Skip to content

Commit 629515b

Browse files
authored
Merge branch 'main' into v0_2_0
2 parents 434bfbd + bd01391 commit 629515b

File tree

71 files changed

+4230
-4388
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

71 files changed

+4230
-4388
lines changed

.github/CODEOWNERS

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
# This project is maintained with love by:
22

3-
- @pwntester @geekmasher
3+
- @GitHubSecurityLab/codeql-community-packs-admin

.github/dependabot.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
version: 2
2+
updates:
3+
# ---------- GitHub Actions ----------
4+
- package-ecosystem: "github-actions"
5+
directory: "/"
6+
schedule:
7+
interval: "weekly"
8+
reviewers:
9+
- "GitHubSecurityLab/codeql-community-packs-admin"
10+
target-branch: "main"
11+
commit-message:
12+
prefix: deps
13+
prefix-development: chore
14+
groups:
15+
production-dependencies:
16+
dependency-type: "production"
17+
development-dependencies:
18+
dependency-type: "development"

.github/workflows/ci.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ on:
66
workflow_dispatch:
77

88
env:
9-
CODEQL_CLI_VERSION: 2.19.3
9+
CODEQL_CLI_VERSION: 2.20.1
1010

1111
jobs:
1212
compile-and-test:
@@ -18,10 +18,10 @@ jobs:
1818
language: [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
1919

2020
steps:
21-
- uses: actions/checkout@v3
21+
- uses: actions/checkout@v4
2222

2323
# Conditionally run actions based on files modified by PR, feature branch or pushed commits
24-
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
24+
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
2525
id: changes
2626
with:
2727
filters: |
@@ -126,7 +126,7 @@ jobs:
126126
steps:
127127
- name: Check if compile-and-test job failed to complete, if so fail
128128
if: ${{ needs.compile-and-test.result == 'failure' }}
129-
uses: actions/github-script@v3
129+
uses: actions/github-script@v7
130130
with:
131131
script: |
132132
core.setFailed('Test run job failed')
@@ -161,11 +161,11 @@ jobs:
161161
language: [ 'csharp', 'java' ]
162162

163163
steps:
164-
- uses: actions/checkout@v3
164+
- uses: actions/checkout@v4
165165
with:
166166
submodules: true
167167

168-
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
168+
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
169169
id: changes
170170
with:
171171
filters: |
@@ -196,11 +196,11 @@ jobs:
196196
language: [ 'csharp', 'java' ]
197197

198198
steps:
199-
- uses: actions/checkout@v3
199+
- uses: actions/checkout@v4
200200
with:
201201
submodules: true
202202

203-
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
203+
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
204204
id: changes
205205
with:
206206
filters: |
@@ -226,9 +226,9 @@ jobs:
226226
needs: compile-and-test
227227

228228
steps:
229-
- uses: actions/checkout@v3
229+
- uses: actions/checkout@v4
230230

231-
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
231+
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
232232
id: changes
233233
with:
234234
filters: |

.github/workflows/hotspots.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@ jobs:
1515
packages: write
1616
steps:
1717
- name: Checkout github/codeql
18-
uses: actions/checkout@v2
18+
uses: actions/checkout@v4
1919
with:
2020
path: codeql
2121
repository: github/codeql
2222
token: ${{ secrets.GITHUB_TOKEN }}
2323
fetch-depth: 0
2424

2525
- name: Checkout github/codeql-community-packs
26-
uses: actions/checkout@v2
26+
uses: actions/checkout@v4
2727
with:
2828
path: codeql-community-packs
2929
repository: githubsecuritylab/codeql-community-packs

.github/workflows/publish.yml

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"]
2121

2222
steps:
23-
- uses: actions/checkout@v3
23+
- uses: actions/checkout@v4
2424

2525
- name: Initialize CodeQL
2626
run: |
@@ -32,7 +32,7 @@ jobs:
3232
3333
- name: "Check and publish codeql-LANG-queries (src) pack"
3434
env:
35-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
35+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
3636
run: |
3737
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-queries/versions --jq '.[0].metadata.container.tags[0]')
3838
CURRENT_VERSION=$(grep version ${{ matrix.language }}/src/qlpack.yml | awk '{print $2}')
@@ -57,7 +57,7 @@ jobs:
5757
language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"]
5858

