Skip to content

Commit b4ab2ac

Browse files
felickzfelickz
authored
Merge branch 'main' into patch-1
2 parents b2b6ed2 + 2d9e55d commit b4ab2ac

11 files changed

Lines changed: 55 additions & 54 deletions

File tree

.github/workflows/ci.yml

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
language: [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
1616

1717
steps:
18-
- uses: actions/checkout@v5
18+
- uses: actions/checkout@v6
1919

2020
# Conditionally run actions based on files modified by PR, feature branch or pushed commits
2121
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
@@ -101,7 +101,7 @@ jobs:
101101
102102
- name: Upload test results
103103
if: steps.changes.outputs.src == 'true'
104-
uses: actions/upload-artifact@v4
104+
uses: actions/upload-artifact@v6
105105
with:
106106
name: ${{ matrix.language }}-test-results
107107
path: |
@@ -122,26 +122,27 @@ jobs:
122122
steps:
123123
- name: Check if compile-and-test job failed to complete, if so fail
124124
if: ${{ needs.compile-and-test.result == 'failure' }}
125-
uses: actions/github-script@v7
125+
uses: actions/github-script@v8
126126
with:
127127
script: |
128128
core.setFailed('Test run job failed')
129129
130130
- name: Collect test results
131-
uses: actions/download-artifact@v5
131+
uses: actions/download-artifact@v7
132132

133133
- name: Validate test results
134134
run: |
135-
if [[ ! -n "$(find . -name 'test_report_*' -print -quit)" ]]; then
135+
mapfile -t test_reports < <(find . -name 'test_report_*.json')
136+
if [[ ${#test_reports[@]} -eq 0 ]]; then
136137
echo "No test results found"
137138
exit 0
138139
fi
139140
140-
for json_report in *-test-results/test_report_*
141+
for json_report in "${test_reports[@]}"
141142
do
142-
jq --raw-output '"PASS \(map(select(.pass == true)) | length)/\(length)'" $json_report\"" "$json_report"
143+
jq --raw-output '"PASS \(map(select(.pass == true)) | length)/\(length)"' "$json_report"
143144
done
144-
FAILING_TESTS=$(jq --raw-output '.[] | select(.pass == false)' *-test-results/test_report_*.json)
145+
FAILING_TESTS=$(jq --raw-output '.[] | select(.pass == false)' "${test_reports[@]}")
145146
if [[ ! -z "$FAILING_TESTS" ]]; then
146147
echo "ERROR: The following tests failed:"
147148
echo $FAILING_TESTS | jq .
@@ -157,7 +158,7 @@ jobs:
157158
language: [ 'csharp', 'java' ]
158159

159160
steps:
160-
- uses: actions/checkout@v5
161+
- uses: actions/checkout@v6
161162
with:
162163
submodules: true
163164

@@ -190,7 +191,7 @@ jobs:
190191
language: [ 'csharp', 'java' ]
191192

192193
steps:
193-
- uses: actions/checkout@v5
194+
- uses: actions/checkout@v6
194195
with:
195196
submodules: true
196197

@@ -218,7 +219,7 @@ jobs:
218219
needs: compile-and-test
219220

220221
steps:
221-
- uses: actions/checkout@v5
222+
- uses: actions/checkout@v6
222223

223224
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
224225
id: changes

.github/workflows/hotspots.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@ jobs:
1515
packages: write
1616
steps:
1717
- name: Checkout github/codeql
18-
uses: actions/checkout@v5
18+
uses: actions/checkout@v6
1919
with:
2020
path: codeql
2121
repository: github/codeql
2222
token: ${{ secrets.GITHUB_TOKEN }}
2323
fetch-depth: 0
2424

2525
- name: Checkout github/codeql-community-packs
26-
uses: actions/checkout@v5
26+
uses: actions/checkout@v6
2727
with:
2828
path: codeql-community-packs
2929
repository: githubsecuritylab/codeql-community-packs

.github/workflows/publish.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"]
2121

2222
steps:
23-
- uses: actions/checkout@v5
23+
- uses: actions/checkout@v6
2424

2525
- name: Check codeql-LANG-queries (src) pack
2626
id: check_version
@@ -63,7 +63,7 @@ jobs:
6363
language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"]
6464

6565
steps:
66-
- uses: actions/checkout@v5
66+
- uses: actions/checkout@v6
6767

6868
- name: Check codeql-LANG-libs (lib) pack
6969
id: check_version
@@ -106,7 +106,7 @@ jobs:
106106
language: ["csharp", "java", "python", "go"]
107107

108108
steps:
109-
- uses: actions/checkout@v5
109+
- uses: actions/checkout@v6
110110

