From 4229a974a2f88f69b493bf187d9170b557c5689d Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Wed, 30 Jul 2025 16:41:42 +0100 Subject: [PATCH 01/25] Update the dependencies to CodeQL CLI 2.22.2. --- .../frameworks/cap/lib/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/cap/src/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/cap/test/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/ui5/lib/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/ui5/src/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/ui5/test/codeql-pack.lock.yml | 30 ++++++++----------- javascript/frameworks/ui5/test/qlpack.yml | 1 - .../frameworks/xsjs/lib/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/xsjs/src/codeql-pack.lock.yml | 24 ++++++++------- .../frameworks/xsjs/test/codeql-pack.lock.yml | 24 ++++++++------- .../tests/codeql-pack.lock.yml | 24 ++++++++------- scripts/codeql-pack.lock.yml | 24 --------------- 12 files changed, 131 insertions(+), 140 deletions(-) delete mode 100644 scripts/codeql-pack.lock.yml diff --git a/javascript/frameworks/cap/lib/codeql-pack.lock.yml b/javascript/frameworks/cap/lib/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/cap/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/lib/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/cap/src/codeql-pack.lock.yml b/javascript/frameworks/cap/src/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/cap/src/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/cap/test/codeql-pack.lock.yml b/javascript/frameworks/cap/test/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/cap/test/codeql-pack.lock.yml +++ b/javascript/frameworks/cap/test/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml b/javascript/frameworks/ui5/lib/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/lib/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/ui5/src/codeql-pack.lock.yml b/javascript/frameworks/ui5/src/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/ui5/src/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/ui5/test/codeql-pack.lock.yml b/javascript/frameworks/ui5/test/codeql-pack.lock.yml index 9dd6c6365..2c96a58ff 100644 --- a/javascript/frameworks/ui5/test/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/test/codeql-pack.lock.yml @@ -1,32 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 - codeql/javascript-queries: - version: 1.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 - codeql/suite-helpers: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 - codeql/typos: - version: 1.0.16 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index c81393a00..6f571795d 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -3,7 +3,6 @@ version: 0.7.0 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" - codeql/javascript-queries: "^1.2.0" advanced-security/javascript-sap-ui5-queries: "^0.7.0" advanced-security/javascript-sap-ui5-models: "^0.7.0" advanced-security/javascript-sap-ui5-all: "^0.7.0" diff --git a/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml b/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/lib/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/xsjs/src/codeql-pack.lock.yml b/javascript/frameworks/xsjs/src/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/xsjs/src/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/frameworks/xsjs/test/codeql-pack.lock.yml b/javascript/frameworks/xsjs/test/codeql-pack.lock.yml index c39c17fe3..2c96a58ff 100644 --- a/javascript/frameworks/xsjs/test/codeql-pack.lock.yml +++ b/javascript/frameworks/xsjs/test/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 2.0.0 + version: 2.0.11 codeql/javascript-all: - version: 2.4.0 + version: 2.6.7 codeql/mad: - version: 1.0.16 + version: 1.0.27 codeql/regex: - version: 1.0.16 + version: 1.0.27 codeql/ssa: - version: 1.0.16 + version: 2.0.3 codeql/threat-models: - version: 1.0.16 + version: 1.0.27 codeql/tutorial: - version: 1.0.16 + version: 1.0.27 codeql/typetracking: - version: 2.0.0 + version: 2.0.11 codeql/util: - version: 2.0.3 + version: 2.0.14 codeql/xml: - version: 1.0.16 + version: 1.0.27 codeql/yaml: - version: 1.0.16 + version: 1.0.27 compiled: false diff --git a/javascript/heuristic-models/tests/codeql-pack.lock.yml b/javascript/heuristic-models/tests/codeql-pack.lock.yml index 9c7802785..2c96a58ff 100644 --- a/javascript/heuristic-models/tests/codeql-pack.lock.yml +++ b/javascript/heuristic-models/tests/codeql-pack.lock.yml @@ -1,24 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.1 codeql/dataflow: - version: 0.2.7 + version: 2.0.11 codeql/javascript-all: - version: 