hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,247 Commits 1,693 Branches 160 Tags
e8a2600a0ca34ab3440813eb54f4811db2e7bd63
Commit Graph

123 Commits

Author SHA1 Message Date
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
126d24a522 [DIFF-INFORMED] Actions: EnvVarInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46
 2025-08-15 11:11:12 +02:00
Nora Dimitrijević
f1445eb52f [DIFF-INFORMED] Actions: EnvPathInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37
 2025-08-15 11:11:07 +02:00
Nora Dimitrijević
f1b995a736 [DIFF-INFORMED] Actions: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28
 2025-08-15 11:11:03 +02:00
Nora Dimitrijević
418e4b4a3a [DIFF-INFORMED] Actions: CodeInjection 
Query: https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql#L46
 2025-08-15 11:10:58 +02:00
Nora Dimitrijević
bbda2902be [DIFF-INFORMED] Actions: ArtifactPoisoning 
Queries:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql#L26
 2025-08-15 11:10:42 +02:00
Nora Dimitrijević
896819fdf3 [DIFF-INFORMED] Actions: ArgumentInjection 
Query:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql#L27
 2025-08-15 11:10:14 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
AdnaneKhan
6ac0f0e031 Fix change note filename. 2025-07-11 12:11:58 -04:00
Adnan Khan
7be938c6c3 Handle multiple whitespaces in runner temp regex. 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-10 12:22:14 -04:00
Adnan Khan
db954d6d9f Merge branch 'main' into patch-1 2025-07-08 23:31:35 -07:00
Jaroslav Lobačevski
9393181c4e Add tests and path normalization fix to handle $ expansion 2025-07-08 16:18:12 +00:00
AdnaneKhan
5d6a5d5cbb Add change notes and test workflow file. 2025-07-08 10:35:39 -04:00
Adnan Khan
f4f919635a Correctly specify regex. 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2025-07-08 10:17:29 -04:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
fc61910df1 Actions: mass-add none() location overrides 2025-06-17 17:00:19 +02:00
Nora Dimitrijević
f2bd454e99 Actions: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18346 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 19:10:11 +02:00
Aditya Sharad
d659d40d58 Merge pull request #19701 from adityasharad/actions/bash-parsing-ranking-performance 
Actions: Improve Bash parsing performance on command and string interpolations
 2025-06-11 00:59:19 +05:30
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Aditya Sharad
e48a7da827 Actions: Add change note for Bash parsing fixes 2025-06-09 09:56:41 -07:00
Aditya Sharad
848064e95a Actions: Order quoted strings by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
quoted string within a shell script block.
Quoted strings are then ranked and referred to individually.

Avoid a performance bottleneck by ranking quoted strings by their
ID, not by their source text.
I think this was the original intent of the code.

Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex quoted strings, such as JSON payloads.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
fbe11cfca6 Actions: Refactor logic for identifying quoted strings 
Add some doc comments and meaningful variable names.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
321513c89b Actions: Order command substitutions by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
command substitution within a shell script block.
Commands are then ranked and referred to individually.

Avoid a performance bottleneck by ranking commands by their
ID, not by their source text.
I think this was the original intent of the code.
Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex command substitutions.
 2025-06-09 08:39:58 -07:00
Aditya Sharad
39e710e805 Actions: Refactor logic for identifying command substitution 
Extract helper predicates for `$(...)` command interpolation
and backtick-quoted commands.
Add some doc comments and meaningful variable names.
 2025-06-09 08:37:40 -07:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Chris Smowton
338d3834c4 Actions: Make Env non-abstract 
`class Env` was previously abstract with no concrete descendants, so user queries like `any(Env e | ...)` would never produce results.

In the JS library the corresponding class derived from `YamlNode` and has concrete descendants representing workflow-, job- and step-level `env` nodes. However these are dubiously useful since you can always just use `any(Step s).getEnv()` to achieve the same result. Since `EnvImpl` already fully characterises an `env` node, I simply make the class concrete.
 2025-06-05 10:21:24 +01:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
yoff
909c1bbcd9 Merge pull request #19494 from neilmendum/actions/more-minimal-permission 
actions: add some missing permissions
 2025-05-23 12:42:10 +02:00
Adnan Khan
aca3d897a2 Merge branch 'main' into patch-1 2025-05-19 08:52:56 -04:00
Neil Mendum
1a1c9b4ea4 actions: add some missing permissions 2025-05-14 17:28:54 +01:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Nick Rolfe
817237ce54 Merge pull request #19441 from github/nickrolfe/mergeback-2.21.2 
Merge back 2.21.2 release branch
 2025-05-01 11:55:29 +01:00
Aditya Sharad
6285c2e502 Actions: Retroactively add GA changenote 
This was manually added in the docs site at the time of 2.21.1 release and GA.
Include the change note in the relevant places so it remains
in future docs updates:
- codeql/actions-queries@0.5.4
- codeql/actions-all@0.4.7
- 2.21.1 changelog
 2025-04-30 16:24:22 -07:00