111111
- name: Check codeql-LANG-extensions (ext) pack
112112
id: check_version
@@ -149,7 +149,7 @@ jobs:
149149
language: ["csharp", "java"]
150150

151151
steps:
152-
- uses: actions/checkout@v5
152+
- uses: actions/checkout@v6
153153

154154
- name: Check codeql-LANG-library-sources (ext-library-sources) pack
155155
id: check_version

.github/workflows/update-release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919

2020
steps:
2121
- name: "Checkout"
22-
uses: actions/checkout@v5
22+
uses: actions/checkout@v6
2323

2424
- name: Get Token
2525
id: get_workflow_token
@@ -29,13 +29,13 @@ jobs:
2929
private-key: ${{ secrets.SECLABS_APP_KEY }}
3030

3131
- name: "Patch Release Me"
32-
uses: 42ByteLabs/patch-release-me@9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a # 0.6.1
32+
uses: 42ByteLabs/patch-release-me@ef44b04c04fde87280adf14548664bfbcebba04d # 0.6.4
3333
with:
3434
# Bump (patch)
3535
mode: ${{ inputs.mode }}
3636

3737
- name: Create Pull Request
38-
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
38+
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
3939
with:
4040
token: ${{ steps.get_workflow_token.outputs.token }}
4141
title: "Chore: Auto Update new Release"

python/ext/generated/flask.model.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: sourceModel
3+
pack: codeql/python-all
4+
extensible: sourceModel
55
data:
66
- ["flask", "Member[app].Member[Flask].Instance.Member[open_instance_resource]", "Argument[1,resource:]", "file"]
77
- ["flask", "Member[app].Member[Flask].Instance.Member[open_instance_resource]", "Argument[2,mode:]", "file"]
@@ -41,8 +41,8 @@ extensions:
4141
- ["flask", "Member[sessions].Member[SecureCookieSessionInterface].Instance.Member[open_session]", "Argument[1,app:]", "remote"]
4242
- ["flask", "Member[sessions].Member[SecureCookieSessionInterface].Instance.Member[save_session]", "Argument[1,app:]", "remote"]
4343
- addsTo:
44-
pack: codeql/python-all
45-
extensible: sinkModel
44+
pack: codeql/python-all
45+
extensible: sinkModel
4646
data:
4747
- ["flask", "Member[app].Member[Flask].Instance.Member[open_instance_resource]", "Argument[1,resource:]", "path-injection"]
4848
- ["flask", "Member[app].Member[Flask].Instance.Member[open_resource]", "Argument[1,resource:]", "path-injection"]
@@ -53,8 +53,8 @@ extensions:
5353
- ["flask", "Member[config].Member[Config].Instance.Member[from_file]", "Argument[1,filename:]", "path-injection"]
5454
- ["flask", "Member[config].Member[Config].Instance.Member[from_pyfile]", "Argument[1,filename:]", "path-injection"]
5555
- addsTo:
56-
pack: codeql/python-all
57-
extensible: summaryModel
56+
pack: codeql/python-all
57+
extensible: summaryModel
5858
data:
5959
- ["flask", "Member[app].Member[Flask].Instance.Member[app_context]", "Argument[self]", "ReturnValue", "taint"]
6060
- ["flask", "Member[app].Member[Flask].Instance.Member[create_jinja_environment]", "Argument[self]", "ReturnValue", "taint"]

python/ext/generated/ghastoolkit.model.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: sourceModel
3+
pack: codeql/python-all
4+
extensible: sourceModel
55
data:
66
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[getResults]", "Argument[1,database:]", "file"]
77
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[getResults]", "Argument[2,path:]", "file"]
@@ -55,8 +55,8 @@ extensions:
5555
- ["ghastoolkit", "Member[supplychain].Member[licensing].Member[Licenses].Instance.Member[load]", "Argument[1,path:]", "file"]
5656
- ["ghastoolkit", "Member[utils].Member[cli].Member[CommandLine].Instance.Member[parse_args]", "ReturnValue", "commandargs"]
5757
- addsTo:
58-
pack: codeql/python-all
59-
extensible: sinkModel
58+
pack: codeql/python-all
59+
extensible: sinkModel
6060
data:
6161
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[getResults]", "Argument[1,database:]", "path-injection"]
6262
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[runQuery]", "Argument[1,database:]", "path-injection"]
@@ -77,8 +77,8 @@ extensions:
7777
- ["ghastoolkit", "Member[supplychain].Member[licensing].Member[Licenses].Instance.Member[generateLockfile]", "Argument[1,path:]", "path-injection"]
7878
- ["ghastoolkit", "Member[supplychain].Member[licensing].Member[Licenses].Instance.Member[load]", "Argument[1,path:]", "path-injection"]
7979
- addsTo:
80-
pack: codeql/python-all
81-
extensible: summaryModel
80+
pack: codeql/python-all
81+
extensible: summaryModel
8282
data:
8383
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[createDatabase]", "Argument[1,database:]", "ReturnValue", "taint"]
8484
- ["ghastoolkit", "Member[codeql].Member[cli].Member[CodeQL].Instance.Member[createDatabase]", "Argument[2,output:]", "ReturnValue", "taint"]

