Kristen Newbury
5503140318
Merge branch 'main' into knewbury01/adjust-actions-queries-untrusted-checkout-second-iteration
2026-05-21 10:49:36 -04:00
Kristen Newbury
a094a8e460
Fix merge conflicts
2026-05-21 10:48:24 -04:00
Owen Mansel-Chan
2280955136
Merge pull request #21800 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout-critical-alert
...
Actions: Adjust alert location UntrustedCheckoutCritical
2026-05-21 12:40:29 +01:00
Owen Mansel-Chan
ad69cfb721
Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions
...
Align `alphaNumericRegex()` with the documented grouped SHA pattern
2026-05-18 17:35:27 +01:00
Óscar San José
8a199f963d
Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions
...
Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
2026-05-18 12:17:13 +02:00
Kristen Newbury
3eaf04ef72
Fix expected files for changes to alert messages UntrustedCheckoutCritical and UntrustedCheckoutHigh
2026-05-14 15:05:08 -04:00
Owen Mansel-Chan
2067113177
Update expected test output
2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
ef1bde7565
Widen pinned SHA regex to support SHA-256 (64-char hex) and add tests
2026-05-12 22:40:03 +01:00
Kristen Newbury
3f44a23cf2
Adjust alert location UntrustedCheckoutCritical
2026-05-05 13:35:52 -04:00
Óscar San José
e598c56c64
update and fix tests
2026-04-20 12:38:06 +02:00
Jeroen Ketema
888d392040
Merge pull request #21636 from jketema/actions-perm
...
Actions: Correctly check reusable workflow permissions in `actions/missing-workflow-permissions`
2026-04-10 15:02:36 +02:00
copilot-swe-agent[bot]
ec12035ac2
Extend unpinned-tag query to scan composite action metadata
...
Agent-Logs-Url: https://github.com/github/codeql/sessions/c52790be-00f6-4250-b46b-38c05365ddd7
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com >
2026-04-10 11:20:36 +00:00
Kristen Newbury
7b7411f7df
Change alert location CWE-829/ArtifactPoisoning queries
2026-04-08 08:57:45 -04:00
Kristen Newbury
41714656ec
Adjust alert messages actions CWE-829
2026-04-02 11:58:58 -04:00
Jeroen Ketema
47409d1c59
Actions: Update expected test results
2026-04-02 15:43:49 +02:00
Jeroen Ketema
5866bcc881
Actions: Add FP test for actions/missing-workflow-permissions
2026-04-02 15:41:41 +02:00
Chris Smowton
9018401722
Add test
2026-01-23 15:37:40 +00:00
Chris Smowton
6c2e0f7658
Move library tests into subdirectory
2026-01-23 15:35:25 +00:00
Owen Mansel-Chan
f6bdb3a126
Fix filtering of code injection alerts between medium and critical
2025-12-04 16:50:34 +00:00
Owen Mansel-Chan
e2acd1b668
Add test with push and workflow_dispatch triggers
...
This is based on push.yml, and it should still be found by
actions/code-injection/medium, but it isn't.
2025-12-04 16:50:33 +00:00
Henry Mercer
5310469d69
Actions: Update SecretExfiltration output for typo fix
2025-10-14 11:33:01 +01:00
Adnan Khan
07598e8b62
Add test results.
2025-07-11 05:59:13 +00:00
AdnaneKhan
1b794e056a
Add extra test suggested by @Napalys
2025-07-10 12:24:36 -04:00
Adnan Khan
e40e4c3856
Remove unneeded test file.
2025-07-09 23:06:18 -04:00
Adnan Khan
db954d6d9f
Merge branch 'main' into patch-1
2025-07-08 23:31:35 -07:00
Jaroslav Lobačevski
9393181c4e
Add tests and path normalization fix to handle $ expansion
2025-07-08 16:18:12 +00:00
AdnaneKhan
5d6a5d5cbb
Add change notes and test workflow file.
2025-07-08 10:35:39 -04:00
Aditya Sharad
2ecbecbd4b
Actions: Add stress test for complex command and string interpolation
...
Anonymised version of a customer report that led to
performance bottlenecks in Bash parsing.
No results are expected from both query and library tests.
2025-06-09 09:29:15 -07:00
Neil Mendum
1a1c9b4ea4
actions: add some missing permissions
2025-05-14 17:28:54 +01:00
yoff
80ae8794f5
actions: update test expectations
2025-04-01 17:07:57 +02:00
yoff
bd7c684c6c
actions: add test with empty permissions
2025-04-01 17:06:32 +02:00
yoff
e7bb47f335
ruby: add MaD model for permissions needed by actions
...
Use this to suggest minimal set of nedded permissions
2025-03-31 16:48:37 +02:00
Jaroslav Lobačevski
5f63fc2048
Fix potentially privileged pull request medium query
2025-03-20 20:23:07 +00:00
Andrew Eisenberg
2a0e133768
Move UnversionedImmutableAction.ql to experimental
...
This query will give too many false positives for users until
immutable actions is released.
2025-03-06 15:08:02 -08:00
Dave Bartolomeo
2dde9ab6b9
Move immutable-actions-list pack to codeql org
2025-02-27 12:30:11 -05:00
Dave Bartolomeo
86c5d9f1cd
Move list of immutable actions into internal model pack for now.
2025-02-27 11:48:27 -05:00
martincostello
31913c4a55
Fix test
...
Fix failing test.
2025-02-14 19:46:46 +00:00
Martin Costello
9a29cebe58
Fix docker SHA false positive
...
Fix false positives for pinned Docker container images.
2025-02-14 12:35:55 +00:00
Dave Bartolomeo
42562b5187
Merge pull request #18704 from github/dbartol/actions-suites
...
Actions: Move experimental queries to `experimental` directory
2025-02-07 10:03:31 -05:00
Dave Bartolomeo
e2ab65ea3e
Update qlref paths
2025-02-06 11:20:19 -05:00
Asger F
4ec84e9327
Actions: update expected output
2025-02-05 13:36:38 +01:00
Asger F
e6b5040909
Actions: add test with many quoted strings
2025-02-05 13:35:50 +01:00
Asger F
16634e6dc9
Merge pull request #18540 from JarLob/bash
...
Actions: Improve bash support
2025-01-28 09:49:58 +01:00
Jaroslav Lobačevski
ab20625b8f
Fix the upper bound of the range
2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski
83d13c6f20
Fix lower range for known vulnerable actions
2025-01-22 17:30:19 +01:00
Jaroslav Lobačevski
6d94168ad9
gh view
2025-01-21 17:15:41 +00:00
Jaroslav Lobačevski
88529d42d0
Remove comparison
2025-01-20 16:28:35 +00:00
Jaroslav Lobačevski
da9d612a47
Improve bash support
2025-01-20 14:59:30 +00:00
Óscar San José
b39bfdbb04
Upgrade workflows to ubuntu-24
2025-01-17 11:22:15 +01:00
Dave Bartolomeo
8b132274b5
Revert "Accept DB consistency check for now"
...
This reverts commit dba6f0bb9f
2024-12-19 09:47:42 -05:00
