mirror of
https://github.com/github/codeql.git
synced 2026-06-10 15:31:12 +02:00
Compare commits
117 Commits
yoff/pytho
...
copilot/co
| Author | SHA1 | Date | |
|---|---|---|---|
|
1999602836 | ||
|
|
c732bd6613 | ||
|
|
f5919875b7 | ||
|
|
8d456df26f | ||
|
|
72fcf27d1a | ||
|
|
0cea01c22f | ||
|
|
a473565256 | ||
|
|
c47135a40b | ||
|
|
3cbc8f0262 | ||
|
|
cc1ea25856 | ||
|
|
5a38cbd5d5 | ||
|
|
cf6d94cf8a | ||
|
|
292fc8b777 | ||
|
|
a1759d9834 | ||
|
|
6b74874372 | ||
|
|
ef29d22c75 | ||
|
|
1f91f915c7 | ||
|
|
ba8eebe2b5 | ||
|
|
dc1409e5f4 | ||
|
|
284f42bb9e | ||
|
|
2f3524de74 | ||
|
|
b32573b060 | ||
|
|
cd2398aeea | ||
|
|
d6892eaf0d | ||
|
|
d2972cb53f | ||
|
|
5576d30780 | ||
|
|
da999ee440 | ||
|
|
3da195f50f | ||
|
|
93a4b427e3 | ||
|
|
0430c71318 | ||
|
|
52f2a5825a | ||
|
|
d55ff83568 | ||
|
|
f34275636c | ||
|
|
0a801440b9 | ||
|
|
7edf0100cc | ||
|
|
167c837088 | ||
|
|
6f2cc43f32 | ||
|
|
5042fdee84 | ||
|
|
04341c47bd | ||
|
|
af45e53e77 | ||
|
|
b27d08ee32 | ||
|
|
d11fc3a00e | ||
|
|
20ce679d61 | ||
|
|
f62ebef9e0 | ||
|
|
c3ef1ddd64 | ||
|
|
dede5bc49b | ||
|
|
ad97b6dd64 | ||
|
|
9d5dfea5c5 | ||
|
|
dc0c7d7ec2 | ||
|
|
61a5cece56 | ||
|
|
566a92e555 | ||
|
|
be9c785cb2 | ||
|
|
1fd31d0ddd | ||
|
|
c4e3720d8a | ||
|
|
0547e9c98d | ||
|
|
2a3cff382c | ||
|
|
c610af88d3 | ||
|
|
fa63dad1d1 | ||
|
|
019a5c01ad | ||
|
|
5fb75ac987 | ||
|
|
c1c9287535 | ||
|
|
d1226b71de | ||
|
|
71a363545a | ||
|
|
3f3bed62d3 | ||
|
|
21f216af8c | ||
|
|
1751d70c62 | ||
|
|
ac8eb50c26 | ||
|
|
1ecdc3614f | ||
|
|
e3b3888bee | ||
|
|
ef9306d82c | ||
|
|
56822f8ee1 | ||
|
|
62207f152c | ||
|
|
d5f94475b5 | ||
|
|
00e95a0757 | ||
|
|
c695c151ea | ||
|
|
b38440490a | ||
|
|
5e5a0437e1 | ||
|
|
aee33a0cc9 | ||
|
|
df15a719cb | ||
|
|
812e8e6b34 | ||
|
|
80c6f082d1 | ||
|
|
d95d99848c | ||
|
|
8937e22735 | ||
|
|
37589dd8a0 | ||
|
|
a159dc1c66 | ||
|
|
cc12740c0e | ||
|
|
acb5c0e70f | ||
|
|
6042adebae | ||
|
|
ec13e1bcd3 | ||
|
|
e8779295ee | ||
|
|
fa758d6bf5 | ||
|
|
fa9426c749 | ||
|
|
0ecca91dea | ||
|
|
f669a4f3bf | ||
|
|
3275c814bd | ||
|
|
9a180036a5 | ||
|
|
93e7ab52b7 | ||
|
|
facb3b681d | ||
|
|
b67694b2ab | ||
|
|
dc864762c3 | ||
|
|
dd35bc0722 | ||
|
|
043ec857ab | ||
|
|
f5b17b0b48 | ||
|
|
26dca558c7 | ||
|
|
a367294c23 | ||
|
|
b6004045bd | ||
|
|
cc7e03b0f5 | ||
|
|
1cbd423251 | ||
|
|
437244fe90 | ||
|
|
f7cf24d1f9 | ||
|
|
c3bafacf81 | ||
|
|
57ce0b3d51 | ||
|
|
408ba2e139 | ||
|
|
7632bdba88 | ||
|
|
4b830c1864 | ||
|
|
d6c8767647 | ||
|
|
ec815397a2 |
208
.github/workflows/go-version-update.yml
vendored
Normal file
208
.github/workflows/go-version-update.yml
vendored
Normal file
@@ -0,0 +1,208 @@
|
|||||||
|
name: Update Go version
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
schedule:
|
||||||
|
- cron: "0 3 * * 1" # Run weekly on Mondays at 3 AM UTC (1 = Monday)
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
update-go-version:
|
||||||
|
name: Check and update Go version
|
||||||
|
if: github.repository == 'github/codeql'
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v5
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Set up Git
|
||||||
|
run: |
|
||||||
|
git config user.name "github-actions[bot]"
|
||||||
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
||||||
|
|
||||||
|
- name: Fetch latest Go version
|
||||||
|
id: fetch-version
|
||||||
|
run: |
|
||||||
|
LATEST_GO_VERSION=$(curl -s https://go.dev/dl/?mode=json | jq -r '.[0].version')
|
||||||
|
|
||||||
|
if [ -z "$LATEST_GO_VERSION" ] || [ "$LATEST_GO_VERSION" = "null" ]; then
|
||||||
|
