Skip to content

Commit

Permalink
Merge pull request #89 from GitHubSecurityLab/runcionworkflowchange
Browse files Browse the repository at this point in the history 
Update CodeQL CLI to 2.19.3 and fix code issues.
  • Loading branch information
@GeekMasher
GeekMasher authored Dec 18, 2024
2 parents d3871a8 + d7a0a29 commit 2756b60
Show file tree
Hide file tree
Showing 48 changed files with 556 additions and 457 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
workflow_dispatch:

env:
CODEQL_CLI_VERSION: 2.19.2
CODEQL_CLI_VERSION: 2.19.3

jobs:
compile-and-test:
Expand All @@ -27,6 +27,7 @@ jobs:
filters: |
src:
- '${{ matrix.language }}/**'
- '.github/**'
- name: Setup CodeQL
if: steps.changes.outputs.src == 'true'
Expand All @@ -38,9 +39,9 @@ jobs:
if: steps.changes.outputs.src == 'true'
env:
GITHUB_TOKEN: ${{ github.token }}
CODEQL_CLI_VERSION: ${{ env.CODEQL_CLI_VERSION }}
run: |
gh repo clone github/codeql # to make stubs available for tests
codeql pack download "codeql/${{ matrix.language }}-queries"
gh repo clone github/codeql -- -b codeql-cli-${CODEQL_CLI_VERSION} # to make stubs available for tests
codeql pack install "${{ matrix.language }}/lib"
codeql pack install "${{ matrix.language }}/src"
codeql pack install "${{ matrix.language }}/test"
Expand Down
20 changes: 15 additions & 5 deletions cpp/lib/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.2
version: 2.1.0
codeql/dataflow:
version: 0.0.3
version: 1.1.5
codeql/mad:
version: 1.0.11
codeql/rangeanalysis:
version: 1.0.11
codeql/ssa:
version: 0.1.4
version: 1.0.11
codeql/tutorial:
version: 0.1.4
version: 1.0.11
codeql/typeflow:
version: 1.0.11
codeql/typetracking:
version: 1.0.11
codeql/util:
version: 0.1.4
version: 1.0.11
codeql/xml:
version: 1.0.11
compiled: false
24 changes: 17 additions & 7 deletions cpp/src/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,27 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.2
version: 2.1.0
codeql/cpp-queries:
version: 0.7.4
version: 1.2.6
codeql/dataflow:
version: 0.0.3
version: 1.1.5
codeql/mad:
version: 1.0.11
codeql/rangeanalysis:
version: 1.0.11
codeql/ssa:
version: 0.1.4
version: 1.0.11
codeql/suite-helpers:
version: 0.6.4
version: 1.0.11
codeql/tutorial:
version: 0.1.4
version: 1.0.11
codeql/typeflow:
version: 1.0.11
codeql/typetracking:
version: 1.0.11
codeql/util:
version: 0.1.4
version: 1.0.11
codeql/xml:
version: 1.0.11
compiled: false
24 changes: 17 additions & 7 deletions cpp/test/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,27 @@
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.9.2
version: 2.1.0
codeql/cpp-queries:
version: 0.7.4
version: 1.2.6
codeql/dataflow:
version: 0.0.3
version: 1.1.5
codeql/mad:
version: 1.0.11
codeql/rangeanalysis:
version: 1.0.11
codeql/ssa:
version: 0.1.4
version: 1.0.11
codeql/suite-helpers:
version: 0.6.4
version: 1.0.11
codeql/tutorial:
version: 0.1.4
version: 1.0.11
codeql/typeflow:
version: 1.0.11
codeql/typetracking:
version: 1.0.11
codeql/util:
version: 0.1.4
version: 1.0.11
codeql/xml:
version: 1.0.11
compiled: false
20 changes: 10 additions & 10 deletions csharp/lib/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,23 @@
lockVersion: 1.0.0
dependencies:
codeql/controlflow:
version: 1.0.10
version: 1.0.11
codeql/csharp-all:
version: 3.0.1
version: 3.1.0
codeql/dataflow:
version: 1.1.4
version: 1.1.5
codeql/mad:
version: 1.0.10
version: 1.0.11
codeql/ssa:
version: 1.0.10
version: 1.0.11
codeql/threat-models:
version: 1.0.10
version: 1.0.11
codeql/tutorial:
version: 1.0.10
version: 1.0.11
codeql/typetracking:
version: 1.0.10
version: 1.0.11
codeql/util:
version: 1.0.10
version: 1.0.11
codeql/xml:
version: 1.0.10
version: 1.0.11
compiled: false
24 changes: 12 additions & 12 deletions csharp/src/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,27 @@
lockVersion: 1.0.0
dependencies:
codeql/controlflow:
version: 1.0.10
version: 1.0.11
codeql/csharp-all:
version: 3.0.1
version: 3.1.0
codeql/csharp-queries:
version: 1.0.10
version: 1.0.11
codeql/dataflow:
version: 1.1.4
version: 1.1.5
codeql/mad:
version: 1.0.10
version: 1.0.11
codeql/ssa:
version: 1.0.10
version: 1.0.11
codeql/suite-helpers:
version: 1.0.10
version: 1.0.11
codeql/threat-models:
version: 1.0.10
version: 1.0.11
codeql/tutorial:
version: 1.0.10
version: 1.0.11
codeql/typetracking:
version: 1.0.10
version: 1.0.11
codeql/util:
version: 1.0.10
version: 1.0.11
codeql/xml:
version: 1.0.10
version: 1.0.11
compiled: false
4 changes: 0 additions & 4 deletions csharp/test/TestUtilities/PrettyPrintModels.ql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,3 @@
import semmle.code.csharp.dataflow.internal.ExternalFlow
import codeql.dataflow.test.ProvenancePathGraph
import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>