0.9.1 + version: 2.6.7 codeql/mad: - version: 0.2.16 + version: 1.0.27 codeql/regex: - version: 0.2.16 + version: 1.0.27 codeql/ssa: - version: 0.2.16 + version: 2.0.3 + codeql/threat-models: + version: 1.0.27 codeql/tutorial: - version: 0.2.16 + version: 1.0.27 codeql/typetracking: - version: 0.2.16 + version: 2.0.11 codeql/util: - version: 0.2.16 + version: 2.0.14 codeql/xml: - version: 0.0.3 + version: 1.0.27 codeql/yaml: - version: 0.2.16 + version: 1.0.27 compiled: false diff --git a/scripts/codeql-pack.lock.yml b/scripts/codeql-pack.lock.yml deleted file mode 100644 index 68a286eb2..000000000 --- a/scripts/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 1.1.2 - codeql/javascript-all: - version: 2.0.0 - codeql/mad: - version: 1.0.8 - codeql/regex: - version: 1.0.8 - codeql/ssa: - version: 1.0.8 - codeql/tutorial: - version: 1.0.8 - codeql/typetracking: - version: 1.0.8 - codeql/util: - version: 1.0.8 - codeql/xml: - version: 1.0.8 - codeql/yaml: - version: 1.0.8 -compiled: false From 6f1567c045e897af992a208371c97d5b8e4b0a4a Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Wed, 30 Jul 2025 17:01:29 +0100 Subject: [PATCH 02/25] Update UI5 test dependencies --- javascript/frameworks/ui5/test/codeql-pack.lock.yml | 6 ++++++ javascript/frameworks/ui5/test/qlpack.yml | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/javascript/frameworks/ui5/test/codeql-pack.lock.yml b/javascript/frameworks/ui5/test/codeql-pack.lock.yml index 2c96a58ff..e45f447c6 100644 --- a/javascript/frameworks/ui5/test/codeql-pack.lock.yml +++ b/javascript/frameworks/ui5/test/codeql-pack.lock.yml @@ -7,18 +7,24 @@ dependencies: version: 2.0.11 codeql/javascript-all: version: 2.6.7 + codeql/javascript-queries: + version: 2.0.0 codeql/mad: version: 1.0.27 codeql/regex: version: 1.0.27 codeql/ssa: version: 2.0.3 + codeql/suite-helpers: + version: 1.0.27 codeql/threat-models: version: 1.0.27 codeql/tutorial: version: 1.0.27 codeql/typetracking: version: 2.0.11 + codeql/typos: + version: 1.0.27 codeql/util: version: 2.0.14 codeql/xml: diff --git a/javascript/frameworks/ui5/test/qlpack.yml b/javascript/frameworks/ui5/test/qlpack.yml index 6f571795d..924a16a90 100644 --- a/javascript/frameworks/ui5/test/qlpack.yml +++ b/javascript/frameworks/ui5/test/qlpack.yml @@ -3,6 +3,10 @@ version: 0.7.0 extractor: javascript dependencies: codeql/javascript-all: "^2.4.0" + # We use this dependency to run the standard Log Injection query to ensure that + # no overlap occurs with the SAP UI5 queries. We therefore allow any version + # greater than or equal to 1.2.0, as major breaking changes are not a concern. + codeql/javascript-queries: ">1.2.0" advanced-security/javascript-sap-ui5-queries: "^0.7.0" advanced-security/javascript-sap-ui5-models: "^0.7.0" advanced-security/javascript-sap-ui5-all: "^0.7.0" From 6ca2c51864189bc872f17995e62556342a18468b Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Wed, 30 Jul 2025 17:35:15 +0100 Subject: [PATCH 03/25] Update qlt.conf.json to 2.22.2 --- qlt.conf.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qlt.conf.json b/qlt.conf.json index 552911a55..f2598893e 100644 --- a/qlt.conf.json +++ b/qlt.conf.json @@ -1,5 +1,5 @@ { - "CodeQLCLI": "2.20.4", - "CodeQLStandardLibrary": "codeql-cli/v2.20.4", - "CodeQLCLIBundle": "codeql-bundle-v2.20.4" + "CodeQLCLI": "2.22.2", + "CodeQLStandardLibrary": "codeql-cli/v2.22.2", + "CodeQLCLIBundle": "codeql-bundle-v2.22.2" } \ No newline at end of file From 2f48d3c7afbf2bfac21ce8a1b04498851dad761f Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Sat, 2 Aug 2025 00:14:03 +0100 Subject: [PATCH 04/25] Address incompatibility introduced in CodeQL PR #19445. SummarizedCallables appear not to work with class Configurations. --- .../frameworks/ui5/dataflow/DataFlow.qll | 1 + .../frameworks/ui5/dataflow/PatchDataFlow.qll | 77 +++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/PatchDataFlow.qll diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/DataFlow.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/DataFlow.qll index ffba729d3..94675378d 100644 --- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/DataFlow.qll +++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/DataFlow.qll @@ -5,6 +5,7 @@ import advanced_security.javascript.frameworks.ui5.UI5View import advanced_security.javascript.frameworks.ui5.RemoteFlowSources import advanced_security.javascript.frameworks.ui5.dataflow.FlowSteps private import StdLibDataFlow::DataFlow::PathGraph as DataFlowPathGraph +private import PatchDataFlow /** * A statically visible part of a local model's content that has a binding path referring to it in a control declaration acting as an HTML injection sink. diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/PatchDataFlow.