echo "Error: Failed to fetch latest Go version from go.dev"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Latest Go version from go.dev: $LATEST_GO_VERSION"
|
||||||
|
echo "version=$LATEST_GO_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
# Extract version numbers (e.g., go1.26.0 -> 1.26.0)
|
||||||
|
LATEST_VERSION_NUM=$(echo $LATEST_GO_VERSION | sed 's/^go//')
|
||||||
|
echo "version_num=$LATEST_VERSION_NUM" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
# Extract major.minor version (e.g., 1.26.0 -> 1.26)
|
||||||
|
LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION_NUM | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
|
||||||
|
echo "major_minor=$LATEST_MAJOR_MINOR" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Check current Go version
|
||||||
|
id: current-version
|
||||||
|
run: |
|
||||||
|
CURRENT_VERSION=$(sed -n 's/.*go_sdk\.download(version = \"\([^\"]*\)\".*/\1/p' MODULE.bazel)
|
||||||
|
|
||||||
|
if [ -z "$CURRENT_VERSION" ]; then
|
||||||
|
echo "Error: Could not extract Go version from MODULE.bazel"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Current Go version in MODULE.bazel: $CURRENT_VERSION"
|
||||||
|
echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
# Extract major.minor version
|
||||||
|
CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
|
||||||
|
echo "major_minor=$CURRENT_MAJOR_MINOR" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Compare versions
|
||||||
|
id: compare
|
||||||
|
run: |
|
||||||
|
LATEST="${{ steps.fetch-version.outputs.version_num }}"
|
||||||
|
CURRENT="${{ steps.current-version.outputs.version }}"
|
||||||
|
|
||||||
|
echo "Latest: $LATEST"
|
||||||
|
echo "Current: $CURRENT"
|
||||||
|
|
||||||
|
if [ "$LATEST" = "$CURRENT" ]; then
|
||||||
|
echo "Go version is up to date"
|
||||||
|
echo "needs_update=false" >> $GITHUB_OUTPUT
|
||||||
|
else
|
||||||
|
echo "Go version needs update from $CURRENT to $LATEST"
|
||||||
|
echo "needs_update=true" >> $GITHUB_OUTPUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Update Go version in files
|
||||||
|
if: steps.compare.outputs.needs_update == 'true'
|
||||||
|
run: |
|
||||||
|
LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
|
||||||
|
LATEST_MAJOR_MINOR="${{ steps.fetch-version.outputs.major_minor }}"
|
||||||
|
CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
|
||||||
|
CURRENT_MAJOR_MINOR="${{ steps.current-version.outputs.major_minor }}"
|
||||||
|
|
||||||
|
echo "Updating from $CURRENT_VERSION to $LATEST_VERSION_NUM"
|
||||||
|
|
||||||
|
# Escape dots in current version strings for use in sed patterns
|
||||||
|
CURRENT_VERSION_ESCAPED=$(echo "$CURRENT_VERSION" | sed 's/\./\\./g')
|
||||||
|
CURRENT_MAJOR_MINOR_ESCAPED=$(echo "$CURRENT_MAJOR_MINOR" | sed 's/\./\\./g')
|
||||||
|
|
||||||
|
# Update MODULE.bazel
|
||||||
|
sed -i "s/go_sdk\.download(version = \"$CURRENT_VERSION_ESCAPED\")/go_sdk.download(version = \"$LATEST_VERSION_NUM\")/" MODULE.bazel
|
||||||
|
if ! grep -q "go_sdk.download(version = \"$LATEST_VERSION_NUM\")" MODULE.bazel; then
|
||||||
|
echo "Error: Failed to update MODULE.bazel"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update go/extractor/go.mod
|
||||||
|
if ! sed -i "s/^go $CURRENT_MAJOR_MINOR_ESCAPED\$/go $LATEST_MAJOR_MINOR/" go/extractor/go.mod; then
|
||||||
|
echo "Warning: Failed to update go directive in go.mod"
|
||||||
|
fi
|
||||||
|
if ! sed -i "s/^toolchain go$CURRENT_VERSION_ESCAPED\$/toolchain go$LATEST_VERSION_NUM/" go/extractor/go.mod; then
|
||||||
|
echo "Warning: Failed to update toolchain in go.mod"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update go/extractor/autobuilder/build-environment.go