python/ext/generated/itsdangerous.model.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: summaryModel
3+
pack: codeql/python-all
4+
extensible: summaryModel
55
data:
66
- ["itsdangerous", "Member[encoding].Member[base64_decode]", "Argument[0,string:]", "ReturnValue", "taint"]
77
- ["itsdangerous", "Member[encoding].Member[base64_encode]", "Argument[0,string:]", "ReturnValue", "taint"]

python/ext/generated/openai.model.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: sourceModel
3+
pack: codeql/python-all
4+
extensible: sourceModel
55
data:
66
- ["openai", "Argument[self]", "file"]
77
- ["openai", "Member[_legacy_response].Member[HttpxBinaryResponseContent].Instance.Member[stream_to_file]", "Argument[1,file:]", "file"]
@@ -24,8 +24,8 @@ extensions:
2424
- ["openai", "Member[lib].Member[_validators].Member[read_any_format]", "Argument[self]", "file"]
2525
- ["openai", "Member[lib].Member[_validators].Member[read_any_format]", "ReturnValue", "file"]
2626
- addsTo:
27-
pack: codeql/python-all
28-
extensible: summaryModel
27+
pack: codeql/python-all
28+
extensible: summaryModel
2929
data:
3030
- ["openai", "Argument[self]", "Argument[1,_fields_set:]", "taint"]
3131
- ["openai", "Member[_base_client].Member[AsyncAPIClient].Instance.Member[delete]", "Argument[self]", "ReturnValue", "taint"]

python/ext/generated/pymysql.model.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: sinkModel
3+
pack: codeql/python-all
4+
extensible: sinkModel
55
data:
66
- ["pymysql", "Member[connections].Member[Connection].Instance.Member[connect]", "Argument[1,sock:]", "path-injection"]
77
- ["pymysql", "Member[connections].Member[Connection].Instance.Member[connect]", "Argument[1,sock:]", "sql-injection"]
88
- ["pymysql", "Member[cursors].Member[Cursor].Instance.Member[executemany]", "Argument[1,query:]", "sql-injection"]
99
- ["pymysql", "Member[cursors].Member[Cursor].Instance.Member[executemany]", "Argument[2,args:]", "sql-injection"]
1010
- addsTo:
11-
pack: codeql/python-all
12-
extensible: summaryModel
11+
pack: codeql/python-all
12+
extensible: summaryModel
1313
data:
1414
- ["pymysql", "Member[Binary]", "Argument[0,x:]", "ReturnValue", "taint"]
1515
- ["pymysql", "Member[_auth].Member[caching_sha2_password_auth]", "Argument[1,pkt:]", "Argument[0,conn:]", "taint"]

python/ext/generated/urllib3.model.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
3-
pack: codeql/python-all
4-
extensible: sourceModel
3+
pack: codeql/python-all
4+
extensible: sourceModel
55
data:
66
- ["urllib3", "Member[util].Member[ssl_].Member[create_urllib3_context]", "Argument[0,ssl_version:]", "environment"]
77
- ["urllib3", "Member[util].Member[ssl_].Member[create_urllib3_context]", "Argument[3,ciphers:]", "environment"]
@@ -10,13 +10,13 @@ extensions:
1010
- ["urllib3", "Member[util].Member[ssl_].Member[ssl_wrap_socket]", "Argument[6,ssl_version:]", "environment"]
1111
- ["urllib3", "Member[util].Member[ssl_].Member[ssl_wrap_socket]", "Argument[7,ciphers:]", "environment"]
1212
- addsTo:
13-
pack: codeql/python-all
14-
extensible: sinkModel
13+
pack: codeql/python-all
14+
extensible: sinkModel
1515
data:
1616
- ["urllib3", "Member[util].Member[ssl_].Member[ssl_wrap_socket]", "Argument[1,keyfile:]", "path-injection"]
1717
- addsTo:
18-
pack: codeql/python-all
19-
extensible: summaryModel
18+
pack: codeql/python-all
19+
extensible: summaryModel
2020
data:
2121
- ["urllib3", "Member[_collections].Member[HTTPHeaderDict].Instance.Member[getlist]", "Argument[2,default:]", "ReturnValue", "taint"]
2222
- ["urllib3", "Member[_collections].Member[HTTPHeaderDict].Instance.Member[getlist]", "Argument[self]", "ReturnValue", "taint"]

0 commit comments

Comments
 (0)