from string relation, int row, int column, string data
where results(relation, row, column, data)
select relation, row, column, data
24 changes: 12 additions & 12 deletions csharp/test/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,27 @@
lockVersion: 1.0.0
dependencies:
codeql/controlflow:
version: 1.0.10
version: 1.0.11
codeql/csharp-all:
version: 3.0.1
version: 3.1.0
codeql/csharp-queries:
version: 1.0.10
version: 1.0.11
codeql/dataflow:
version: 1.1.4
version: 1.1.5
codeql/mad:
version: 1.0.10
version: 1.0.11
codeql/ssa:
version: 1.0.10
version: 1.0.11
codeql/suite-helpers:
version: 1.0.10
version: 1.0.11
codeql/threat-models:
version: 1.0.10
version: 1.0.11
codeql/tutorial:
version: 1.0.10
version: 1.0.11
codeql/typetracking:
version: 1.0.10
version: 1.0.11
codeql/util:
version: 1.0.10
version: 1.0.11
codeql/xml:
version: 1.0.10
version: 1.0.11
compiled: false
16 changes: 9 additions & 7 deletions go/lib/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 0.2.7
version: 1.1.5
codeql/go-all:
version: 0.8.1
version: 2.1.2
codeql/mad:
version: 0.2.16
version: 1.0.11
codeql/ssa:
version: 0.2.16
version: 1.0.11
codeql/threat-models:
version: 1.0.11
codeql/tutorial:
version: 0.2.16
version: 1.0.11
codeql/typetracking:
version: 0.2.16
version: 1.0.11
codeql/util:
version: 0.2.16
version: 1.0.11
compiled: false
16 changes: 9 additions & 7 deletions go/src/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 0.2.7
version: 1.1.5
codeql/go-all:
version: 0.8.1
version: 2.1.2
codeql/mad:
version: 0.2.16
version: 1.0.11
codeql/ssa:
version: 0.2.16
version: 1.0.11
codeql/threat-models:
version: 1.0.11
codeql/tutorial:
version: 0.2.16
version: 1.0.11
codeql/typetracking:
version: 0.2.16
version: 1.0.11
codeql/util:
version: 0.2.16
version: 1.0.11
compiled: false
16 changes: 9 additions & 7 deletions go/test/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 0.2.7
version: 1.1.5
codeql/go-all:
version: 0.8.1
version: 2.1.2
codeql/mad:
version: 0.2.16
version: 1.0.11
codeql/ssa:
version: 0.2.16
version: 1.0.11
codeql/threat-models:
version: 1.0.11
codeql/tutorial:
version: 0.2.16
version: 1.0.11
codeql/typetracking:
version: 0.2.16
version: 1.0.11
codeql/util:
version: 0.2.16
version: 1.0.11
compiled: false
4 changes: 2 additions & 2 deletions go/test/security/CWE-078/cmdi.expected
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
edges
| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | MaD:732 |
| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | |
| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | Src:MaD:1004 MaD:1065 |
| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | Sink:MaD:1075 |
nodes
| main.go:20:14:20:20 | selection of URL | semmle.label | selection of URL |
| main.go:20:14:20:28 | call to Query | semmle.label | call to Query |
Expand Down
22 changes: 16 additions & 6 deletions javascript/lib/codeql-pack.lock.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,26 @@
---
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 1.1.5
codeql/javascript-all:
version: 0.7.4
version: 2.1.0
codeql/mad:
version: 0.1.4
version: 1.0.11
codeql/regex:
version: 0.1.4
version: 1.0.11
codeql/ssa:
version: 1.0.11
codeql/threat-models:
version: 1.0.11
codeql/tutorial:
version: 0.1.4
version: 1.0.11
codeql/typetracking:
version: 1.0.11
codeql/util:
version: 0.1.4
version: 1.0.11
codeql/xml:
version: 1.0.11
codeql/yaml:
version: 0.1.4
version: 1.0.11
compiled: false
Loading

0 comments on commit 2756b60

Please sign in to comment.