Releases: GitHubSecurityLab/CodeQL-Community-Packs
Release list
v0.5.1
Publish summary
Generated by publish.yml run #169 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.5.0 | 0.5.0 | n/a | n/a |
| C# | 0.5.0 | 0.5.0 | 0.5.0 | 0.5.0 |
| Go | 0.5.0 | 0.5.0 | n/a | n/a |
| Java | 0.5.0 | 0.5.0 | 0.5.0 | 0.5.0 |
| JavaScript | 0.5.0 | 0.5.0 | n/a | n/a |
| Python | 0.5.0 | 0.5.0 | n/a | n/a |
| Ruby | 0.5.0 | 0.5.0 | n/a | n/a |
What's Changed
Full Changelog: v0.5.0...v0.5.1
CodeQL standard library & query pack versions
Pinned CodeQL CLI/library version (.codeqlversion): v2.24.3
Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.24.3 (tag codeql-cli/v2.24.3). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.
| Language | Pack | Dependency | Our locked version | Upstream (CLI v2.24.3 ships) | Status |
|---|---|---|---|---|---|
| C++ | src |
codeql/cpp-all |
8.0.0 |
8.0.0 |
✅ |
| C++ | src |
codeql/cpp-queries |
1.5.12 |
1.5.12 |
✅ |
| C++ | lib |
codeql/cpp-all |
8.0.0 |
8.0.0 |
✅ |
| C# | src |
codeql/csharp-all |
5.4.8 |
5.4.8 |
✅ |
| C# | src |
codeql/csharp-queries |
1.6.3 |
1.6.3 |
✅ |
| C# | lib |
codeql/csharp-all |
5.4.8 |
5.4.8 |
✅ |
| Go | src |
codeql/go-all |
7.0.1 |
7.0.1 |
✅ |
| Go | lib |
codeql/go-all |
7.0.1 |
7.0.1 |
✅ |
| Java | src |
codeql/java-all |
8.1.1 |
8.1.1 |
✅ |
| Java | lib |
codeql/java-all |
8.1.1 |
8.1.1 |
✅ |
| JavaScript | src |
codeql/javascript-all |
2.6.23 |
2.6.23 |
✅ |
| JavaScript | lib |
codeql/javascript-all |
2.6.23 |
2.6.23 |
✅ |
| Python | src |
codeql/python-all |
7.0.0 |
7.0.0 |
✅ |
| Python | lib |
codeql/python-all |
7.0.0 |
7.0.0 |
✅ |
| Ruby | src |
codeql/ruby-all |
5.1.11 |
5.1.11 |
✅ |
| Ruby | lib |
codeql/ruby-all |
5.1.11 |
5.1.11 |
✅ |
v0.5.0
Publish summary
Generated by publish.yml run #168 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.5.0 🆕 | 0.5.0 🆕 | n/a | n/a |
| C# | 0.5.0 🆕 | 0.5.0 🆕 | 0.5.0 🆕 | 0.5.0 🆕 |
| Go | 0.5.0 🆕 | 0.5.0 🆕 | n/a | n/a |
| Java | 0.5.0 🆕 | 0.5.0 🆕 | 0.5.0 🆕 | 0.5.0 🆕 |
| JavaScript | 0.5.0 🆕 | 0.5.0 🆕 | n/a | n/a |
| Python | 0.5.0 🆕 | 0.5.0 🆕 | n/a | n/a |
| Ruby | 0.5.0 🆕 | 0.5.0 🆕 | n/a | n/a |
What's Changed
- docs: retire hand-maintained CodeQL version table, point to GitHub Releases by @felickz in #178
- chore: bump pinned CodeQL CLI to v2.24.3 and release v0.5.0 by @security-lab-bot[bot] in #179
Full Changelog: v0.4.0...v0.5.0
CodeQL standard library & query pack versions
Pinned CodeQL CLI/library version (.codeqlversion): v2.24.3
Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.24.3 (tag codeql-cli/v2.24.3). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.
