Merge pull request #18356 from github/dbartol/actions-suites

Dave Bartolomeo · web-flow · commit 2aba49f07477 · 2024-12-20T15:54:44.000-05:00
Update suites for Actions queries
diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql b/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql
@@ -7,6 +7,7 @@
  * @id actions/unversioned-immutable-action
  * @tags security
  *       actions
+ *       internal
  *       external/cwe/cwe-829
  */
 
diff --git a/actions/ql/src/codeql-suites/actions-all.qls b/actions/ql/src/codeql-suites/actions-all.qls
@@ -1,4 +1,4 @@
-- description: Standard Code Scanning queries for Actions
+- description: Standard Code Scanning queries for GitHub Actions
 - queries: .
 - include:
     kind:
diff --git a/actions/ql/src/codeql-suites/actions-bughalla.qls b/actions/ql/src/codeql-suites/actions-bughalla.qls
@@ -1,4 +1,4 @@
-- description: Bughalla queries for Actions
+- description: Bughalla queries for GitHub Actions
 - queries: '.'
 - exclude:
     tags contain:
diff --git a/actions/ql/src/codeql-suites/actions-code-scanning.qls b/actions/ql/src/codeql-suites/actions-code-scanning.qls
@@ -1,4 +1,4 @@
-- description: Standard Code Scanning queries for Actions
+- description: Standard Code Scanning queries for GitHub Actions
 - queries: '.'
 - include:
     problem.severity: 
@@ -8,4 +8,4 @@
     tags contain:
       - experimental
       - debug
-      
+      - internal
diff --git a/actions/ql/src/codeql-suites/actions-security-and-quality.qls b/actions/ql/src/codeql-suites/actions-security-and-quality.qls
@@ -1,11 +1,2 @@
-- description: Security-and-quality queries for Actions
-- queries: '.'
-- include:
-    problem.severity: 
-      - error
-      - recommendation
-- exclude:
-    tags contain:
-      - experimental
-      - debug
-      
+- description: Security-and-quality queries for GitHub Actions
+- import: codeql-suites/actions-security-extended.qls
diff --git a/actions/ql/src/codeql-suites/actions-security-extended.qls b/actions/ql/src/codeql-suites/actions-security-extended.qls
@@ -0,0 +1,2 @@
+- description: Security-extended queries for GitHub Actions
+- import: codeql-suites/actions-code-scanning.qls

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-- description: Standard Code Scanning queries for Actions`
	`1`	`+- description: Standard Code Scanning queries for GitHub Actions`
`2`	`2`	`- queries: .`
`3`	`3`	`- include:`
`4`	`4`	`kind:`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-- description: Bughalla queries for Actions`
	`1`	`+- description: Bughalla queries for GitHub Actions`
`2`	`2`	`- queries: '.'`
`3`	`3`	`- exclude:`
`4`	`4`	`tags contain:`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+- description: Security-extended queries for GitHub Actions`
	`2`	`+- import: codeql-suites/actions-code-scanning.qls`