jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-10 09:02:35 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into rai-content-linter-rule

Browse Source
This commit is contained in:
Rachael Sewell
2023-12-11 13:22:04 -08:00
committed by GitHub
parent 760242dbd0 032316c349
commit bfaa8a4c64
166 changed files with 15294 additions and 1029 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/improve-existing-docs.yaml vendored
View File

@@ -18,7 +18,7 @@ body:
label: Code of Conduct
description: This project has a Code of Conduct that all participants are expected to understand and follow.
options:
- label: I have read and agree to the GitHub Docs project's [Code of Conduct](https://github.com/github/docs/blob/main/CODE_OF_CONDUCT.md)
- label: I have read and agree to the GitHub Docs project's [Code of Conduct](https://github.com/github/docs/blob/main/.github/CODE_OF_CONDUCT.md)
required: true
- type: textarea

3
.github/workflows/check-broken-links-github-github.yml vendored
View File

@@ -19,7 +19,6 @@ jobs:
env:
# need to use a token from a user with access to github/github for this step
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
FIRST_RESPONDER_PROJECT: Docs content first responder
REPORT_AUTHOR: docs-bot
REPORT_LABEL: github github broken link report
REPORT_REPOSITORY: github/docs-content
@@ -52,7 +51,7 @@ jobs:
- name: Run broken github/github link check
run: |
src/links/scripts/check-github-github-links.js broken_github_github_links.md
npm run check-github-github-links -- broken_github_github_links.md
- name: Get title for issue
# If the file 'broken_github_github_links.md' got created,

116
.github/workflows/delete-orphan-translation-files.yml vendored Normal file
View File

@@ -0,0 +1,116 @@
name: Delete orphan translation files
# **What it does**:
# Compares content & data files left in each translation that aren't
# in docs-internal. Then creates a PR to delete these files.
# **Why we have it**:
# When Juno dumps to each translation repo it can not account for the
# fact that files in docs-internal get moved or deleted. So the
# sum total of files constantly grows.
# This leads to excess files in each translation repo that are not
# ever used but has to be put into every production build.
# **Who does it impact**: Docs engineering
on:
workflow_dispatch:
schedule:
- cron: '20 16 * * 1' # Run every Monday at 16:20 UTC / 8:20 PST
permissions:
contents: write
jobs:
delete-orphan-translation-files:
if: github.repository == 'github/docs-internal'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- language: zh
language_dir: translations/zh-cn
language_repo: github/docs-internal.zh-cn
- language: es
language_dir: translations/es-es
language_repo: github/docs-internal.es-es
- language: pt
language_dir: translations/pt-br
language_repo: github/docs-internal.pt-br
- language: ru
language_dir: translations/ru-ru
language_repo: github/docs-internal.ru-ru
- language: ja
language_dir: translations/ja-jp
language_repo: github/docs-internal.ja-jp
- language: fr
language_dir: translations/fr-fr
language_repo: github/docs-internal.fr-fr
- language: de
language_dir: translations/de-de
language_repo: github/docs-internal.de-de
- language: ko
language_dir: translations/ko-kr
language_repo: github/docs-internal.ko-kr
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Checkout the language-specific repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
repository: ${{ matrix.language_repo }}
token: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
path: ${{ matrix.language_dir }}
- uses: ./.github/actions/node-npm-setup
- name: Delete orphan files
run: |
npm run delete-orphan-translation-files -- ${{ matrix.language_dir }}
- name: Debug deleted files
working-directory: ${{ matrix.language_dir }}
run: git status
- name: Git config
working-directory: ${{ matrix.language_dir }}
run: |
git config --global user.name "docs-bot"
git config --global user.email "77750099+docs-bot@users.noreply.github.com"
- name: Git commit and push, create and merge PR
working-directory: ${{ matrix.language_dir }}
env:
# Needed for gh
GH_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
run: |
git status
current_timestamp=$(date '+%Y-%m-%d-%H%M%S')
branch_name="delete-orphan-files-$current_timestamp"
git checkout -b "$branch_name"
current_daystamp=$(date '+%Y-%m-%d')
git commit -a -m "Delete orphan files ($current_daystamp)"
git push origin "$branch_name"
# Create PR
echo "Creating pull request..."
gh pr create \
--title "Delete orphan files ($current_daystamp)" \
--body '👋 humans. This PR was generated from docs-internal/.github/workflows/delete-orphan-translation-files.yml.
' \
--repo "${{ matrix.language_repo }}"
echo "Merge created PR..."
gh pr merge --merge --auto --delete-branch "$branch_name"
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}
with:
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}

