hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,840 Commits 1,703 Branches 162 Tags
eb93e8ed41c0eecd166cc228bd5e2248bbacfdf9
Commit Graph

142 Commits

Author SHA1 Message Date
Nora Dimitrijević
974d174757 Actions/CodeInjectionQuery 
actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql

actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
 2025-10-28 09:41:24 +01:00
Nora Dimitrijević
62fde8f6e7 Actions/ArgumentInjectionQuery 
actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql

actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
 2025-10-28 09:41:21 +01:00
Nora Dimitrijević
c40223319c Actions/EnvVarInjectionQuery 
actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql

actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
 2025-10-28 09:41:18 +01:00
Nora Dimitrijević
edc72d29d7 Actions/EnvPathInjectionQuery 
actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql

actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
 2025-10-28 09:41:16 +01:00
Nora Dimitrijević
1f53ffbdd7 Actions/ArtifactPoisoningQuery 
actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql

actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
 2025-10-28 09:41:13 +01:00
Nora Dimitrijević
bb10307303 Actions/SecretExfiltrationQuery 
actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql uses source as endpoint
 2025-10-28 09:38:38 +01:00
Nora Dimitrijević
890ca8e7d1 Actions/RequestForgeryQuery 
actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql uses source as endpoint
 2025-10-28 09:38:21 +01:00
Nora Dimitrijević
3fa8259042 Actions/OutputClobberingQuery 
actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql uses source as endpoint
 2025-10-28 09:38:01 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Michael Nebel
a9baf34629 Merge pull request #20324 from michaelnebel/actions/ql4ql 
Actions: Fix some Ql4Ql violations.
 2025-09-03 12:29:06 +02:00
Arthur Baars
0bb7fdccf6 Merge pull request #20347 from github/post-release-prep/codeql-cli-2.23.0 
Post-release preparation for codeql-cli-2.23.0
 2025-09-02 14:14:03 +02:00
github-actions[bot]
e8a2600a0c Post-release preparation for codeql-cli-2.23.0 2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b Release preparation for version 2.23.0 2025-09-02 11:09:32 +00:00
Michael Nebel
64f9758c29 Actions: Fix some Ql4Ql violations. 2025-09-01 14:45:00 +02:00
Anders Schack-Mulligen
144e34c669 Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs. 2025-09-01 13:43:32 +02:00
Anders Schack-Mulligen
92fcda3cc7 Actions: Use shared SuccessorType. 2025-09-01 12:56:08 +02:00
github-actions[bot]
42e3d31c49 Post-release preparation for codeql-cli-2.22.4 2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8 Release preparation for version 2.22.4 2025-08-18 14:06:09 +00:00
Nora Dimitrijević
126d24a522 [DIFF-INFORMED] Actions: EnvVarInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46
 2025-08-15 11:11:12 +02:00
Nora Dimitrijević
f1445eb52f [DIFF-INFORMED] Actions: EnvPathInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37
 2025-08-15 11:11:07 +02:00
Nora Dimitrijević
f1b995a736 [DIFF-INFORMED] Actions: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28
 2025-08-15 11:11:03 +02:00
Nora Dimitrijević
418e4b4a3a [DIFF-INFORMED] Actions: CodeInjection 
Query: https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql#L46
 2025-08-15 11:10:58 +02:00
Nora Dimitrijević
bbda2902be [DIFF-INFORMED] Actions: ArtifactPoisoning 
Queries:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql#L26
 2025-08-15 11:10:42 +02:00
Nora Dimitrijević
896819fdf3 [DIFF-INFORMED] Actions: ArgumentInjection 
Query:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql#L27
 2025-08-15 11:10:14 +02:00
github-actions[bot]
fb4b0aac53 Post-release preparation for codeql-cli-2.22.3 2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8 Release preparation for version 2.22.3 2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a Post-release preparation for codeql-cli-2.22.2 2025-07-22 14:22:20 +00:00
Nick Rolfe
43d14c28c2 Tweak changenotes 2025-07-22 15:06:09 +01:00
github-actions[bot]
997547b8ef Release preparation for version 2.22.2 2025-07-22 14:04:14 +00:00
Nick Rolfe
825c813095 Revert "Release preparation for version 2.22.2" 2025-07-22 14:33:45 +01:00
Nick Rolfe
74cd982aca Tweak changenotes 2025-07-22 09:51:52 +01:00
github-actions[bot]
c8632b70b7 Release preparation for version 2.22.2 2025-07-21 16:45:45 +00:00
Nick Rolfe
ad9b637bec Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" 
This reverts commit e5b4a15e35, reversing
changes made to 33e63109bb.
 2025-07-21 15:18:59 +01:00
AdnaneKhan
6ac0f0e031 Fix change note filename. 2025-07-11 12:11:58 -04:00
Adnan Khan
7be938c6c3 Handle multiple whitespaces in runner temp regex. 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-10 12:22:14 -04:00
Adnan Khan
db954d6d9f Merge branch 'main' into patch-1 2025-07-08 23:31:35 -07:00
Jaroslav Lobačevski
9393181c4e Add tests and path normalization fix to handle $ expansion 2025-07-08 16:18:12 +00:00
AdnaneKhan
5d6a5d5cbb Add change notes and test workflow file. 2025-07-08 10:35:39 -04:00
Adnan Khan
f4f919635a Correctly specify regex. 
Co-authored-by: Jaroslav Lobačevski <jarlob@github.com>
 2025-07-08 10:17:29 -04:00
github-actions[bot]
24a0ac1223 Post-release preparation for codeql-cli-2.22.2 2025-07-07 18:15:04 +00:00
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
fc61910df1 Actions: mass-add none() location overrides 2025-06-17 17:00:19 +02:00
Nora Dimitrijević
f2bd454e99 Actions: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18346 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 19:10:11 +02:00