| Language | Pack | Dependency | Our locked version | Upstream (CLI v2.24.3 ships) | Status |
|---|---|---|---|---|---|
| C++ | src |
codeql/cpp-all |
8.0.0 |
8.0.0 |
✅ |
| C++ | src |
codeql/cpp-queries |
1.5.12 |
1.5.12 |
✅ |
| C++ | lib |
codeql/cpp-all |
8.0.0 |
8.0.0 |
✅ |
| C# | src |
codeql/csharp-all |
5.4.8 |
5.4.8 |
✅ |
| C# | src |
codeql/csharp-queries |
1.6.3 |
1.6.3 |
✅ |
| C# | lib |
codeql/csharp-all |
5.4.8 |
5.4.8 |
✅ |
| Go | src |
codeql/go-all |
7.0.1 |
7.0.1 |
✅ |
| Go | lib |
codeql/go-all |
7.0.1 |
7.0.1 |
✅ |
| Java | src |
codeql/java-all |
8.1.1 |
8.1.1 |
✅ |
| Java | lib |
codeql/java-all |
8.1.1 |
8.1.1 |
✅ |
| JavaScript | src |
codeql/javascript-all |
2.6.23 |
2.6.23 |
✅ |
| JavaScript | lib |
codeql/javascript-all |
2.6.23 |
2.6.23 |
✅ |
| Python | src |
codeql/python-all |
7.0.0 |
7.0.0 |
✅ |
| Python | lib |
codeql/python-all |
7.0.0 |
7.0.0 |
✅ |
| Ruby | src |
codeql/ruby-all |
5.1.11 |
5.1.11 |
✅ |
| Ruby | lib |
codeql/ruby-all |
5.1.11 |
5.1.11 |
✅ |
v0.4.0
Publish summary
Generated by publish.yml run #167 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.4.0 🆕 | 0.4.0 🆕 | n/a | n/a |
| C# | 0.4.0 🆕 | 0.4.0 🆕 | 0.4.0 🆕 | 0.4.0 🆕 |
| Go | 0.4.0 🆕 | 0.4.0 🆕 | n/a | n/a |
| Java | 0.4.0 🆕 | 0.4.0 🆕 | 0.4.0 🆕 | 0.4.0 🆕 |
| JavaScript | 0.4.0 🆕 | 0.4.0 🆕 | n/a | n/a |
| Python | 0.4.0 🆕 | 0.4.0 🆕 | n/a | n/a |
| Ruby | 0.4.0 🆕 | 0.4.0 🆕 | n/a | n/a |
What's Changed
- fix(release): invoke patch-release-me via docker run to avoid mode arg quoting bug by @felickz in #171
- feat(release): add prerelease boolean toggle, default off by @felickz in #172
- feat(ci): add copilot-setup-steps.yml for delegated CI-fix sessions by @felickz in #174
- fix(release): stop patch-release-me double-bumping ql/hotspots by @felickz in #175
- chore: bump pinned CodeQL CLI to v2.22.4 and release v0.3.0 by @security-lab-bot[bot] in #173
- chore(ci): pre-install every CodeQL pack's dependencies in copilot-setup-steps.yml by @felickz in #176
- chore: bump pinned CodeQL CLI to v2.23.9 and release v0.4.0 by @security-lab-bot[bot] in #177
Full Changelog: v0.2.4...v0.4.0
CodeQL standard library & query pack versions
Pinned CodeQL CLI/library version (.codeqlversion): v2.23.9
Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.23.9 (tag codeql-cli/v2.23.9). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.