|
||||||
|
if ! sed -i "s/var maxGoVersion = util\.NewSemVer(\"$CURRENT_MAJOR_MINOR_ESCAPED\")/var maxGoVersion = util.NewSemVer(\"$LATEST_MAJOR_MINOR\")/" go/extractor/autobuilder/build-environment.go; then
|
||||||
|
echo "Warning: Failed to update build-environment.go"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update go/actions/test/action.yml
|
||||||
|
if ! sed -i "s/default: \"~$CURRENT_VERSION_ESCAPED\"/default: \"~$LATEST_VERSION_NUM\"/" go/actions/test/action.yml; then
|
||||||
|
echo "Warning: Failed to update action.yml"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Show what changed
|
||||||
|
git diff
|
||||||
|
|
||||||
|
- name: Check for changes
|
||||||
|
id: check-changes
|
||||||
|
if: steps.compare.outputs.needs_update == 'true'
|
||||||
|
run: |
|
||||||
|
if git diff --quiet; then
|
||||||
|
echo "No changes detected"
|
||||||
|
echo "has_changes=false" >> $GITHUB_OUTPUT
|
||||||
|
else
|
||||||
|
echo "Changes detected"
|
||||||
|
echo "has_changes=true" >> $GITHUB_OUTPUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Check for existing PR
|
||||||
|
if: steps.check-changes.outputs.has_changes == 'true'
|
||||||
|
id: check-pr
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
run: |
|
||||||
|
BRANCH_NAME="workflow/go-version-update"
|
||||||
|
PR_NUMBER=$(gh pr list --head "$BRANCH_NAME" --state open --json number --jq '.[0].number')
|
||||||
|
|
||||||
|
if [ -n "$PR_NUMBER" ]; then
|
||||||
|
echo "Existing PR found: #$PR_NUMBER"
|
||||||
|
echo "pr_exists=true" >> $GITHUB_OUTPUT
|
||||||
|
echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
|
||||||
|
else
|
||||||
|
echo "No existing PR found"
|
||||||
|
echo "pr_exists=false" >> $GITHUB_OUTPUT
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Commit and push changes
|
||||||
|
if: steps.check-changes.outputs.has_changes == 'true'
|
||||||
|
run: |
|
||||||
|
BRANCH_NAME="workflow/go-version-update"
|
||||||
|
LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
|
||||||
|
LATEST_MAJOR_MINOR="${{ steps.fetch-version.outputs.major_minor }}"
|
||||||
|
|
||||||
|
# Create or switch to branch
|
||||||
|
git checkout -B "$BRANCH_NAME"
|
||||||
|
|
||||||
|
# Stage and commit changes
|
||||||
|
git add MODULE.bazel go/extractor/go.mod go/extractor/autobuilder/build-environment.go go/actions/test/action.yml
|
||||||
|
git commit -m "Go: Update to $LATEST_VERSION_NUM"
|
||||||
|
|
||||||
|
# Push changes
|
||||||
|
git push --force-with-lease origin "$BRANCH_NAME"
|
||||||
|
|
||||||
|
- name: Create or update PR
|
||||||
|
if: steps.check-changes.outputs.has_changes == 'true'
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
run: |
|
||||||
|
BRANCH_NAME="workflow/go-version-update"
|
||||||
|
LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
|
||||||
|
CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
|
||||||
|
|
||||||
|
PR_TITLE="Go: Update to $LATEST_VERSION_NUM"
|
||||||
|
|
||||||
|
PR_BODY=$(cat <<EOF
|
||||||
|
This PR updates Go from $CURRENT_VERSION to $LATEST_VERSION_NUM.
|
||||||
|
|
||||||
|
Updated files:
|
||||||
|
- \`MODULE.bazel\` - go_sdk.download version
|
||||||
|
- \`go/extractor/go.mod\` - go directive and toolchain
|
||||||
|
- \`go/extractor/autobuilder/build-environment.go\` - maxGoVersion (only if MAJOR.MINOR changes)
|
||||||
|
- \`go/actions/test/action.yml\` - default go-test-version
|
||||||
|
|
||||||
|
This PR was automatically created by the [Go version update workflow](https://github.com/${{ github.repository }}/blob/main/.github/workflows/go-version-update.yml).
