hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,671 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

155 Commits

Author SHA1 Message Date
github-actions[bot]
2e0699ab2b Post-release preparation for codeql-cli-2.21.2 2025-04-28 14:03:28 +00:00
github-actions[bot]
625354c46e Release preparation for version 2.21.2 2025-04-28 10:55:22 +00:00
Nick Rolfe
b61a87a2a3 Update integration test to match update to security-and-quality suite 2025-04-28 11:26:07 +01:00
Nick Rolfe
70a3fe3e33 Add YAML front matter to change note 2025-04-28 10:09:33 +01:00
Aditya Sharad
d4b083b5c0 Merge pull request #19376 from adityasharad/actions/exclude-model-generator-queries 
Actions: Exclude model-generator queries from query suites
 2025-04-25 20:03:32 +05:30
Tamas Vajk
a4a24470c8 Add query suite inclusion tests for actions, csharp, go, javascript, ruby, rust 2025-04-25 14:06:17 +02:00
Aditya Sharad
b197de8db4 Actions: Add change note for removing model ggenerator queries 2025-04-24 14:21:04 -07:00
Aditya Sharad
05243bd855 Actions: Fix query ID for reusable workflow sinks query 2025-04-24 14:20:47 -07:00
Ian Lynagh
bdd3207752 Merge branch 'main' into post-release-prep/codeql-cli-2.21.1 2025-04-16 11:54:23 +01:00
Aditya Sharad
4952768569 Actions: Fix change note newline 2025-04-15 10:21:54 -07:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
Ian Lynagh
2409bcc0d6 Merge pull request #19301 from github/release-prep/2.21.1 
Release preparation for version 2.21.1
 2025-04-15 16:52:54 +01:00
Ian Lynagh
b75e0ed02e actions: Fix spelling error in UnmaskedSecretExposure.md 
Corrects "know" to "known" in the description of the UnmaskedSecretExposure document.
 2025-04-15 14:25:39 +01:00
Aditya Sharad
f9103f8ddc Actions: Add change note for missing severity 2025-04-14 14:48:43 -07:00
Aditya Sharad
6eb060f16a Actions: Add security-severity to excessive secrets exposure query 
Same value as missing actions permissions,
both providing warnings to follow the
principle of least privilege within a
workflow.
 2025-04-14 14:41:08 -07:00
Aditya Sharad
93fbb9fe61 Actions: Update description of missing permissions query 2025-04-14 14:39:31 -07:00
Aditya Sharad
eeb938a76d Docs: Minor fixes for Actions query help 2025-04-14 13:25:54 -07:00
github-actions[bot]
b961c5961d Release preparation for version 2.21.1 2025-04-14 09:53:06 +00:00
Aditya Sharad
30ce0c5cbf Actions: Add integration tests for configured path filters 
Use the common structure from the existing test
for default filters.

Check both query output finding workflows and actions,
and source archive output showing all extracted YAML files.

The test for only `paths-ignore` fails in this commit,
demonstrating a bug: we start with all YAML files
rather than starting with the default includes.

The tests for `paths` reflect current behaviour
which is consistent with other languages:
`paths` overrides the default inclusions,
and only files under `paths` are included.

This may not be the best user experience for Actions,
since we want to scan all workflow and action files
even in the presence of `paths`, but that is not
currently addressed.
 2025-04-10 11:17:51 -07:00
Aditya Sharad
bd3342af8a Actions: Update integration test for default filters 
Create a common file structure to be shared among multiple tests
for path filters, and rename accordingly.
Update test expectations with additional files.
Use pytest markers to indicate the expected outputs.

