codeql

mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00

Author	SHA1	Message	Date
Aditya Sharad	6eb060f16a	Actions: Add security-severity to excessive secrets exposure query Same value as missing actions permissions, both providing warnings to follow the principle of least privilege within a workflow.	2025-04-14 14:41:08 -07:00
Aditya Sharad	93fbb9fe61	Actions: Update description of missing permissions query	2025-04-14 14:39:31 -07:00
Aditya Sharad	eeb938a76d	Docs: Minor fixes for Actions query help	2025-04-14 13:25:54 -07:00
Aditya Sharad	d31896bf52	Merge pull request #19166 from yoff/actions/add-actions-permissions-MaD-model actions: add MaD model for permissions needed by actions	2025-04-03 01:24:04 +05:30
yoff	6fd8aba560	actions: simplify using existing `UsesStep`	2025-04-01 17:07:21 +02:00
Marco Gario	d33ce423d8	Update UntrustedCheckoutCritical.ql	2025-04-01 13:58:37 +02:00
yoff	3cdd641b81	actions: fix typo	2025-04-01 13:43:00 +02:00
yoff	1ec3e8712b	Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-04-01 13:18:30 +02:00
Marco Gario	c0d7288696	Merge branch 'main' into marcogario-patch-1	2025-04-01 10:59:03 +02:00
Marco Gario	8737acb6a9	Update actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2025-03-31 20:42:03 +02:00
yoff	e7bb47f335	ruby: add MaD model for permissions needed by actions Use this to suggest minimal set of nedded permissions	2025-03-31 16:48:37 +02:00
Marco Gario	288fcb6092	Update CWE-829 description for clarity	2025-03-26 15:53:20 +01:00
Marco Gario	b1737858fa	UntrustedCheckout: Try and differentiate between two versions of the rule	2025-03-26 12:49:48 +00:00
Marco Gario	29a23a3d20	Update UseOfKnownVulnerableAction.ql Name should not end in a `.`	2025-03-26 13:28:34 +01:00
Aditya Sharad	956b5bf6d6	Actions: Fix typos in query names for env var injection This will reflect in the UI titles of existing and new alerts once shipped but should not churn any existing alerts.	2025-03-13 17:02:04 -07:00
Jaroslav Lobačevski	fa35d6c3ac	Minor example workflow fix	2025-03-10 20:43:16 +00:00
Andrew Eisenberg	2a0e133768	Move UnversionedImmutableAction.ql to experimental This query will give too many false positives for users until immutable actions is released.	2025-03-06 15:08:02 -08:00
martincostello	f1723321fa	Format Document Fix lint warning.	2025-02-14 18:06:00 +00:00
Martin Costello	979d604bf6	Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>	2025-02-14 17:21:24 +00:00
martincostello	5d2409e652	Fix query Forgot to move the `and`.	2025-02-14 13:36:09 +00:00
martincostello	9a7ed7f3f7	Re-order conditions Makes for a neater diff.	2025-02-14 13:35:20 +00:00
martincostello	99bb0f0b4f	Use if then else Apply code review suggestion. Co-Authored-By: Taus <1104778+tausbn@users.noreply.github.com>	2025-02-14 13:30:55 +00:00
martincostello	71bc89beda	Fix query Fix various issues with the query.	2025-02-14 12:59:02 +00:00
Martin Costello	9a29cebe58	Fix docker SHA false positive Fix false positives for pinned Docker container images.	2025-02-14 12:35:55 +00:00
Dave Bartolomeo	0b2e307f9a	Merge pull request #18705 from github/dbartol/actions-suite-selectors Use default query selectors for Actions suites	2025-02-07 14:06:00 -05:00
Dave Bartolomeo	0e4725bfe2	Merge pull request #18435 from felickz/felickz/actions-trusted-owner-data-extensions Convert trusted actions list to data extension	2025-02-07 10:25:41 -05:00
Dave Bartolomeo	74619d49b3	Update precision and severity for `unpinned-tag` This ensures that it will be in `security-extended`, but not the default suite.	2025-02-06 11:33:17 -05:00
Dave Bartolomeo	81ff4dd81c	Update severity for `excessive-secrets-exposure` This ensures that it will remain in the default suite.	2025-02-06 11:32:32 -05:00
Dave Bartolomeo	d7259c17db	Add security tag for `missing-actions-permissions` This ensures that it will remain in the default suite.	2025-02-06 11:31:36 -05:00
Dave Bartolomeo	909de5280c	Update severity and precision of a few injection queries These will wind up in `security-extended`, when previously they were not in any of the standard suites.	2025-02-06 11:30:43 -05:00
Dave Bartolomeo	604dbfd0d0	Actions: Move experimental to `experimental` directory This is consistent with how other languages manage experimental queries. I've left the `experimental` tags in place.	2025-02-06 10:54:25 -05:00
Chad Bentz	f413c4f467	Remove codeql config references from query doc	2025-01-09 19:32:06 -05:00
Chad Bentz	26074bb7fe	Make docs less verbose regarding codeql config + enhance changlog to highlight extensibility	2025-01-09 19:30:02 -05:00
Chad Bentz	6b3098d26c	Add configuration instructions for trusted Action publishers using data extensions	2025-01-07 19:26:18 -05:00
Chad Bentz	3e94a4c2bf	Refactor trusted actions owner model - use existing data extensions config and yml folder - rename from trustedActionsOwner to trustedActionsOwnerDataModel - update related predicates	2025-01-07 17:22:24 -05:00
Chad Bentz	e4cfd97069	Format	2025-01-07 17:01:33 -05:00
Chad Bentz	22e7b9a825	Convert trusted actions list to data extension	2025-01-07 15:35:12 -05:00
Dave Bartolomeo	e9a04b8839	Mark `UnversionedImmutableAction` query as internal	2024-12-20 14:37:32 -05:00
Kylie Stradley	690924f72b	Update actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>	2024-12-20 12:04:42 -05:00
Kylie Stradley	dc705ad623	indicate immutable actions are only available for internal use at this time	2024-12-20 11:19:15 -05:00
Kylie Stradley	2dd3adac51	clarify immutable actions help text	2024-12-20 09:51:51 -05:00
Dave Bartolomeo	7891134a87	Fix formatting	2024-12-18 15:43:53 -05:00
Dave Bartolomeo	ee7680df84	Move into `actions` subdirectory to prepare for migration to `github/codeql`	2024-12-18 14:35:15 -05:00

43 Commits