2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski	55df2b4302	Change notes	2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski	83d13c6f20	Fix lower range for known vulnerable actions	2025-01-22 17:30:19 +01:00
Michael Recachinas	b2de1e9b9e	Change includes paths in autobuild.sh	2025-01-22 11:25:21 -05:00
Óscar San José	ebb10e3318	Merge pull request #18525 from github/oscarsj/upgrade-workflows-to-ubuntu24 ... Upgrade workflows to ubuntu-24	2025-01-22 16:50:48 +01:00
Jaroslav Lobačevski	6d94168ad9	gh view	2025-01-21 17:15:41 +00:00
github-actions[bot]	fbb7f0a0c6	Post-release preparation for codeql-cli-2.20.2	2025-01-20 21:11:14 +00:00
github-actions[bot]	a0512a50f2	Release preparation for version 2.20.2	2025-01-20 21:11:12 +00:00
Jaroslav Lobačevski	88529d42d0	Remove comparison	2025-01-20 16:28:35 +00:00
Jaroslav Lobačevski	facceb6c2d	Change note	2025-01-20 15:08:12 +00:00
Jaroslav Lobačevski	da9d612a47	Improve bash support	2025-01-20 14:59:30 +00:00
docs-bot	8b5bed1a46	Add actions-security-experimental.qls	2025-01-17 09:47:44 -05:00
Simon Friis Vindum	53b63bed00	Actions: Implement added predicates in CFG instantiation	2025-01-17 13:31:00 +01:00
Óscar San José	b39bfdbb04	Upgrade workflows to ubuntu-24	2025-01-17 11:22:15 +01:00
Chad Bentz	1a4c2058a0	codeql query format	2025-01-09 19:39:06 -05:00
Chad Bentz	f413c4f467	Remove codeql config references from query doc	2025-01-09 19:32:06 -05:00