| Language | Pack | Dependency | Our locked version | Upstream (CLI v2.23.9 ships) | Status |
|---|---|---|---|---|---|
| C++ | src |
codeql/cpp-all |
6.1.4 |
6.1.4 |
✅ |
| C++ | src |
codeql/cpp-queries |
1.5.8 |
1.5.8 |
✅ |
| C++ | lib |
codeql/cpp-all |
6.1.4 |
6.1.4 |
✅ |
| C# | src |
codeql/csharp-all |
5.4.4 |
5.4.4 |
✅ |
| C# | src |
codeql/csharp-queries |
1.5.4 |
1.5.4 |
✅ |
| C# | lib |
codeql/csharp-all |
5.4.4 |
5.4.4 |
✅ |
| Go | src |
codeql/go-all |
5.0.6 |
5.0.6 |
✅ |
| Go | lib |
codeql/go-all |
5.0.6 |
5.0.6 |
✅ |
| Java | src |
codeql/java-all |
7.8.3 |
7.8.3 |
✅ |
| Java | lib |
codeql/java-all |
7.8.3 |
7.8.3 |
✅ |
| JavaScript | src |
codeql/javascript-all |
2.6.19 |
2.6.19 |
✅ |
| JavaScript | lib |
codeql/javascript-all |
2.6.19 |
2.6.19 |
✅ |
| Python | src |
codeql/python-all |
5.0.4 |
5.0.4 |
✅ |
| Python | lib |
codeql/python-all |
5.0.4 |
5.0.4 |
✅ |
| Ruby | src |
codeql/ruby-all |
5.1.7 |
5.1.7 |
✅ |
| Ruby | lib |
codeql/ruby-all |
[5.1.7](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs/blob/e7c143a361584f0fd3584e7066503619a181b... |
v0.2.4
Publish summary
Generated by publish.yml run #164 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.4 🆕 | 0.2.4 🆕 | n/a | n/a |
| C# | 0.2.4 🆕 | 0.2.4 🆕 | 0.2.4 🆕 | 0.2.4 🆕 |
| Go | 0.2.4 🆕 | 0.2.4 🆕 | n/a | n/a |
| Java | 0.2.4 🆕 | 0.2.4 🆕 | 0.2.4 🆕 | 0.2.4 🆕 |
| JavaScript | 0.2.4 🆕 | 0.2.4 🆕 | n/a | n/a |
| Python | 0.2.4 🆕 | 0.2.4 🆕 | n/a | n/a |
| Ruby | 0.2.4 🆕 | 0.2.4 🆕 | n/a | n/a |
What's Changed
- chore: bump remaining packs to 0.2.3 to match .release.yml by @felickz in #159
- feat(publish): gate auto-publish on releases + publish summary table + docs by @felickz in #160
- fix(workflows): add packages: read permission to update-codeql-version.yml by @felickz in #163
- chore: bump pinned CodeQL CLI to v2.21.4 by @security-lab-bot[bot] in #166
- feat(update-codeql-version): add optional release_bump input to publish in the same PR by @felickz in #167
- fix(release): repin patch-release-me to 0.6.5 (0.6.6's GHCR image was never published) by @felickz in #168
- Chore: Auto Update new Release by @security-lab-bot[bot] in #169
New Contributors
- @security-lab-bot[bot] made their first contribution in #166
Full Changelog: v0.2.3...v0.2.4
CodeQL standard library & query pack versions
Pinned CodeQL CLI/library version (.codeqlversion): v2.21.4
Comparing each language's direct codeql/* dependencies (from both src/qlpack.yml and lib/qlpack.yml, each resolved in its own codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.21.4 (tag codeql-cli/v2.21.4). src and lib are checked independently because they're separately-resolved lock files that can drift from each other. Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/<pack> hasn't been run for that specific directory since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.
| Language | Pack | Dependency | Our locked version | Upstream (CLI v2.21.4 ships) | Status |
|---|---|---|---|---|---|
| C++ | src |
codeql/cpp-all |
5.0.0 |
5.0.0 |
✅ |
| C++ | src |
codeql/cpp-queries |
1.4.1 |
1.4.1 |
✅ |
| C++ | lib |
codeql/cpp-all |
5.0.0 |
5.0.0 |
✅ |
| C# | src |
codeql/csharp-all |
5.1.7 |
5.1.7 |
✅ |
| C# | src |
codeql/csharp-queries |
1.2.1 |
1.2.1 |
✅ |
| C# | lib |
codeql/csharp-all |
5.1.7 |
5.1.7 |
✅ |
| Go | src |
codeql/go-all |
4.2.6 |
4.2.6 |
✅ |
| Go | lib |
codeql/go-all |
4.2.6 |
4.2.6 |
✅ |
| Java | src |
codeql/java-all |
7.3.0 |
7.3.0 |
✅ |
| Java | lib |