37
.github/workflows/generate-code-scanning-query-lists.yml vendored
View File

@@ -22,11 +22,13 @@ permissions:
jobs:
generate-query-lists:
if: github.repository == 'github/docs-internal'
runs-on: ubuntu-latest
runs-on: ubuntu-20.04-xl
steps:
- name: Checkout repository code
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: ./.github/actions/node-npm-setup
- name: Checkout codeql repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
@@ -42,22 +44,38 @@ jobs:
echo "OPENAPI_COMMIT_SHA=$OPENAPI_COMMIT_SHA" >> $GITHUB_OUTPUT
echo "Copied files from github/codeql repo. Commit SHA: $OPENAPI_COMMIT_SHA"
- name: Set up Python 3.8
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: 3.8
- name: Download CodeQL CLI
# Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
# Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
uses: ./codeql/.github/actions/fetch-codeql
- name: Test CodeQL CLI Download
run: codeql --version
# "Server for running multiple commands while avoiding repeated JVM initialization."
# Having started this should speed up the execution of the various
# CLI calls of the executable.
- name: Start CodeQL CLI server in the background
run: |
codeql execute cli-server &
sleep 3
codeql --version
- name: Build code scanning query list
run: |
for lang in "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift"; do
echo "Generating code scanning query list for $lang"
python src/code-scanning/generate-code-scanning-query-list.py $lang > data/reusables/code-scanning/codeql-query-tables/$lang.md
npm run generate-code-scanning-query-list -- \
--verbose \
--codeql-path codeql \
--codeql-dir codeql \
-o data/reusables/code-scanning/codeql-query-tables/$lang.md \
$lang
done
- name: Debug
run: |
git diff
- name: Create pull request
env:
GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_READPUBLICKEY }}
@@ -75,7 +93,7 @@ jobs:
branchname=codeql-query-tables-${{ steps.codeql.outputs.OPENAPI_COMMIT_SHA }}
# Exit if the branch already exists. Since the actions/checkout fetch-depth is 1,
# Exit if the branch already exists. Since the actions/checkout fetch-depth is 1,
# it doesn't "know" about branches locally, so we need to manually list them.
branchExists=$(git ls-remote --heads origin refs/heads/$branchname | wc -l)
@@ -93,7 +111,6 @@ jobs:
echo "Creating pull request..."
gh pr create \
--title "Update CodeQL query tables" \
--draft \
--repo github/docs-internal \
--label "codeql-query-tables,skip FR board" \
--body '👋 humans. This PR updates the **CodeQL query table reusables** with the latest changes in preparation for the next **CodeQL CLI** release.

2
.github/workflows/lint-entire-content-data-markdown.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
REPORT_AUTHOR: docs-bot
REPORT_LABEL: broken content markdown report
REPORT_REPOSITORY: github/docs-content
run: node src/content-linter/scripts/post-lints.js --path /tmp/error-lints.json
run: npm run post-lints -- --path /tmp/error-lints.json
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'workflow_dispatch' }}

