From e9a04b883921cdabed7899362b5d24af94b55b0e Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Fri, 20 Dec 2024 14:37:32 -0500 Subject: [PATCH 1/2] Mark `UnversionedImmutableAction` query as internal --- actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql b/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql index ac8cc249318e..8cc79b1091a5 100644 --- a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql +++ b/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql @@ -7,6 +7,7 @@ * @id actions/unversioned-immutable-action * @tags security * actions + * internal * external/cwe/cwe-829 */ From 90efbf5172408f1878e19e834269d423e4d87ea3 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Fri, 20 Dec 2024 14:37:46 -0500 Subject: [PATCH 2/2] Update suites for Actions queries --- actions/ql/src/codeql-suites/actions-all.qls | 2 +- actions/ql/src/codeql-suites/actions-bughalla.qls | 2 +- .../ql/src/codeql-suites/actions-code-scanning.qls | 4 ++-- .../codeql-suites/actions-security-and-quality.qls | 13 ++----------- .../src/codeql-suites/actions-security-extended.qls | 2 ++ 5 files changed, 8 insertions(+), 15 deletions(-) create mode 100644 actions/ql/src/codeql-suites/actions-security-extended.qls diff --git a/actions/ql/src/codeql-suites/actions-all.qls b/actions/ql/src/codeql-suites/actions-all.qls index be9be8666201..81b57e66e1b8 100644 --- a/actions/ql/src/codeql-suites/actions-all.qls +++ b/actions/ql/src/codeql-suites/actions-all.qls @@ -1,4 +1,4 @@ -- description: Standard Code Scanning queries for Actions +- description: Standard Code Scanning queries for GitHub Actions - queries: . - include: kind: diff --git a/actions/ql/src/codeql-suites/actions-bughalla.qls b/actions/ql/src/codeql-suites/actions-bughalla.qls index 0d718fac616e..98e4dc845f90 100644 --- a/actions/ql/src/codeql-suites/actions-bughalla.qls +++ b/actions/ql/src/codeql-suites/actions-bughalla.qls @@ -1,4 +1,4 @@ -- description: Bughalla queries for Actions +- description: Bughalla queries for GitHub Actions - queries: '.' - exclude: tags contain: diff --git a/actions/ql/src/codeql-suites/actions-code-scanning.qls b/actions/ql/src/codeql-suites/actions-code-scanning.qls index ce3ff4893356..4cfe07484d96 100644 --- a/actions/ql/src/codeql-suites/actions-code-scanning.qls +++ b/actions/ql/src/codeql-suites/actions-code-scanning.qls @@ -1,4 +1,4 @@ -- description: Standard Code Scanning queries for Actions +- description: Standard Code Scanning queries for GitHub Actions - queries: '.' - include: problem.severity: @@ -8,4 +8,4 @@ tags contain: - experimental - debug - + - internal diff --git a/actions/ql/src/codeql-suites/actions-security-and-quality.qls b/actions/ql/src/codeql-suites/actions-security-and-quality.qls index ef332acb872c..046d8d367646 100644 --- a/actions/ql/src/codeql-suites/actions-security-and-quality.qls +++ b/actions/ql/src/codeql-suites/actions-security-and-quality.qls @@ -1,11 +1,2 @@ -- description: Security-and-quality queries for Actions -- queries: '.' -- include: - problem.severity: - - error - - recommendation -- exclude: - tags contain: - - experimental - - debug - +- description: Security-and-quality queries for GitHub Actions +- import: codeql-suites/actions-security-extended.qls diff --git a/actions/ql/src/codeql-suites/actions-security-extended.qls b/actions/ql/src/codeql-suites/actions-security-extended.qls new file mode 100644 index 000000000000..07276d22dfc8 --- /dev/null +++ b/actions/ql/src/codeql-suites/actions-security-extended.qls @@ -0,0 +1,2 @@ +- description: Security-extended queries for GitHub Actions +- import: codeql-suites/actions-code-scanning.qls