codeql/java-all |
7.3.0 |
7.3.0 |
✅ |
| JavaScript | src |
codeql/javascript-all |
2.6.4 |
2.6.4 |
✅ |
| JavaScript | lib |
codeql/javascript-all |
2.6.4 |
2.6.4 |
✅ |
| Python | src |
codeql/python-all |
4.0.8 |
4.0.8 |
✅ |
| Python | lib |
codeql/python-all |
4.0.8 |
4.0.8 |
✅ |
| Ruby | src |
codeql/ruby-all |
4.1.7 |
[4.1.7](https://github.com/github/codeql/blob/codeql-cli/v2.21.4/ruby/ql/lib/qlpa... |
v0.2.3
Publish summary
Generated by publish.yml run #158 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.3 | 0.2.3 | n/a | n/a |
| C# | 0.2.3 | 0.2.3 | 0.2.3 | 0.2.3 |
| Go | 0.2.3 | 0.2.3 | n/a | n/a |
| Java | 0.2.3 | 0.2.3 | 0.2.3 | 0.2.3 |
| JavaScript | 0.2.3 | 0.2.3 | n/a | n/a |
| Python | 0.2.3 | 0.2.3 | n/a | n/a |
| Ruby | 0.2.3 | 0.2.3 | n/a | n/a |
** NOTE: codeql-java-queries v0.2.2 was published in August 25 - so much of the 0.2.2 changelog is synced up in v0.2.3 for codeql-java-queries
What's Changed
- Sync all packs to 0.2.2 and make .release.yml the version source of truth by @felickz in #158
- fix(java): remove duplicate codeql-java-extensions dependency causing fatal analysis crash by @felickz in #155
Full Changelog: v0.2.2...v0.2.3
CodeQL standard library & query pack versions
Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1
Comparing each language's direct codeql/* dependencies (from <lang>/src/qlpack.yml, resolved in src/codeql-pack.lock.yml) against the versions github/codeql itself ships for CLI v2.21.1 (tag codeql-cli/v2.21.1). Each cell links to the exact file/line backing it - our side at the commit this table was generated from, upstream at the CLI tag - so the claim can be verified with one click. A mismatch means codeql pack upgrade <lang>/src (and lib/ext as needed) hasn't been run since the last .codeqlversion bump - see CONTRIBUTING.md: Updating the pinned CodeQL CLI/library version.
| Language | Dependency | Our locked version | Upstream (CLI v2.21.1 ships) | Status |
|---|---|---|---|---|
| C++ | codeql/cpp-all |
4.2.0 |
4.2.0 |
✅ |
| C++ | codeql/cpp-queries |
1.3.8 |
1.3.8 |
✅ |
| C# | codeql/csharp-all |
5.1.4 |
5.1.4 |
✅ |
| C# | codeql/csharp-queries |
1.1.1 |
1.1.1 |
✅ |
| Go | codeql/go-all |
4.2.3 |
4.2.3 |
✅ |
| Java | codeql/java-all |
7.1.3 |
7.1.3 |
✅ |
| JavaScript | codeql/javascript-all |
2.6.1 |
2.6.1 |
✅ |
| Python | codeql/python-all |
4.0.5 |
4.0.5 |
✅ |
| Ruby | codeql/ruby-all |
4.1.4 |
4.1.4 |
✅ |
v0.2.2
Note
All 18 published packages are now synced to 0.2.2. Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1. n/a means that pack doesn't exist for this language (only C# and Java publish ext/ext-library-sources today).
Progress toward v0.2.2
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.2 | 0.2.2 | n/a | n/a |
| C# | 0.2.2 | 0.2.2 | 0.2.2 | 0.2.2 |
| Go | 0.2.2 | 0.2.2 | n/a | n/a |
| Java | 0.2.2 ** | 0.2.2 | 0.2.2 | 0.2.2 |
| JavaScript | 0.2.2 | 0.2.2 | n/a | n/a |
| Python | 0.2.2 | 0.2.2 | n/a | n/a |
| Ruby | 0.2.2 | 0.2.2 | n/a | n/a |
** NOTE: codeql-java-queries v0.2.2 was published in August 25 - so much of the changelog below does not apply to this release - will be synced up in v0.2.3
18 of 18 published packages are on 0.2.2. All republished automatically by publish.yml after #158 merged to main; codeql-java-queries was already at 0.2.2 and was correctly skipped as a no-op (confirms the publish workflow's version-diff check is idempotent). See CONTRIBUTING.md: Releases & publishing for how a version bump triggers a republish.