5
.github/workflows/local-dev.yml vendored
View File

@@ -28,6 +28,9 @@ jobs:
# Note that we don't check out docs-early-access, Elasticsearch,
# or any remote translations. Nothing fancy here!
- name: Disable Next.js telemetry
run: npx next telemetry disable
- name: Start server in the background
run: npm start > /tmp/stdout.log 2> /tmp/stderr.log &
@@ -38,7 +41,7 @@ jobs:
curl --fail --retry-connrefused --retry 5 http://localhost:4000/
- name: Run basic tests
run: node src/workflows/test-local-dev.js
run: npm run test-local-dev
- if: ${{ failure() }}
name: Debug server outputs on errors

5
.github/workflows/move-content.yml vendored
View File

@@ -8,6 +8,7 @@ on:
pull_request:
paths:
- src/content-render/scripts/move-content.js
- src/content-render/scripts/test-move-content.ts
- 'src/frame/lib/**/*.js'
- .github/workflows/move-content.yml
@@ -40,7 +41,7 @@ jobs:
src/fixtures/fixtures/content/get-started/quickstart/hello-world.md \
src/fixtures/fixtures/content/get-started/quickstart/hello-wurld.md
node src/content-render/scripts/test-moved-content.js \
npm run test-moved-content -- \
src/fixtures/fixtures/content/get-started/quickstart/hello-world.md \
src/fixtures/fixtures/content/get-started/quickstart/hello-wurld.md
@@ -55,7 +56,7 @@ jobs:
src/fixtures/fixtures/content/code-security/getting-started \
src/fixtures/fixtures/content/code-security/got-started
node src/content-render/scripts/test-moved-content.js \
npm run test-moved-content -- \
src/fixtures/fixtures/content/code-security/getting-started \
src/fixtures/fixtures/content/code-security/got-started

4
.github/workflows/orphaned-assets-check.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
run: |
set -e
filesToRemove=`./src/assets/scripts/find-orphaned-assets.js`
filesToRemove=`npm run find-orphaned-assets`
[ -z "$filesToRemove" ] && exit 0
echo $filesToRemove | xargs git rm
@@ -64,7 +64,7 @@ jobs:
gh pr create \
--title "Delete orphaned assets ($date)" \
--body "Found with the find-orphaned-assets.js script.\n\nFor more info see https://github.com/github/docs-engineering/blob/main/docs/orphaned-assets.md" \
--body "Found with the 'npm run find-orphaned-assets' script.\n\nFor more info see https://github.com/github/docs-engineering/blob/main/docs/orphaned-assets.md" \
--repo github/docs-internal \
--label docs-content-fr

9
.github/workflows/ready-for-doc-review.yml vendored
View File

@@ -35,6 +35,14 @@ jobs:
- name: Install dependencies
run: npm install @octokit/graphql
- name: Set AUTHOR_LOGIN
run: |
if [[ "${{ github.event.pull_request.assignee.login && github.event.pull_request.user.login == 'docs-bot' }}" ]]; then
echo "AUTHOR_LOGIN=${{ github.event.pull_request.assignee.login }}" >> $GITHUB_ENV
else
echo "AUTHOR_LOGIN=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
fi
- name: Run script
run: |
node src/workflows/ready-for-docs-review.js
@@ -43,7 +51,6 @@ jobs:
PROJECT_NUMBER: 2936
ORGANIZATION: 'github'
ITEM_NODE_ID: ${{ github.event.pull_request.node_id }}
AUTHOR_LOGIN: ${{ github.event.pull_request.user.login }}
REPO: ${{ github.event.pull_request.base.repo.full_name }}
# Since the projects API is still in beta, use the old workflow if something fails

