hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,933 Commits 1,692 Branches 160 Tags
f12daefabe277832400a22e37052f6d9bfb32dc0
Commit Graph

188 Commits

Author SHA1 Message Date
github-actions[bot]
f12daefabe Release preparation for version 2.22.2 2025-07-07 14:00:26 +00:00
Owen Mansel-Chan
2ed451c9e3 Reformat references 2025-06-26 15:20:07 +01:00
Owen Mansel-Chan
10bb88825e Add full stop at the end of each reference 2025-06-26 15:20:06 +01:00
Owen Mansel-Chan
9f0f40d6ce Add "Correct Usage" and "Incorrect Usage" headings 2025-06-26 14:40:49 +01:00
Owen Mansel-Chan
9521994adc Fix format of markdown query help files 2025-06-26 14:40:07 +01:00
github-actions[bot]
6972c7a872 Post-release preparation for codeql-cli-2.22.1 2025-06-24 12:55:14 +00:00
github-actions[bot]
3e074b2425 Release preparation for version 2.22.1 2025-06-24 08:55:31 +00:00
Nora Dimitrijević
699c82a540 Merge pull request #19757 from d10c/d10c/actions/diff-informed-2 
Actions: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`
 2025-06-19 14:19:55 +02:00
Tamas Vajk
e6a9ff08a3 Adjust query-suite integration test expected files 2025-06-18 13:10:34 +02:00
Tamas Vajk
40274dcd69 Add code-quality-extended query suites 2025-06-18 13:10:34 +02:00
Nora Dimitrijević
fc61910df1 Actions: mass-add none() location overrides 2025-06-17 17:00:19 +02:00
Nora Dimitrijević
f2bd454e99 Actions: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18346 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 19:10:11 +02:00
Aditya Sharad
d659d40d58 Merge pull request #19701 from adityasharad/actions/bash-parsing-ranking-performance 
Actions: Improve Bash parsing performance on command and string interpolations
 2025-06-11 00:59:19 +05:30
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Aditya Sharad
e48a7da827 Actions: Add change note for Bash parsing fixes 2025-06-09 09:56:41 -07:00
Aditya Sharad
2ecbecbd4b Actions: Add stress test for complex command and string interpolation 
Anonymised version of a customer report that led to
performance bottlenecks in Bash parsing.
No results are expected from both query and library tests.
 2025-06-09 09:29:15 -07:00
Aditya Sharad
848064e95a Actions: Order quoted strings by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
quoted string within a shell script block.
Quoted strings are then ranked and referred to individually.

Avoid a performance bottleneck by ranking quoted strings by their
ID, not by their source text.
I think this was the original intent of the code.

Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex quoted strings, such as JSON payloads.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
fbe11cfca6 Actions: Refactor logic for identifying quoted strings 
Add some doc comments and meaningful variable names.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
321513c89b Actions: Order command substitutions by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
command substitution within a shell script block.
Commands are then ranked and referred to individually.

Avoid a performance bottleneck by ranking commands by their
ID, not by their source text.
I think this was the original intent of the code.
Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex command substitutions.
 2025-06-09 08:39:58 -07:00
Aditya Sharad
39e710e805 Actions: Refactor logic for identifying command substitution 
Extract helper predicates for `$(...)` command interpolation
and backtick-quoted commands.
Add some doc comments and meaningful variable names.
 2025-06-09 08:37:40 -07:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Chris Smowton
338d3834c4 Actions: Make Env non-abstract 
`class Env` was previously abstract with no concrete descendants, so user queries like `any(Env e | ...)` would never produce results.