What's Changed
- deps: bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 in the production-dependencies group by @dependabot[bot] in #108
- deps: bump 42ByteLabs/patch-release-me from 0.4.1 to 0.5.3 in the production-dependencies group by @dependabot[bot] in #109
- deps: bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 in the production-dependencies group by @dependabot[bot] in #110
- deps: bump actions/create-github-app-token from 1 to 2 in the production-dependencies group by @dependabot[bot] in #111
- deps: bump 42ByteLabs/patch-release-me from 0.5.3 to 0.5.4 in the production-dependencies group by @dependabot[bot] in #112
- docs: Update README by @GeekMasher in #104
- Python: Add generated and manual models by @GeekMasher in #113
- Java: Debugging queries by @GeekMasher in #114
- JS: debugging queries by @GeekMasher in #115
- Python: Debugging queries by @GeekMasher in #119
- Go: Debugging queries by @GeekMasher in #120
- deps: bump 42ByteLabs/patch-release-me from 0.5.4 to 0.5.5 in the production-dependencies group by @dependabot[bot] in #122
- Feat: Add support for .codeqlversion by @GeekMasher in #117
- deps: bump 42ByteLabs/patch-release-me from 0.5.5 to 0.6.0 in the production-dependencies group by @dependabot[bot] in #128
- Remove "Change notes" section by @kevinbackhouse in #127
- Update synthetics config to exclude
testdir by @GeekMasher in #131 - Java: remove SpringBootActuators query by @jcogs33 in #123
- deps: bump 42ByteLabs/patch-release-me from 0.6.0 to 0.6.1 in the production-dependencies group by @dependabot[bot] in #133
- Update synthetics.yml to remove WP 1P content by @felickz in #132
- Update dependencies to packs shipped with 2.21.1 by @jcogs33 in #124
- Add CodeQL quality configuration file for enhanced code quality analysis by @felickz in #136
- Java: Remove the query
githubsecuritylab/java/insecure-spring-actuator-config. by @michaelnebel in #138 - deps: bump the production-dependencies group with 2 updates by @dependabot[bot] in #137
- deps: bump the production-dependencies group across 1 directory with 6 updates by @dependabot[bot] in #143
- Fix indentation for 'pack' and 'extensible' fields in model YAML files by @felickz in #146
- deps: bump the production-dependencies group across 1 directory with 8 updates by @dependabot[bot] in #150
- deps: bump dorny/paths-filter from 4.0.1 to 4.0.2 in the production-dependencies group by @dependabot[bot] in #152
- Add Java security queries: cleartext LDAP, insecure JDBC cert, credentials in URL, IDOR by @felickz in #151
- docs: document CodeQL version pinning and pack compatibility by @felickz in #154
- security: adopt supply chain security defaults by @felickz in #153
- docs: clarify how release/publish process works today by @felickz in #157
- Sync all packs to 0.2.2 and make .release.yml the version source of truth by @felickz in #158
New Contributors
- @kevinbackhouse made their first contribution in #127
- @jcogs33 made their first contribution in #123
Full Changelog: v0.2.1...v0.2.2
Publish summary
Generated by publish.yml run #153 — 🆕 marks a package republished by this run.
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.2 | 0.2.2 | n/a | n/a |
| C# | 0.2.2 | 0.2.2 | [0.2.2](https://github.com/GitHubSecurityLab/CodeQL-Community-P... |
v0.2.1
Published package versions
This table is the point of truth for what's actually published to GHCR today. It's updated by hand when packages are republished; if it looks stale, check the pack's qlpack.yml on main and the GHCR package page directly.
Pinned CodeQL CLI/library version (.codeqlversion): v2.21.1
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.1 | 0.2.1 | n/a | n/a |
| C# | 0.2.1 | 0.2.1 | 0.2.1 | 0.2.1 |
| Go | 0.2.1 | 0.2.1 | n/a | n/a |
| Java | 0.2.2 | 0.2.1 | 0.2.1 | 0.2.1 |
| JavaScript | 0.2.1 | 0.2.1 | n/a | n/a |
| Python | 0.2.1 | 0.2.1 | n/a | n/a |
| Ruby | 0.2.1 | 0.2.1 | n/a | n/a |
Java's queries pack is the only one currently republished with v2.21.1-era content (bumped straight to 0.2.2 in a standalone commit). Every other pack's source already targets v2.21.1, but its qlpack.yml version was never bumped, so GHCR is still serving the pre-v2.21.1 0.2.1 build. See CONTRIBUTING.md: Releases & publishing for how a version bump triggers a republish.
What's Changed
- Pin CodeQL in the publish workflow. by @michaelnebel in #103
- Fix issue with C# model pack and publish packs. by @michaelnebel in #106
Full Changelog: v0.2.0...v0.2.1
v0.2.0
Published package versions
Historical snapshot: every pack was 0.2.0 at this release. There was no repo-wide .codeqlversion pin yet (added later); CI (ci.yml) tested against CodeQL 2.20.1, while publish.yml had no explicit CLI pin and just used whatever CodeQL was preinstalled on the runner.