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/PatchDataFlow.qll new file mode 100644 index 000000000..b35427905 --- /dev/null +++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/PatchDataFlow.qll @@ -0,0 +1,77 @@ +/** + * This file patches an incompatibility introduced into the standard data flow library between + * class DataFlow::Configurations and `summmaryModels` added in models-as-data files, and likely + * introduced in this PR: https://github.com/github/codeql/pull/19445/files. + */ + +import javascript +import semmle.javascript.dataflow.internal.FlowSummaryPrivate +private import semmle.javascript.frameworks.data.internal.ApiGraphModels as Shared + +/** + * Holds if `path` is an input or output spec for a summary with the given `base` node. + */ +pragma[nomagic] +private predicate relevantInputOutputPath(API::InvokeNode base, AccessPath inputOrOutput) { + exists(string type, string input, string output, string path | + ModelOutput::resolvedSummaryBase(type, path, base) and + ModelOutput::relevantSummaryModel(type, path, input, output, _, _) and + inputOrOutput = [input, output] + ) +} + +/** + * Gets the API node for the first `n` tokens of the given input/output path, evaluated relative to `baseNode`. + */ +private API::Node getNodeFromInputOutputPath(API::InvokeNode baseNode, AccessPath path, int n) { + relevantInputOutputPath(baseNode, path) and + ( + n = 1 and + result = Shared::getSuccessorFromInvoke(baseNode, path.getToken(0)) + or + result = + Shared::getSuccessorFromNode(getNodeFromInputOutputPath(baseNode, path, n - 1), + path.getToken(n - 1)) + ) +} + +/** + * Gets the API node for the given input/output path, evaluated relative to `baseNode`. + */ +private API::Node getNodeFromInputOutputPath(API::InvokeNode baseNode, AccessPath path) { + result = getNodeFromInputOutputPath(baseNode, path, path.getNumToken()) +} + +private predicate summaryStep(API::Node pred, API::Node succ, string kind) { + exists(string type, string path, API::InvokeNode base, AccessPath input, AccessPath output | + ModelOutput::relevantSummaryModel(type, path, input, output, kind, _) and + ModelOutput::resolvedSummaryBase(type, path, base) and + pred = getNodeFromInputOutputPath(base, input) and + succ = getNodeFromInputOutputPath(base, output) + ) +} + +/** + * Like `ModelOutput::summaryStep` but with API nodes mapped to data-flow nodes. + */ +private predicate summaryStepNodes(DataFlow::Node pred, DataFlow::Node succ, string kind) { + exists(API::Node predNode, API::Node succNode | + summaryStep(predNode, succNode, kind) and + pred = predNode.asSink() and + succ = succNode.asSource() + ) +} + +/** Data flow steps induced by summary models of kind `value`. */ +private class DataFlowStepFromSummary extends DataFlow::SharedFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + summaryStepNodes(pred, succ, "value") + } +} + +/** Taint steps induced by summary models of kind `taint`. */ +private class TaintStepFromSummary extends TaintTracking::SharedTaintStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + summaryStepNodes(pred, succ, "taint") + } +} From efc798dbc6628d5fa3d2d3e36f789498001567eb Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Wed, 6 Aug 2025 15:24:27 -0400 Subject: [PATCH 05/25] Test swapping out cds compilation script --- .github/workflows/code_scanning.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 357bdb5f3..10ac6607c 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -53,9 +53,10 @@ jobs: - name: Run CDS extractor shell: bash run: | - export CODEQL_DIST="$(dirname "${{ steps.initialize-codeql.outputs.codeql-path }}")" - export CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${{ runner.temp }}/codeql-database/javascript" - ${{ github.workspace }}/scripts/compile-cds.sh + # export CODEQL_DIST="$(dirname "${{ steps.initialize-codeql.outputs.codeql-path }}")" + # export CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${{ runner.temp }}/codeql-database/javascript" + # ${{ github.workspace }}/scripts/compile-cds.sh + ${{ github.workspace }}/extractors/cds/tools/workflow/cds-compilation-for-actions.sh - name: Perform CodeQL Analysis id: analyze From 76246623b90b04a58f96b76acc43bcc1e2d40680 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Wed, 6 Aug 2025 16:51:01 -0400 Subject: [PATCH 06/25] Test swapping out bundle version to 2.22.3 --- .github/workflows/code_scanning.