5959
steps:
60-
- uses: actions/checkout@v3
60+
- uses: actions/checkout@v4
6161

6262
- name: Initialize CodeQL
6363
run: |
@@ -69,7 +69,7 @@ jobs:
6969
7070
- name: "Check and publish codeql-LANG-libs (lib) pack"
7171
env:
72-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
72+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
7373
run: |
7474
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-libs/versions --jq '.[0].metadata.container.tags[0]')
7575
CURRENT_VERSION=$(grep version ${{ matrix.language }}/lib/qlpack.yml | awk '{print $2}')
@@ -84,13 +84,17 @@ jobs:
8484
extensions:
8585
runs-on: ubuntu-latest
8686

87+
permissions:
88+
contents: read
89+
packages: write
90+
8791
strategy:
8892
fail-fast: false
8993
matrix:
9094
language: ["csharp", "java"]
9195

9296
steps:
93-
- uses: actions/checkout@v3
97+
- uses: actions/checkout@v4
9498

9599
- name: Initialize CodeQL
96100
run: |
@@ -102,7 +106,7 @@ jobs:
102106
103107
- name: Check and publish codeql-LANG-extensions (ext) pack
104108
env:
105-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
109+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
106110
run: |
107111
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-extensions/versions --jq '.[0].metadata.container.tags[0]')
108112
CURRENT_VERSION=$(grep version ${{ matrix.language }}/ext/qlpack.yml | awk '{print $2}')
@@ -117,13 +121,17 @@ jobs:
117121
library_sources_extensions:
118122
runs-on: ubuntu-latest
119123

124+
permissions:
125+
contents: read
126+
packages: write
127+
120128
strategy:
121129
fail-fast: false
122130
matrix:
123131
language: ["csharp", "java"]
124132

125133
steps:
126-
- uses: actions/checkout@v3
134+
- uses: actions/checkout@v4
127135

128136
- name: Initialize CodeQL
129137
run: |
@@ -135,7 +143,7 @@ jobs:
135143
136144
- name: Check and publish codeql-LANG-library-sources (ext-library-sources) pack
137145
env:
138-
GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
146+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
139147
run: |
140148
PUBLISHED_VERSION=$(gh api /orgs/githubsecuritylab/packages/container/codeql-${{ matrix.language }}-library-sources/versions --jq '.[0].metadata.container.tags[0]')
141149
CURRENT_VERSION=$(grep version ${{ matrix.language }}/ext-library-sources/qlpack.yml | awk '{print $2}')

.github/workflows/update-release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,10 +23,10 @@ jobs:
2323

2424
- name: Get Token
2525
id: get_workflow_token
26-
uses: peter-murray/workflow-application-token-action@8e4e6fbf6fcc8a272781d97597969d21b3812974 # v4.0.0
26+
uses: actions/create-github-app-token@v1
2727
with:
28-
application_id: ${{ secrets.SECLABS_APP_ID }}
29-
application_private_key: ${{ secrets.SECLABS_APP_KEY }}
28+
app-id: ${{ secrets.SECLABS_APP_ID }}
29+
private-key: ${{ secrets.SECLABS_APP_KEY }}
3030

3131
- name: "Patch Release Me"
3232
uses: 42ByteLabs/patch-release-me@1e802ecb51cf4c5869cb77563df59b2fbe6f584c # 0.4.1

cpp/lib/codeql-pack.lock.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,23 +2,23 @@
22
lockVersion: 1.0.0
33
dependencies:
44
codeql/cpp-all:
5-
version: 2.1.0
5+
version: 3.1.0
66
codeql/dataflow:
7-
version: 1.1.5
7+
version: 1.1.8
88
codeql/mad:
9-
version: 1.0.11
9+
version: 1.0.14
1010
codeql/rangeanalysis:
11-
version: 1.0.11
11+
version: 1.0.14
1212
codeql/ssa:
13-
version: 1.0.11
13+
version: 1.0.14
1414
codeql/tutorial:
15-
version: 1.0.11
15+
version: 1.0.14
1616
codeql/typeflow:
17-
version: 1.0.11
17+
version: 1.0.14
1818
codeql/typetracking:
19-
version: 1.0.11
19+
version: 1.0.14
2020
codeql/util:
21-
version: 1.0.11
21+
version: 2.0.1
2222
codeql/xml:
23-
version: 1.0.11
23+
version: 1.0.14
2424
compiled: false