CI CodeQL CLI version at this release: v2.20.1
| Language | Queries (src) |
Library (lib) |
Extensions (ext) |
Library sources (ext-library-sources) |
|---|---|---|---|---|
| C++ | 0.2.0 | 0.2.0 | n/a | n/a |
| C# | 0.2.0 | 0.2.0 | 0.2.0 | 0.2.0 |
| Go | 0.2.0 | 0.2.0 | n/a | n/a |
| Java | 0.2.0 | 0.2.0 | 0.2.0 | 0.2.0 |
| JavaScript | 0.2.0 | 0.2.0 | n/a | n/a |
| Python | 0.2.0 | 0.2.0 | n/a | n/a |
| Ruby | 0.2.0 | 0.2.0 | n/a | n/a |
For the current published state, see the v0.2.1 release notes.
What's Changed
- Propose repo structure by @pwntester in #1
- Add combined Java QLPacks by @pwntester in #2
- Use runner's CodeQL instead of downloading
gh-codeqlby @jorgectf in #5 - Organize tests into same folders as src pack by @pwntester in #4
- Combine GoLang QLPacks by @pwntester in #3
- Remove ext pack for Go since MaD are not yet supported by @pwntester in #6
- Combine C# packs by @pwntester in #7
- Merge field/seclab packs by @pwntester in #8
- Initial Ruby QLPacks by @pwntester in #9
- Add .gitkeep files for python by @pwntester in #10
- Rename query IDs by @pwntester in #12
- Add .gitkeep files for csharp by @pwntester in #11
- Add cpp packs by @pwntester in #13
- Add Javascript packs by @pwntester in #14
- Update build.yml by @jorgectf in #17
- Add
suitespath by @jorgectf in #16 - Add new Java queries and CVEs by @pwntester in #19
- Add getting started by @jorgectf in #18
- Update README.md by @pwntester in #21
- Refactor github folder to ghsl by @pwntester in #23
- Python - Update Weak PRNG query by @GeekMasher in #22
- Update CodeQL lock files by @GeekMasher in #24
- CPP: Fix Pack Issue by @GeekMasher in #26
- Disclaimer about new language aliases by @jorgectf in #27
- JS: Update precision and Bump Pack Version by @GeekMasher in #29
- Increase visibility of language aliases note by @tspascoal in #30
- Update CommandInjection.ql by @pwntester in #34
- Account for JaxRS filters by @pwntester in #31
- Refactor Partial Path Queries by @pwntester in #33
- csharp: Update WeakPasswordHashing.qhelp by @geoffw0 in #37
- Fixes pack rename in audit suites + adds CPP audit suite by @felickz in #35
- Bump C++, C#, and Java pack versions by @GeekMasher in #38
- Python: Bump dependencies and versions for Python by @GeekMasher in #36
- Java Local Queries by @felickz in #39
- Java: v0.0.5 by @GeekMasher in #40
- feat(csharp): DotEnv Models by @GeekMasher in #41
- CodeQL Configurations by @GeekMasher in #45
- Add Synthetic CodeQL configuration file by @felickz in #46
- exclude CoverageResults html from interpreted scans by @felickz in #47
- Create JS SqlInjectionAudit.ql by @felickz in #50
- Create undertow-core.model.yml by @felickz in #49
- CODEOWNERS by @GeekMasher in #53
- Synthetic Config - remove wwwroot/lib for .net JS libraries by @felickz in #51
- feat: Create devcontainer.json by @GeekMasher in #54
- JS: add templates for forward and backwards data flow by @p- in #56
- Go: Fix GoLang queries by @GeekMasher in #43
- Update CodeQL predicates used by ExternalAPIsQuery by @pwntester in #61
- Go: Local Sources by @GeekMasher in #42
- add CWE-770 experimental query for detection of DoS by @Sim4n6 in #55
- Add Browser Extensions Queries and Models by @Kwstubbs in #52
- Update Devcontainers by @GeekMasher in #63
- feat(java): Update to Java queries by @GeekMasher in #62
- Add even better dev container support with some scripts by @GeekMasher in #64
- feat: Add Python Data Extensions pack by @GeekMasher in #65
- CodeQL Synthetic Config - Add additional 3rd party paths to ignore by @felickz in #67
- Rename build workflow and job by @pwntester in #71
- C#: Re-factor some of the existing tests. by @michaelnebel in #70
- Fix compile dependency. by @micha...