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 10ac6607c..372de820f 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -47,13 +47,14 @@ jobs: languages: javascript config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database - tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz + # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.3/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor shell: bash run: | - # export CODEQL_DIST="$(dirname "${{ steps.initialize-codeql.outputs.codeql-path }}")" + export CODEQL_DIST="$(dirname "${{ steps.initialize-codeql.outputs.codeql-path }}")" # export CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${{ runner.temp }}/codeql-database/javascript" # ${{ github.workspace }}/scripts/compile-cds.sh ${{ github.workspace }}/extractors/cds/tools/workflow/cds-compilation-for-actions.sh From 16bd53a35eeffdc82ef586246ef845d124ef512f Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Wed, 6 Aug 2025 16:51:48 -0400 Subject: [PATCH 07/25] ouch --- .github/workflows/code_scanning.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 372de820f..8e6e98fda 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -55,9 +55,9 @@ jobs: shell: bash run: | export CODEQL_DIST="$(dirname "${{ steps.initialize-codeql.outputs.codeql-path }}")" - # export CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${{ runner.temp }}/codeql-database/javascript" - # ${{ github.workspace }}/scripts/compile-cds.sh - ${{ github.workspace }}/extractors/cds/tools/workflow/cds-compilation-for-actions.sh + export CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${{ runner.temp }}/codeql-database/javascript" + ${{ github.workspace }}/scripts/compile-cds.sh + # ${{ github.workspace }}/extractors/cds/tools/workflow/cds-compilation-for-actions.sh - name: Perform CodeQL Analysis id: analyze From fd2b88b86b6bcdbb4428b6ff41eb389826f403d0 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Wed, 6 Aug 2025 17:15:22 -0400 Subject: [PATCH 08/25] Test swapping out bundle version to 2.22.0 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 8e6e98fda..afdbe44f3 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.3/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 854dffd867fa89e6e668caaac7e827c2da498dae Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:25:40 -0400 Subject: [PATCH 09/25] Switch the codeql bundle to 2.20.5 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index afdbe44f3..cf0545262 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.5/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 7e97f63ee7f622a10b9efe69d8c0d75e2d8b2f80 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:25:59 -0400 Subject: [PATCH 10/25] Switch the codeql bundle to 2.20.6 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index cf0545262..7b58637b3 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.5/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.6/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From d611f3064794cc58645f1cdad6457b6ae224620f Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:08 -0400 Subject: [PATCH 11/25] Switch the codeql bundle to 2.20.7 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 7b58637b3..b135cb32f 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.6/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.7/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 2f28ef96bed893c8a1ff9f3e7e1a17e3598dcc79 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:16 -0400 Subject: [PATCH 12/25] Switch the codeql bundle to 2.20.8 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index b135cb32f..086c3d0ba 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.7/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.8/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 93f9d318cfa9c1fb97bce21f7731079fe41cac14 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:27 -0400 Subject: [PATCH 13/25] Switch the codeql bundle to 2.20.9 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 086c3d0ba..625a556ab 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.8/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.9/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From db1d156e9f32221bf0c6fbcfa8209bd30da17342 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:36 -0400 Subject: [PATCH 14/25] Switch the codeql bundle to 2.21.0 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 625a556ab..f22483b2c 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.9/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.0/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 