13
.github/workflows/remove-from-fr-board.yaml vendored
View File

@@ -19,22 +19,13 @@ jobs:
steps:
- name: Remove issue from board
if: ${{ github.event.client_payload.command.resource.type == 'Issue' }}
run: gh issue edit "$ISSUE_URL" --remove-project "Docs content first responder" --remove-label "docs-content-fr"
run: gh issue edit "$ISSUE_URL" --remove-project "Docs content first responder (deprecated)" --remove-label "docs-content-fr"
env:
GITHUB_TOKEN: ${{secrets.DOCS_BOT_PAT_WORKFLOW_READORG}}
ISSUE_URL: https://github.com/${{ github.event.client_payload.command.repository.full_name }}/issues/${{ github.event.client_payload.command.resource.number }}
- name: Remove PR from board
if: ${{ github.event.client_payload.command.resource.type == 'PullRequest' }}
run: gh pr edit "$PR_URL" --remove-project "Docs content first responder" --remove-label "docs-content-fr"
run: gh pr edit "$PR_URL" --remove-project "Docs content first responder (deprecated)" --remove-label "docs-content-fr"
env:
GITHUB_TOKEN: ${{secrets.DOCS_BOT_PAT_WORKFLOW_READORG}}
PR_URL: https://github.com/${{ github.event.client_payload.command.repository.full_name }}/pull/${{ github.event.client_payload.command.resource.number }}
- name: Check out repo
if: ${{ failure() }}
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: ./.github/actions/slack-alert
if: ${{ failure() }}
with:
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}

46
.github/workflows/repo-freeze-check.yml vendored
View File

@@ -1,46 +0,0 @@
name: Repo Freeze Check
# **What it does**: Prevent pull requests from merging during freezes.
# **Why we have it**: Sometimes we need to freeze deployments for various reasons.
# **Who does it impact**: Anyone working on docs.
on:
workflow_dispatch:
merge_group:
# Needed in lieu of `pull_request` so that PRs from a fork can stopped from merging when there's a freeze.
pull_request_target:
types:
- opened
- reopened
- synchronize
- ready_for_review
- unlocked
branches:
- main
permissions:
contents: read
# **IMPORTANT:** Do not change the FREEZE environment variable set here!
# This workflow runs on a recurring basis. To temporarily disable it (e.g.,
# during a docs deployment freeze), add an Actions Secret to the repo settings
# called `FREEZE` with a value of `true`. To re-enable Audit Logs updates, simply
# delete that Secret from the repo settings. The environment variable here
# will duplicate that Secret's value for later evaluation.
env:
FREEZE: ${{ secrets.FREEZE }}
jobs:
check-freezer:
if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
name: Prevent merging during deployment freezes
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Fail if repo merges are paused
if: ${{ env.FREEZE == 'true' && github.event.pull_request.user.login != 'docs-bot' }}
run: |
echo 'Merges into the "main" branch on this repo are currently paused!'
exit 1

6
.github/workflows/test.yml vendored
View File

@@ -104,7 +104,7 @@ jobs:
- name: Check the test fixture data (if applicable)
if: ${{ matrix.name == 'fixtures' }}
run: ./src/tests/scripts/copy-fixture-data.js --check
run: npm run copy-fixture-data -- --check
# This keeps our fixture content/data in check
- name: Check the test fixture content (if applicable)
@@ -114,11 +114,11 @@ jobs:
run: |
# If either of these fail, it means our fixture content's internal
# links can and should be updated.
./src/links/scripts/update-internal-links.js --dry-run --check --strict \
npm run update-internal-links -- --dry-run --check --strict \
src/fixtures/fixtures/content \
--exclude src/fixtures/fixtures/content/get-started/foo/typo-autotitling.md \
--exclude src/fixtures/fixtures/content/get-started/foo/anchor-autotitling.md
./src/links/scripts/update-internal-links.js --dry-run --check --strict \
npm run update-internal-links -- --dry-run --check --strict \
src/fixtures/fixtures/data
- name: Clone all translations

2
.github/workflows/translation-health-report.yml vendored
View File

@@ -85,7 +85,7 @@ jobs:
env:
POPULAR_PAGES_JSON: popular-pages/records/popular-pages.json
run: |
node src/languages/scripts/create-translation-health-report.js \
npm run create-translation-health-report -- \
--language ${{ matrix.language }} \
--gitref ${{ env.gitref }} \
>> $GITHUB_WORKSPACE/translation-health-report.json