Add source archive checking in addition to checking query output.
This allows us to test which YAML files were extracted
separately from whether they are semantically meaningful
to the Actions analysis.
 2025-04-09 20:59:42 -07:00
Aditya Sharad
0bb4ab950f Actions: Add integration test for default filter behaviour 
Include a reachable workflow, and several unreachable workflow files.
Include action metadata files at various depths, all reachable.
This test exercises the default filters when the user doesn't
specify paths/paths-ignore.
 2025-04-07 17:14:53 -07:00
Aditya Sharad
d31896bf52 Merge pull request #19166 from yoff/actions/add-actions-permissions-MaD-model 
actions: add MaD model for permissions needed by actions
 2025-04-03 01:24:04 +05:30
yoff
c18529086a actions: add change note 2025-04-02 08:50:05 +02:00
yoff
7bf4a47549 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-04-02 08:43:29 +02:00
yoff
80ae8794f5 actions: update test expectations 2025-04-01 17:07:57 +02:00
yoff
d83f35ff64 actions: remove unneded API 2025-04-01 17:07:43 +02:00
yoff
6fd8aba560 actions: simplify using existing UsesStep 2025-04-01 17:07:21 +02:00
yoff
ee1eb199b5 actions: add description of actionsPermissionsDataModel 2025-04-01 17:07:02 +02:00
yoff
bd7c684c6c actions: add test with empty permissions 2025-04-01 17:06:32 +02:00
Arthur Baars
0e23b86bf5 Merge pull request #19182 from github/post-release-prep/codeql-cli-2.21.0 
Post-release preparation for codeql-cli-2.21.0
 2025-04-01 15:12:29 +02:00
Marco Gario
d33ce423d8 Update UntrustedCheckoutCritical.ql 2025-04-01 13:58:37 +02:00
yoff
3cdd641b81 actions: fix typo 2025-04-01 13:43:00 +02:00
github-actions[bot]
10205cb990 Post-release preparation for codeql-cli-2.21.0 2025-04-01 11:30:43 +00:00
yoff
1ec3e8712b Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-04-01 13:18:30 +02:00
Marco Gario
c0d7288696 Merge branch 'main' into marcogario-patch-1 2025-04-01 10:59:03 +02:00
Andrew Eisenberg
70150eea9a Merge branch 'main' into marcogario/untrusted_checkout_name 2025-03-31 13:54:17 -07:00
Marco Gario
820dacd151 Merge branch 'main' into marcogario-patch-1 2025-03-31 20:42:12 +02:00
Marco Gario
8737acb6a9 Update actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2025-03-31 20:42:03 +02:00
github-actions[bot]
84f6564cc0 Release preparation for version 2.21.0 2025-03-31 17:35:15 +00:00
Arthur Baars
bcd038c291 Actions: rename changenote file 2025-03-31 18:14:44 +02:00
yoff
e7bb47f335 ruby: add MaD model for permissions needed by actions 
Use this to suggest minimal set of nedded permissions
 2025-03-31 16:48:37 +02:00
Tamas Vajk
34e8318797 Rename the CCR query suite to code-quality 2025-03-27 08:36:53 +01:00
Marco Gario
288fcb6092 Update CWE-829 description for clarity 2025-03-26 15:53:20 +01:00
Marco Gario
b1737858fa UntrustedCheckout: Try and differentiate between two versions of the rule 2025-03-26 12:49:48 +00:00
Marco Gario
29a23a3d20 Update UseOfKnownVulnerableAction.ql 
Name should not end in a `.`
 2025-03-26 13:28:34 +01:00
Aditya Sharad
fe7660f396 Merge pull request #19085 from JarLob/nonpriv 
Fix potentially privileged pull request medium query
 2025-03-25 20:25:31 +05:30
Jaroslav Lobačevski
fe7d9eeb23 Update actions/ql/lib/change-notes/2025-03-20.md 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-03-20 22:01:11 +01:00
Jaroslav Lobačevski
b85d4b590d move the change note to the correct directory 2025-03-20 20:29:35 +00:00
Jaroslav Lobačevski
5f63fc2048 Fix potentially privileged pull request medium query 2025-03-20 20:23:07 +00:00
Chris Smowton
9a2a13ed55 Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc317-into-main 2025-03-19 16:01:29 +00:00