hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,634 Commits 1,773 Branches 168 Tags
2d581504f7b8dfd4b5aaa4ed72af023f20600f2e
Commit Graph

376 Commits

Author SHA1 Message Date
Óscar San José
996e79131e Merge branch 'main' into post-release-prep/codeql-cli-2.25.5 2026-05-22 16:32:30 +02:00
Kristen Newbury
5503140318 Merge branch 'main' into knewbury01/adjust-actions-queries-untrusted-checkout-second-iteration 2026-05-21 10:49:36 -04:00
Kristen Newbury
a094a8e460 Fix merge conflicts 2026-05-21 10:48:24 -04:00
Kristen Newbury
2f8c0df537 Address review feedback 2026-05-21 10:40:52 -04:00
Owen Mansel-Chan
2280955136 Merge pull request #21800 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout-critical-alert 
Actions: Adjust alert location UntrustedCheckoutCritical
 2026-05-21 12:40:29 +01:00
Kristen Newbury
bfc6deeb9b Adjust wording helpfiles UntrustedCheckoutX all three files 2026-05-19 10:19:00 -04:00
Kristen Newbury
0a876583e5 Adjust name UntrustedCheckoutHigh wording trusted to privileged 2026-05-19 10:12:04 -04:00
Owen Mansel-Chan
ad69cfb721 Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions 
Align `alphaNumericRegex()` with the documented grouped SHA pattern
 2026-05-18 17:35:27 +01:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
Óscar San José
8a199f963d Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions 
Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
 2026-05-18 12:17:13 +02:00
Kristen Newbury
3eaf04ef72 Fix expected files for changes to alert messages UntrustedCheckoutCritical and UntrustedCheckoutHigh 2026-05-14 15:05:08 -04:00
Kristen Newbury
914c7e1a7b Improve UntrustedCheckoutX helpfiles 2026-05-14 13:34:59 -04:00
Kristen Newbury
29ffd87bf8 Add full stop to alert messages in UntrustedCheckoutHigh and UntrustedCheckoutCritical 2026-05-14 12:58:20 -04:00
Kristen Newbury
eae9c0ef0e Add one missing changenote actions-queries-untrusted-checkout 2026-05-14 12:06:55 -04:00
Kristen Newbury
c36ad7be37 Adjust untrusted checkout actions queries 2026-05-14 11:59:55 -04:00
Owen Mansel-Chan
b49b8ff6bd Give slightly more detail in change note 2026-05-13 13:47:53 +01:00
Owen Mansel-Chan
ea29986c4f Fix non-US english by using "parentheses" instead of "brackets" 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
f58268064e Add change note for alphanumeric regex change 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
2067113177 Update expected test output 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
562f415f64 Tidy Bash alphaNumericRegex comment spacing 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
0620d348b2 Update Bash alphaNumericRegex to match grouped quantified forms 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
48b1dad959 Add change note for SHA-256 pinned actions support 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
ef1bde7565 Widen pinned SHA regex to support SHA-256 (64-char hex) and add tests 2026-05-12 22:40:03 +01:00
Paolo Tranquilli
f9e42ac443 Merge pull request #21794 from github/post-release-prep/codeql-cli-2.25.4 
Post-release preparation for codeql-cli-2.25.4
 2026-05-07 14:43:24 +02:00
Owen Mansel-Chan
e6f587e761 Merge pull request #21715 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout 
Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries
 2026-05-06 11:52:30 +01:00
Kristen Newbury
3f44a23cf2 Adjust alert location UntrustedCheckoutCritical 2026-05-05 13:35:52 -04:00
Kristen Newbury
6a8f9a950c Fix unit test expected file 2026-05-05 13:27:09 -04:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
Kristen Newbury
f9f1349a0d Undo larger change in this PR 2026-05-04 16:50:55 -04:00
Kristen Newbury
39b6cf9468 Address review comments 2026-05-04 16:47:44 -04:00
Kristen Newbury
b0bc0fdd61 Adjust changenotes actions queries 2026-04-30 12:28:06 -04:00
Kristen Newbury
4fd02220c7 Update help files CWE-829/UntrustedCheckoutX 2026-04-30 10:50:06 -04:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
copilot-swe-agent[bot]
b2046034f1 Update UnpinnedActionsTag query metadata scope 
Agent-Logs-Url: https://github.com/github/codeql/sessions/5425ff86-b998-4c7b-9447-52c8ae74a7a2

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-04-20 11:01:57 +00:00
Óscar San José
ca68274ec3 Add changelog 2026-04-20 12:43:25 +02:00
Óscar San José
e598c56c64 update and fix tests 2026-04-20 12:38:06 +02:00
Michael B. Gale
34b5dcfd5f Improve wording of actions note 2026-04-20 11:40:32 +02:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Paolo Tranquilli
5342cc79fb Merge pull request #21574 from github/redsun82/actions/remove-harden-runner-false-positive 
Remove false positive injection sink models for `docker/build-push-action` and `step-security/harden-runner`
 2026-04-17 09:43:45 +02:00
Kristen Newbury
81532c7ce6 Fix outstanding expected file 2026-04-16 11:37:03 -04:00
Kristen Newbury
ed4e2bc5b9 Improve formatting helpfiles 2026-04-15 16:29:57 -04:00
Kristen Newbury
589e1e5c19 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:27:06 -04:00
Kristen Newbury
c9e5dbda78 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:26:38 -04:00
Kristen Newbury
a342efca0e Revert accidental change 2026-04-15 16:12:52 -04:00
Kristen Newbury
1233d81523 Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries 2026-04-15 14:11:17 -04:00
Henry Mercer
43c9b95e6f Merge branch 'main' into post-release-prep/codeql-cli-2.25.2 2026-04-14 13:56:52 +01:00
Jeroen Ketema
888d392040 Merge pull request #21636 from jketema/actions-perm 
Actions: Correctly check reusable workflow permissions in `actions/missing-workflow-permissions`
 2026-04-10 15:02:36 +02:00
copilot-swe-agent[bot]
ec12035ac2 Extend unpinned-tag query to scan composite action metadata 
Agent-Logs-Url: https://github.com/github/codeql/sessions/c52790be-00f6-4250-b46b-38c05365ddd7

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-04-10 11:20:36 +00:00