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
|
if [ "${{ steps.check-pr.outputs.pr_exists }}" = "true" ]; then
|
||||||
|
echo "Updating existing PR #${{ steps.check-pr.outputs.pr_number }}"
|
||||||
|
gh pr edit "${{ steps.check-pr.outputs.pr_number }}" --title "$PR_TITLE" --body "$PR_BODY"
|
||||||
|
else
|
||||||
|
echo "Creating new PR"
|
||||||
|
gh pr create \
|
||||||
|
--title "$PR_TITLE" \
|
||||||
|
--body "$PR_BODY" \
|
||||||
|
--base main \
|
||||||
|
--head "$BRANCH_NAME" \
|
||||||
|
--label "Go"
|
||||||
|
fi
|
||||||
@@ -273,7 +273,7 @@ use_repo(
|
|||||||
)
|
)
|
||||||
|
|
||||||
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
|
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
|
||||||
go_sdk.download(version = "1.26.0")
|
go_sdk.download(version = "1.26.4")
|
||||||
|
|
||||||
go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
|
go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
|
||||||
go_deps.from_file(go_mod = "//go/extractor:go.mod")
|
go_deps.from_file(go_mod = "//go/extractor:go.mod")
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Models/CompositeActionsSinks.ql
|
query: Models/CompositeActionsSinks.ql
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Models/CompositeActionsSources.ql
|
query: Models/CompositeActionsSources.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Models/CompositeActionsSummaries.ql
|
query: Models/CompositeActionsSummaries.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Models/ReusableWorkflowsSinks.ql
|
query: Models/ReusableWorkflowsSinks.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Models/ReusableWorkflowsSources.ql
|
query: Models/ReusableWorkflowsSources.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Models/ReusableWorkflowsSummaries.ql
|
query: Models/ReusableWorkflowsSummaries.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-074/OutputClobberingHigh.ql
|
query: experimental/Security/CWE-074/OutputClobberingHigh.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-077/EnvPathInjectionCritical.ql
|
query: Security/CWE-077/EnvPathInjectionCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-077/EnvPathInjectionMedium.ql
|
query: Security/CWE-077/EnvPathInjectionMedium.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-077/EnvVarInjectionCritical.ql
|
query: Security/CWE-077/EnvVarInjectionCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-077/EnvVarInjectionMedium.ql
|
query: Security/CWE-077/EnvVarInjectionMedium.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-078/CommandInjectionCritical.ql
|
query: experimental/Security/CWE-078/CommandInjectionCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-078/CommandInjectionMedium.ql
|
query: experimental/Security/CWE-078/CommandInjectionMedium.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-088/ArgumentInjectionCritical.ql
|
query: experimental/Security/CWE-088/ArgumentInjectionCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-088/ArgumentInjectionMedium.ql
|
query: experimental/Security/CWE-088/ArgumentInjectionMedium.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-094/CodeInjectionCritical.ql
|
query: Security/CWE-094/CodeInjectionCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-094/CodeInjectionMedium.ql
|
query: Security/CWE-094/CodeInjectionMedium.ql
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-1395/UseOfKnownVulnerableAction.ql
|
query: Security/CWE-1395/UseOfKnownVulnerableAction.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
experimental/Security/CWE-200/SecretExfiltration.ql
|
query: experimental/Security/CWE-200/SecretExfiltration.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-275/MissingActionsPermissions.ql
|
query: Security/CWE-275/MissingActionsPermissions.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
|
query: experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-285/ImproperAccessControl.ql
|
query: Security/CWE-285/ImproperAccessControl.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-312/ExcessiveSecretsExposure.ql
|
query: Security/CWE-312/ExcessiveSecretsExposure.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-312/SecretsInArtifacts.ql
|
query: Security/CWE-312/SecretsInArtifacts.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-312/UnmaskedSecretExposure.ql
|
query: Security/CWE-312/UnmaskedSecretExposure.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-349/CachePoisoningViaCodeInjection.ql
|
query: Security/CWE-349/CachePoisoningViaCodeInjection.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-349/CachePoisoningViaDirectCache.ql
|
query: Security/CWE-349/CachePoisoningViaDirectCache.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-349/CachePoisoningViaPoisonableStep.ql
|
query: Security/CWE-349/CachePoisoningViaPoisonableStep.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
|
query: Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
|
query: Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
|
query: Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
|
query: Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-829/ArtifactPoisoningCritical.ql
|
query: Security/CWE-829/ArtifactPoisoningCritical.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
Security/CWE-829/ArtifactPoisoningMedium.ql
|
query: Security/CWE-829/ArtifactPoisoningMedium.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +1 @@
|
|||||||
experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
|
query: experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
|
||||||
|
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-829/UnpinnedActionsTag.ql
|
query: Security/CWE-829/UnpinnedActionsTag.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-829/UntrustedCheckoutCritical.ql
|
