Merge branch 'main' into securingdev-java-CWE-611-dataflow-update

Author: securingdev

.codeqlmanifest.json

@@ -2,11 +2,9 @@
   "provide": [
     "codeql/*/ql/src/qlpack.yml",
     "codeql/*/ql/lib/qlpack.yml",
-    "extensions/*/qlpack.yml",
     "*/qlpack.yml",
-    "*/customizations/qlpack.yml",
-    "go/qlpack.yml",
-    "tests/go-tests/qlpack.yml"
+    "extensions/*/qlpack.yml",
+    "tests/*/qlpack.yml"
   ],
   "versionPolicies": {
     "default": {
@@ -15,4 +13,4 @@
       "committedVersion": "nextPatchRelease"
     }
   }
-}
+}

.github/workflows/release-main.yml

@@ -2,7 +2,7 @@ name: "Create CodeQL Pack Release"
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   workflow_dispatch:
 
 jobs:
@@ -16,14 +16,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'csharp', 'javascript', 'python' ]
+        language: ["csharp", "javascript", "python"]
 
     steps:
       - uses: actions/checkout@v3
 
       - name: "Check and Publish CodeQL Packs"
         env:
-          GITHUB_TOKEN: ${{ secrets.OCTODEMOBOT_PACKAGES_ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/codeql-${{ matrix.language }}/versions --jq '.[0].metadata.container.tags[0]')
           CURRENT_VERSION=$(grep version ${{ matrix.language }}/qlpack.yml | awk '{print $2}')
@@ -40,14 +40,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'csharp', 'java', 'javascript' ]
+        language: ["csharp", "java", "javascript"]
 
     steps:
       - uses: actions/checkout@v3
 
       - name: Compile / Check Suites & Packs
         env:
-          GITHUB_TOKEN: ${{ secrets.OCTODEMOBOT_PACKAGES_ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/codeql-${{ matrix.language }}-extensions/versions --jq '.[0].metadata.container.tags[0]')
           CURRENT_VERSION=$(grep version extensions/codeql-${{ matrix.language }}-extensions/qlpack.yml | awk '{print $2}')

codeql

@@ -4,42 +4,42 @@ disable-default-queries: true
 
 packs:
   # > C/C++
-  # security-extended
-  - codeql/cpp-queries:codeql-suites/cpp-security-extended.qls
+  # security-experimental
+  - codeql/cpp-queries:codeql-suites/cpp-security-experimental.qls
 
   # > C# queries
   - advanced-security/codeql-csharp
   - advanced-security/codeql-csharp-extensions
-  # security-extended
-  - codeql/csharp-queries:codeql-suites/csharp-security-extended.qls
+  # security-experimental
+  - codeql/csharp-queries:codeql-suites/csharp-security-experimental.qls
   # solorigate
   - codeql/csharp-solorigate-queries
 
   # > Java/Kotlin queries
   - advanced-security/codeql-java
   - advanced-security/codeql-java-extensions
-  # security-extended
-  - codeql/java-queries:codeql-suites/java-security-extended.qls
+  # security-experimental
+  - codeql/java-queries:codeql-suites/java-security-experimental.qls
 
   # > JavaScript/TypeScript queries
   - advanced-security/codeql-javascript
   - advanced-security/codeql-javascript-extensions
-  # security-extended
-  - codeql/javascript-queries:codeql-suites/javascript-security-extended.qls
+  # security-experimental
+  - codeql/javascript-queries:codeql-suites/javascript-security-experimental.qls
 
   # > Python queries
   - advanced-security/codeql-python
-  # security-extended
-  - codeql/python-queries:codeql-suites/python-security-extended.qls
+  # security-experimental
+  - codeql/python-queries:codeql-suites/python-security-experimental.qls
 
   # > Go queries
   - advanced-security/codeql-go
-  # security-extended
-  - codeql/go-queries:codeql-suites/go-security-extended.qls
+  # security-experimental
+  - codeql/go-queries:codeql-suites/go-security-experimental.qls
 
   # > Ruby
-  # security-extended
-  - codeql/ruby-queries:codeql-suites/ruby-security-extended.qls
+  # security-experimental
+  - codeql/ruby-queries:codeql-suites/ruby-security-experimental.qls
 
 
 paths-ignore:

config/codeql.yml

@@ -1,7 +1,6 @@
----
 library: false
 name: advanced-security/codeql-cpp
-version: 0.1.0
-dependencies:
-  codeql/cpp-all: "^0.7.2"
+version: 0.2.0
 defaultSuiteFile: suites/codeql-cpp.qls
+dependencies:
+  codeql/cpp-all: 0.9.0

cpp/qlpack.yml

@@ -2,11 +2,11 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/csharp-all:
-    version: 0.6.2
+    version: 0.6.4
   codeql/ssa:
-    version: 0.0.17
+    version: 0.0.19
   codeql/tutorial:
-    version: 0.0.10
+    version: 0.0.12
   codeql/util:
-    version: 0.0.10
+    version: 0.0.12
 compiled: false

csharp/codeql-pack.lock.yml

@@ -1,7 +1,7 @@
----
 library: false
 name: advanced-security/codeql-csharp
-version: 0.3.0
-dependencies:
-  codeql/csharp-all: "^0.6.2"
+version: 0.4.0
 defaultSuiteFile: suites/codeql-csharp.qls
+dependencies:
+  codeql/csharp-all: 0.7.2
+  advanced-security/codeql-csharp-extensions: 0.3.0

csharp/qlpack.yml

@@ -1,7 +1,6 @@
----
 library: false
 name: advanced-security/codeql-go
-version: 0.1.0
-dependencies:
-  codeql/go-all: "^0.5.2"
+version: 0.2.0
 defaultSuiteFile: suites/codeql-go.qls
+dependencies:
+  codeql/go-all: 0.6.2

go/qlpack.yml

@@ -1,7 +1,7 @@
----
 library: false
 name: advanced-security/codeql-java
-version: 0.1.0
-dependencies:
-  codeql/java-all: "^0.6.2"
+version: 0.2.0
 defaultSuiteFile: suites/codeql-java.qls
+dependencies:
+  codeql/java-all: 0.7.2
+  advanced-security/codeql-java-extensions: 0.3.2

java/qlpack.yml

@@ -1,7 +1,6 @@
----
 library: false
 name: advanced-security/codeql-javascript
-version: 0.3.1
-dependencies:
-  codeql/javascript-all: "^0.6.2"
+version: 0.4.0
 defaultSuiteFile: suites/codeql-javascript.qls
+dependencies:
+  codeql/javascript-all: 0.7.2