hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,555 Commits 1,758 Branches 168 Tags
3cdb7b5b508032befea68bd685e463edb4e994ce
Commit Graph

363 Commits

Author SHA1 Message Date
Owen Mansel-Chan
2280955136 Merge pull request #21800 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout-critical-alert 
Actions: Adjust alert location UntrustedCheckoutCritical
 2026-05-21 12:40:29 +01:00
Owen Mansel-Chan
ad69cfb721 Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions 
Align `alphaNumericRegex()` with the documented grouped SHA pattern
 2026-05-18 17:35:27 +01:00
Óscar San José
8a199f963d Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions 
Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
 2026-05-18 12:17:13 +02:00
Owen Mansel-Chan
b49b8ff6bd Give slightly more detail in change note 2026-05-13 13:47:53 +01:00
Owen Mansel-Chan
ea29986c4f Fix non-US english by using "parentheses" instead of "brackets" 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
f58268064e Add change note for alphanumeric regex change 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
2067113177 Update expected test output 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
562f415f64 Tidy Bash alphaNumericRegex comment spacing 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
0620d348b2 Update Bash alphaNumericRegex to match grouped quantified forms 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
48b1dad959 Add change note for SHA-256 pinned actions support 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
ef1bde7565 Widen pinned SHA regex to support SHA-256 (64-char hex) and add tests 2026-05-12 22:40:03 +01:00
Paolo Tranquilli
f9e42ac443 Merge pull request #21794 from github/post-release-prep/codeql-cli-2.25.4 
Post-release preparation for codeql-cli-2.25.4
 2026-05-07 14:43:24 +02:00
Owen Mansel-Chan
e6f587e761 Merge pull request #21715 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout 
Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries
 2026-05-06 11:52:30 +01:00
Kristen Newbury
3f44a23cf2 Adjust alert location UntrustedCheckoutCritical 2026-05-05 13:35:52 -04:00
Kristen Newbury
6a8f9a950c Fix unit test expected file 2026-05-05 13:27:09 -04:00
github-actions[bot]
7610277199 Post-release preparation for codeql-cli-2.25.4 2026-05-05 10:10:06 +00:00
github-actions[bot]
88e1d86c27 Release preparation for version 2.25.4 2026-05-05 09:34:30 +00:00
Kristen Newbury
f9f1349a0d Undo larger change in this PR 2026-05-04 16:50:55 -04:00
Kristen Newbury
39b6cf9468 Address review comments 2026-05-04 16:47:44 -04:00
Kristen Newbury
b0bc0fdd61 Adjust changenotes actions queries 2026-04-30 12:28:06 -04:00
Kristen Newbury
4fd02220c7 Update help files CWE-829/UntrustedCheckoutX 2026-04-30 10:50:06 -04:00
github-actions[bot]
a0bab539bb Post-release preparation for codeql-cli-2.25.3 2026-04-20 12:40:34 +00:00
copilot-swe-agent[bot]
b2046034f1 Update UnpinnedActionsTag query metadata scope 
Agent-Logs-Url: https://github.com/github/codeql/sessions/5425ff86-b998-4c7b-9447-52c8ae74a7a2

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-04-20 11:01:57 +00:00
Óscar San José
ca68274ec3 Add changelog 2026-04-20 12:43:25 +02:00
Óscar San José
e598c56c64 update and fix tests 2026-04-20 12:38:06 +02:00
Michael B. Gale
34b5dcfd5f Improve wording of actions note 2026-04-20 11:40:32 +02:00
github-actions[bot]
c861d99802 Release preparation for version 2.25.3 2026-04-20 09:27:23 +00:00
Paolo Tranquilli
5342cc79fb Merge pull request #21574 from github/redsun82/actions/remove-harden-runner-false-positive 
Remove false positive injection sink models for `docker/build-push-action` and `step-security/harden-runner`
 2026-04-17 09:43:45 +02:00
Kristen Newbury
81532c7ce6 Fix outstanding expected file 2026-04-16 11:37:03 -04:00
Kristen Newbury
ed4e2bc5b9 Improve formatting helpfiles 2026-04-15 16:29:57 -04:00
Kristen Newbury
589e1e5c19 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:27:06 -04:00
Kristen Newbury
c9e5dbda78 Update actions/ql/lib/ext/config/poisonable_steps.yml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 16:26:38 -04:00
Kristen Newbury
a342efca0e Revert accidental change 2026-04-15 16:12:52 -04:00
Kristen Newbury
1233d81523 Improve actions/ql/src/Security/CWE-829/UntrustedCheckoutX queries 2026-04-15 14:11:17 -04:00
Henry Mercer
43c9b95e6f Merge branch 'main' into post-release-prep/codeql-cli-2.25.2 2026-04-14 13:56:52 +01:00
Jeroen Ketema
888d392040 Merge pull request #21636 from jketema/actions-perm 
Actions: Correctly check reusable workflow permissions in `actions/missing-workflow-permissions`
 2026-04-10 15:02:36 +02:00
copilot-swe-agent[bot]
ec12035ac2 Extend unpinned-tag query to scan composite action metadata 
Agent-Logs-Url: https://github.com/github/codeql/sessions/c52790be-00f6-4250-b46b-38c05365ddd7

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-04-10 11:20:36 +00:00
Kristen Newbury
7b7411f7df Change alert location CWE-829/ArtifactPoisoning queries 2026-04-08 08:57:45 -04:00
github-actions[bot]
242090e0ac Post-release preparation for codeql-cli-2.25.2 2026-04-06 13:49:20 +00:00
github-actions[bot]
4fe2f6d2b4 Release preparation for version 2.25.2 2026-04-06 10:30:38 +00:00
Kristen Newbury
41714656ec Adjust alert messages actions CWE-829 2026-04-02 11:58:58 -04:00
Kristen Newbury
e69e30aa84 Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium] 2026-04-02 11:32:37 -04:00
Jeroen Ketema
87f9b9581e Actions: Add change note 2026-04-02 15:48:45 +02:00
Jeroen Ketema
47409d1c59 Actions: Update expected test results 2026-04-02 15:43:49 +02:00
Jeroen Ketema
74e6d3474d Actions: Correctly check permissions in actions/missing-workflow-permissions 2026-04-02 15:42:45 +02:00
Jeroen Ketema
5866bcc881 Actions: Add FP test for actions/missing-workflow-permissions 2026-04-02 15:41:41 +02:00
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Paolo Tranquilli
e0bc18c228 Add changenote for false positive sink model removals 2026-03-26 09:19:34 +01:00
Paolo Tranquilli
e807545591 Remove false positive docker/build-push-action context sink model 
The `context` input is passed as a single array element through
`docker/actions-toolkit` and `@actions/exec` all the way to
`child_process.spawn()`, which does not perform shell splitting.
No code injection is possible.

Fixes https://github.com/github/codeql/issues/21428
 2026-03-26 09:08:34 +01:00
github-actions[bot]
fb011842c9 Release preparation for version 2.25.1 2026-03-25 23:43:06 +00:00