9e219008d7f91c3602fce2a3e54185504f0318bf Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:45 -0400 Subject: [PATCH 15/25] Switch the codeql bundle to 2.21.1 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index f22483b2c..358c1cadc 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.0/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 1bfa2f58f3734c0cf2f59e61342a73bf0ff280bf Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:26:55 -0400 Subject: [PATCH 16/25] Switch the codeql bundle to 2.21.2 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 358c1cadc..bfc747eb4 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.2/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 25245920fa26c55056e28e98e6cb02650e3422ce Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:27:19 -0400 Subject: [PATCH 17/25] Switch the codeql bundle to 2.21.3 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index bfc747eb4..d55f7827d 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.2/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.3/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 767d52d798fea5700046422254c6af4a5050bf7a Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:27:27 -0400 Subject: [PATCH 18/25] Switch the codeql bundle to 2.21.4 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index d55f7827d..adc37f5d3 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.3/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.4/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From d91b766690e65ac4db8468645732e4b1e33da59b Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:27:39 -0400 Subject: [PATCH 19/25] Switch the codeql bundle to 2.21.5 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index adc37f5d3..1ff4e7969 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.4/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.5/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From f163a0f31def070353074117491d5dfb925dbca1 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:27:46 -0400 Subject: [PATCH 20/25] Switch the codeql bundle to 2.21.6 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 1ff4e7969..fe4c466b8 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.5/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.6/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From af904daad6f6cd74c9b3003426f8b4ed52d0cf75 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:27:54 -0400 Subject: [PATCH 21/25] Switch the codeql bundle to 2.21.7 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index fe4c466b8..49ec01508 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.6/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.7/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 4b8a02416bc1c75564ef8f7b305c8ba37f1470bc Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:28:04 -0400 Subject: [PATCH 22/25] Switch the codeql bundle to 2.21.8 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 49ec01508..faed06716 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.7/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.8/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 711675e3b5c3e282c2b0b5f7dbf5d772e077d64f Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:28:12 -0400 Subject: [PATCH 23/25] Switch the codeql bundle to 2.21.9 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index faed06716..1f59f0d20 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.8/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.9/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 5058f0fa0aa7104ac4f5c01a08354a976207b40e Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:29:02 -0400 Subject: [PATCH 24/25] Switch the codeql bundle to 2.22.0 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 1f59f0d20..afdbe44f3 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.9/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor From 12440c45dbd732df69b5bdcdb717176ce18601d1 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Mon, 11 Aug 2025 12:29:13 -0400 Subject: [PATCH 25/25] Switch the codeql bundle to 2.22.1 --- .github/workflows/code_scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index afdbe44f3..5b9010a3a 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -48,7 +48,7 @@ jobs: config-file: ./.github/codeql/codeql-config.yaml db-location: ${{ runner.temp }}/codeql-database # tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz - tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.1/codeql-bundle-linux64.tar.gz debug: true - name: Run CDS extractor