In the JS library the corresponding class derived from `YamlNode` and has concrete descendants representing workflow-, job- and step-level `env` nodes. However these are dubiously useful since you can always just use `any(Step s).getEnv()` to achieve the same result. Since `EnvImpl` already fully characterises an `env` node, I simply make the class concrete.
 2025-06-05 10:21:24 +01:00
github-actions[bot]
d2c6875eac Post-release preparation for codeql-cli-2.21.4 2025-05-27 18:16:21 +00:00
github-actions[bot]
bfb91e95e3 Release preparation for version 2.21.4 2025-05-27 17:22:05 +00:00
yoff
909c1bbcd9 Merge pull request #19494 from neilmendum/actions/more-minimal-permission 
actions: add some missing permissions
 2025-05-23 12:42:10 +02:00
Neil Mendum
1a1c9b4ea4 actions: add some missing permissions 2025-05-14 17:28:54 +01:00
github-actions[bot]
5f9dd75d7d Post-release preparation for codeql-cli-2.21.3 2025-05-13 21:49:43 +00:00
github-actions[bot]
2de4a01c86 Release preparation for version 2.21.3 2025-05-13 21:14:27 +00:00
Tamás Vajk
cb1c3736fe Merge pull request #19413 from tamasvajk/quality/query-suite-selector 
Add code quality suite selector and use that in the code quality suites
 2025-05-02 08:18:48 +02:00
Nick Rolfe
817237ce54 Merge pull request #19441 from github/nickrolfe/mergeback-2.21.2 
Merge back 2.21.2 release branch
 2025-05-01 11:55:29 +01:00
Aditya Sharad
6285c2e502 Actions: Retroactively add GA changenote 
This was manually added in the docs site at the time of 2.21.1 release and GA.
Include the change note in the relevant places so it remains
in future docs updates:
- codeql/actions-queries@0.5.4
- codeql/actions-all@0.4.7
- 2.21.1 changelog
 2025-04-30 16:24:22 -07:00
Tamas Vajk
bb46ca7a64 Modify quality query suite selector for actions, cpp, rust and swift 2025-04-29 16:22:37 +02:00
github-actions[bot]
2e0699ab2b Post-release preparation for codeql-cli-2.21.2 2025-04-28 14:03:28 +00:00
github-actions[bot]
625354c46e Release preparation for version 2.21.2 2025-04-28 10:55:22 +00:00
Nick Rolfe
b61a87a2a3 Update integration test to match update to security-and-quality suite 2025-04-28 11:26:07 +01:00
Nick Rolfe
70a3fe3e33 Add YAML front matter to change note 2025-04-28 10:09:33 +01:00
Aditya Sharad
d4b083b5c0 Merge pull request #19376 from adityasharad/actions/exclude-model-generator-queries 
Actions: Exclude model-generator queries from query suites
 2025-04-25 20:03:32 +05:30
Tamas Vajk
a4a24470c8 Add query suite inclusion tests for actions, csharp, go, javascript, ruby, rust 2025-04-25 14:06:17 +02:00
Aditya Sharad
b197de8db4 Actions: Add change note for removing model ggenerator queries 2025-04-24 14:21:04 -07:00
Aditya Sharad
05243bd855 Actions: Fix query ID for reusable workflow sinks query 2025-04-24 14:20:47 -07:00
Ian Lynagh
bdd3207752 Merge branch 'main' into post-release-prep/codeql-cli-2.21.1 2025-04-16 11:54:23 +01:00
Aditya Sharad
4952768569 Actions: Fix change note newline 2025-04-15 10:21:54 -07:00
github-actions[bot]
d78736b1bf Post-release preparation for codeql-cli-2.21.1 2025-04-15 16:33:15 +00:00
Ian Lynagh
2409bcc0d6 Merge pull request #19301 from github/release-prep/2.21.1 
Release preparation for version 2.21.1
 2025-04-15 16:52:54 +01:00
Ian Lynagh
b75e0ed02e actions: Fix spelling error in UnmaskedSecretExposure.md 
Corrects "know" to "known" in the description of the UnmaskedSecretExposure document.
 2025-04-15 14:25:39 +01:00
Aditya Sharad
f9103f8ddc Actions: Add change note for missing severity 2025-04-14 14:48:43 -07:00
Aditya Sharad
6eb060f16a Actions: Add security-severity to excessive secrets exposure query 
Same value as missing actions permissions,
both providing warnings to follow the
principle of least privilege within a
workflow.
 2025-04-14 14:41:08 -07:00
Aditya Sharad
93fbb9fe61 Actions: Update description of missing permissions query 2025-04-14 14:39:31 -07:00
Aditya Sharad
eeb938a76d Docs: Minor fixes for Actions query help 2025-04-14 13:25:54 -07:00