2
Dockerfile
View File

@@ -5,7 +5,7 @@
# --------------------------------------------------------------------------------
# To update the sha, run `docker pull node:$VERSION-alpine`
# look for something like: `Digest: sha256:0123456789abcdef`
FROM node:20-alpine@sha256:b1789b7be6aa16afd642eaaaccdeeeb33bd8f08e69b3d27d931aa9665b731f01 as base
FROM node:20-alpine@sha256:32427bc0620132b2d9e79e405a1b27944d992501a20417a7f407427cc4c2b672 as base
# This directory is owned by the node user
ARG APP_HOME=/home/node/app

BIN
assets/images/help/branches/branch-selection-dropdown-global-nav-update.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
assets/images/help/projects-v2/rec-template-handle.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
assets/images/help/projects-v2/rec-template-select.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
assets/images/help/releases/release-link.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 68 KiB

After

Width:  |  Height:  |  Size: 102 KiB

BIN
assets/images/help/repository/code-button.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 14 KiB

BIN
assets/images/help/repository/file-tree-view-jump-to-file.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
assets/images/help/repository/fork-button.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 40 KiB

BIN
assets/images/help/repository/https-url-clone-cli.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 68 KiB

BIN
assets/images/help/repository/repo-actions-watch.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 25 KiB

BIN
assets/images/help/repository/repository-main-page-go-to-file-no-search-bar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
assets/images/help/repository/repository-main-page-go-to-file.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
assets/images/help/repository/upload-files-button.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 62 KiB

3
content/actions/guides.md
View File

@@ -1,5 +1,5 @@
---
title: Guides for GitHub Actions
title: Guides for {% data variables.product.prodname_actions %}
intro: 'These guides for {% data variables.product.prodname_actions %} include specific use cases and examples to help you configure workflows.'
allowTitleToDifferFromFilename: true
layout: product-guides
@@ -70,4 +70,3 @@ includeGuides:
- /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-static-web-app
- /actions/deployment/deploying-to-your-cloud-provider/deploying-to-azure/deploying-to-azure-kubernetes-service
---

2
content/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners.md
View File

@@ -188,7 +188,7 @@ codeload.github.com
**Needed for uploading/downloading job summaries, logs, workflow artifacts, and caches:**
```shell copy
actions-results-receiver-production.githubapp.com
results-receiver.actions.githubusercontent.com
*.blob.core.windows.net
```