cpp/src/codeql-pack.lock.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,27 +2,27 @@
22
lockVersion: 1.0.0
33
dependencies:
44
codeql/cpp-all:
5-
version: 2.1.0
5+
version: 3.1.0
66
codeql/cpp-queries:
7-
version: 1.2.6
7+
version: 1.3.1
88
codeql/dataflow:
9-
version: 1.1.5
9+
version: 1.1.8
1010
codeql/mad:
11-
version: 1.0.11
11+
version: 1.0.14
1212
codeql/rangeanalysis:
13-
version: 1.0.11
13+
version: 1.0.14
1414
codeql/ssa:
15-
version: 1.0.11
15+
version: 1.0.14
1616
codeql/suite-helpers:
17-
version: 1.0.11
17+
version: 1.0.14
1818
codeql/tutorial:
19-
version: 1.0.11
19+
version: 1.0.14
2020
codeql/typeflow:
21-
version: 1.0.11
21+
version: 1.0.14
2222
codeql/typetracking:
23-
version: 1.0.11
23+
version: 1.0.14
2424
codeql/util:
25-
version: 1.0.11
25+
version: 2.0.1
2626
codeql/xml:
27-
version: 1.0.11
27+
version: 1.0.14
2828
compiled: false

cpp/test/codeql-pack.lock.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,27 +2,27 @@
22
lockVersion: 1.0.0
33
dependencies:
44
codeql/cpp-all:
5-
version: 2.1.0
5+
version: 3.1.0
66
codeql/cpp-queries:
7-
version: 1.2.6
7+
version: 1.3.1
88
codeql/dataflow:
9-
version: 1.1.5
9+
version: 1.1.8
1010
codeql/mad:
11-
version: 1.0.11
11+
version: 1.0.14
1212
codeql/rangeanalysis:
13-
version: 1.0.11
13+
version: 1.0.14
1414
codeql/ssa:
15-
version: 1.0.11
15+
version: 1.0.14
1616
codeql/suite-helpers:
17-
version: 1.0.11
17+
version: 1.0.14
1818
codeql/tutorial:
19-
version: 1.0.11
19+
version: 1.0.14
2020
codeql/typeflow:
21-
version: 1.0.11
21+
version: 1.0.14
2222
codeql/typetracking:
23-
version: 1.0.11
23+
version: 1.0.14
2424
codeql/util:
25-
version: 1.0.11
25+
version: 2.0.1
2626
codeql/xml:
27-
version: 1.0.11
27+
version: 1.0.14
2828
compiled: false

csharp/lib/codeql-pack.lock.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,23 +2,23 @@
22
lockVersion: 1.0.0
33
dependencies:
44
codeql/controlflow:
5-
version: 1.0.11
5+
version: 1.0.14
66
codeql/csharp-all:
7-
version: 3.1.0
7+
version: 4.0.1
88
codeql/dataflow:
9-
version: 1.1.5
9+
version: 1.1.8
1010
codeql/mad:
11-
version: 1.0.11
11+
version: 1.0.14
1212
codeql/ssa:
13-
version: 1.0.11
13+
version: 1.0.14
1414
codeql/threat-models:
15-
version: 1.0.11
15+
version: 1.0.14
1616
codeql/tutorial:
17-
version: 1.0.11
17+
version: 1.0.14
1818
codeql/typetracking:
19-
version: 1.0.11
19+
version: 1.0.14
2020
codeql/util:
21-
version: 1.0.11
21+
version: 2.0.1
2222
codeql/xml:
23-
version: 1.0.11
23+
version: 1.0.14
2424
compiled: false

csharp/src/audit/explore/Dependencies.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99

1010
private import csharp
1111
private import semmle.code.csharp.dispatch.Dispatch
12-
private import Telemetry.ExternalApi
12+
private import semmle.code.csharp.telemetry.ExternalApi
1313

1414
private predicate getRelevantUsages(string namespace, int usages) {
1515
usages =

0 commit comments

Comments
 (0)