query: Security/CWE-829/UntrustedCheckoutCritical.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-829/UntrustedCheckoutHigh.ql
|
query: Security/CWE-829/UntrustedCheckoutHigh.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Security/CWE-829/UntrustedCheckoutMedium.ql
|
query: Security/CWE-829/UntrustedCheckoutMedium.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-829/UnversionedImmutableAction.ql
|
query: experimental/Security/CWE-829/UnversionedImmutableAction.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE-918/RequestForgery.ql
|
query: experimental/Security/CWE-918/RequestForgery.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Debug/SyntaxError.ql
|
query: Debug/SyntaxError.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
|
query: Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
|
||||||
|
|||||||
@@ -11,10 +11,6 @@
|
|||||||
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
|
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
|
||||||
],
|
],
|
||||||
"Bound Java/C#": [
|
|
||||||
"java/ql/lib/semmle/code/java/dataflow/Bound.qll",
|
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
|
|
||||||
],
|
|
||||||
"ModulusAnalysis Java/C#": [
|
"ModulusAnalysis Java/C#": [
|
||||||
"java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
|
"java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
jsf/4.13 Functions/AV Rule 107.ql
|
query: jsf/4.13 Functions/AV Rule 107.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
|
query: Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/PrintAST.ql
|
query: semmle/code/cpp/PrintAST.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
|
query: experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
|
query: experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-078/WordexpTainted.ql
|
query: experimental/Security/CWE/CWE-078/WordexpTainted.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
|
query: experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
|
query: experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
|
query: experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
|
query: experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
|
query: experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
|
query: experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
|
query: experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Likely Bugs/ArrayAccessProductFlow.ql
|
query: experimental/Likely Bugs/ArrayAccessProductFlow.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
|
query: experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
|
query: experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
|
query: experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-285/PamAuthorization.ql
|
query: experimental/Security/CWE/CWE-285/PamAuthorization.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-295/CurlSSL.ql
|
query: experimental/Security/CWE/CWE-295/CurlSSL.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
|
query: experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
|
query: experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
|
query: experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
|
query: experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-409/DecompressionBombs.ql
|
query: experimental/Security/CWE/CWE-409/DecompressionBombs.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-415/DoubleFree.ql
|
query: experimental/Security/CWE/CWE-415/DoubleFree.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
|
query: experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
|
query: experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
|
query: experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-675/DoubleRelease.ql
|
query: experimental/Security/CWE/CWE-675/DoubleRelease.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
|
query: experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
|
query: experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
|
query: experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
|
query: experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
|
query: experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
|
query: experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
|
query: experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
|
query: experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
|
query: experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
|
query: experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/PrintAST.ql
|
query: semmle/code/cpp/PrintAST.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ASTConsistency.ql
|
query: semmle/code/cpp/ASTConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Telemetry/CompilerErrors.ql
|
query: Telemetry/CompilerErrors.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Telemetry/DatabaseQuality.ql
|
query: Telemetry/DatabaseQuality.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Telemetry/ExtractionMetrics.ql
|
query: Telemetry/ExtractionMetrics.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
Telemetry/SucceededIncludes.ql
|
query: Telemetry/SucceededIncludes.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/IRConsistency.ql
|
query: semmle/code/cpp/ir/IRConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.ql
|
query: semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/implementation/raw/IRConsistency.ql
|
query: semmle/code/cpp/ir/implementation/raw/IRConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.ql
|
query: semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.ql
|
query: semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.ql
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
semmle/code/cpp/ir/IRConsistency.ql
|
query: semmle/code/cpp/ir/IRConsistency.ql
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user