8
content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md
View File

@@ -123,13 +123,13 @@ export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1
## Reviewing the self-hosted runner application log files
You can monitor the status of the self-hosted runner application and its activities. Log files are kept in the `_diag` directory where you installed the runner application, and a new log is generated each time the application is started. The filename begins with \_Runner__, and is followed by a UTC timestamp of when the application was started.
You can monitor the status of the self-hosted runner application and its activities. Log files are kept in the `_diag` directory where you installed the runner application, and a new log is generated each time the application is started. The filename begins with `Runner_`, and is followed by a UTC timestamp of when the application was started.
For detailed logs on workflow job executions, see the next section describing the \_Worker__ files.
For detailed logs on workflow job executions, see the next section describing the `Worker_` files.
## Reviewing a job's log file
The self-hosted runner application creates a detailed log file for each job that it processes. These files are stored in the `_diag` directory where you installed the runner application, and the filename begins with \_Worker__.
The self-hosted runner application creates a detailed log file for each job that it processes. These files are stored in the `_diag` directory where you installed the runner application, and the filename begins with `Worker_`.
{% linux %}
@@ -243,7 +243,7 @@ PS C:\actions-runner> Get-EventLog -LogName Application -Source ActionsRunnerSer
We recommend that you regularly check the automatic update process, as the self-hosted runner will not be able to process jobs if it falls below a certain version threshold. The self-hosted runner application automatically updates itself, but note that this process does not include any updates to the operating system or other software; you will need to separately manage these updates.
You can view the update activities in the \_Runner__ log files. For example:
You can view the update activities in the `Runner_` log files. For example:
```shell
[Feb 12 12:37:07 INFO SelfUpdater] An update is available.

3
content/actions/learn-github-actions/essential-features-of-github-actions.md
View File

@@ -25,6 +25,7 @@ topics:
```yaml
jobs:
example-job:
runs-on: ubuntu-latest
steps:
- name: Connect to PostgreSQL
run: node client.js
@@ -97,6 +98,7 @@ For example, you can create a file and then upload it as an artifact.
jobs:
example-job:
name: Save output
runs-on: ubuntu-latest
steps:
- shell: bash
run: |
@@ -113,6 +115,7 @@ To download an artifact from a separate workflow run, you can use the `actions/d
```yaml
jobs:
example-job:
runs-on: ubuntu-latest
steps:
- name: Download a single artifact
uses: {% data reusables.actions.action-download-artifact %}

2
content/actions/security-guides/security-hardening-for-github-actions.md
View File

@@ -249,7 +249,7 @@ These sections consider some of the steps an attacker can take if they're able t
### Accessing secrets
Workflows triggered using the `pull_request` event have read-only permissions and have no access to secrets. However, these permissions differ for various event triggers such as `issue_comment`, `issues` and `push`, where the attacker could attempt to steal repository secrets or use the write permission of the job's [`GITHUB_TOKEN`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
Workflows triggered from a forked repository using the `pull_request` event have read-only permissions and have no access to secrets. However, these permissions differ for various event triggers such as `issue_comment`, `issues`, `push` and `pull_request` from a branch within the repository, where the attacker could attempt to steal repository secrets or use the write permission of the job's [`GITHUB_TOKEN`](/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
- If the secret or token is set to an environment variable, it can be directly accessed through the environment using `printenv`.
- If the secret is used directly in an expression, the generated shell script is stored on-disk and is accessible.

2
content/admin/identity-and-access-management/understanding-iam-for-enterprises/about-enterprise-managed-users.md
View File

@@ -89,7 +89,7 @@ For more information about authentication and provisioning, see the following ar
Some customers have reported success using a partner IdP's application only for authentication, in combination with a different IdP for provisioning. For example, a combination of Okta for authentication and a custom SCIM solution for provisioning, or a combination of Keycloak for authentication and SailPoint for provisioning. {% data variables.product.company_short %} has not tested all IdPs, and does not test partner IdPs in combination with other IdPs.
For more information about provisioning users from your IdP using the public beta of {% data variables.product.company_short %}'s SCIM schema, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)," and consult your IdP's documentation, support team, or other resources.
For more information about provisioning users from your IdP using the private beta of {% data variables.product.company_short %}'s SCIM schema, see "[AUTOTITLE](/admin/identity-and-access-management/provisioning-user-accounts-for-enterprise-managed-users/provisioning-users-with-scim-using-the-rest-api)," and consult your IdP's documentation, support team, or other resources.
{% data reusables.enterprise_user_management.authentication-or-provisioning-migration-not-supported %}

8
content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md
View File

@@ -67,9 +67,13 @@ After a user successfully authenticates on your IdP, the user's SAML session for
{% data reusables.saml.saml-supported-idps %}
For more information about connecting Azure AD to your enterprise, see [Tutorial: Azure Active Directory SSO integration with GitHub Enterprise Cloud - Enterprise Account](https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/github-enterprise-cloud-enterprise-account-tutorial) in Microsoft Docs.
{% ifversion ghec %}
{% ifversion ghes or ghae %}
For more information about connecting Azure AD to your enterprise, see [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Cloud - Enterprise Account](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-enterprise-cloud-enterprise-account-tutorial) in Microsoft Docs.
{% elsif ghes or ghae %}
For more information about connecting Azure AD to your enterprise, see [Tutorial: Microsoft Entra SSO integration with GitHub Enterprise Server](https://learn.microsoft.com/en-us/entra/identity/saas-apps/github-ae-tutorial) in Microsoft Docs.
## Username considerations with SAML

6
content/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app.md
View File

@@ -88,7 +88,7 @@ puts jwt
```python copy
#!/usr/bin/env python3
import jwt
from jwt import JWT, jwk_from_pem
import time
import sys
@@ -107,7 +107,7 @@ else:
# Open PEM
with open(pem, 'rb') as pem_file:
signing_key = jwt.jwk_from_pem(pem_file.read())
signing_key = jwk_from_pem(pem_file.read())
payload = {
# Issued at time
@@ -119,7 +119,7 @@ payload = {
}
# Create JWT
jwt_instance = jwt.JWT()
jwt_instance = JWT()
encoded_jwt = jwt_instance.encode(payload, signing_key, alg='RS256')
print(f"JWT: {encoded_jwt}")

16
content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
View File

@@ -24,7 +24,7 @@ You can remove the file from the latest commit with `git rm`. For information on
{% warning %}
**Warning**: This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}. However, those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %}, and through any pull requests that reference them. You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}.
**Warning**: This article tells you how to make commits with sensitive data unreachable from any branches or tags in your repository on {% ifversion ghae %}{% data variables.product.product_name %}{% else %}{% data variables.location.product_location %}{% endif %}. However, those commits may still be accessible in any clones or forks of your repository, directly via their SHA-1 hashes in cached views on {% data variables.product.product_name %}, and through any pull requests that reference them. You cannot remove sensitive data from other users' clones of your repository, but you can permanently remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %} by contacting {% data variables.contact.contact_support %}. {% ifversion fpt or ghec %}{% data variables.contact.github_support %} only assists in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials.{% endif %}
Once you have pushed a commit to {% data variables.product.product_name %}, you should consider any sensitive data in the commit compromised. If you have committed a password, you should change it. If you have committed a key, generate a new one. Removing the compromised data doesn't resolve its initial exposure, especially in existing clones or forks of your repository.
@@ -126,9 +126,9 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil
```
{% note %}
**Note:** If the file with sensitive data used to exist at any other paths (because it was moved or renamed), you must run this command on those paths, as well.
{% endnote %}
1. Add your file with sensitive data to `.gitignore` to ensure that you don't accidentally commit it again.
@@ -143,7 +143,7 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil
1. Double-check that you've removed everything you wanted to from your repository's history, and that all of your branches are checked out.
1. The `git filter-repo` tool will automatically remove your configured remotes. Use the `git remote set-url` command to restore your remotes, replacing `OWNER` and `REPO` with your repository details. For more information, see "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositories#adding-a-remote-repository)."
```shell
git remote add origin https://github.com/OWNER/REPOSITORY.git
```
@@ -178,7 +178,13 @@ To illustrate how `git filter-repo` works, we'll show you how to remove your fil
After using either the BFG tool or `git filter-repo` to remove the sensitive data and pushing your changes to {% data variables.product.product_name %}, you must take a few more steps to fully remove the data from {% data variables.product.product_name %}.
1. Contact {% data variables.contact.contact_support %}, and ask to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.{% ifversion ghes %} For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)."{% endif %}
1. Contact {% data variables.contact.contact_support %}, and ask to remove cached views and references to the sensitive data in pull requests on {% data variables.product.product_name %}. Please provide the name of the repository and/or a link to the commit you need removed.{% ifversion ghes %} For more information about how site administrators can remove unreachable Git objects, see "[AUTOTITLE](/admin/configuration/configuring-your-enterprise/command-line-utilities#ghe-repo-gc)."{% endif %}{% ifversion fpt or ghec %}
{% note %}
**Note:** {% data variables.contact.github_support %} won't remove non-sensitive data, and will only assist in the removal of sensitive data in cases where we determine that the risk can't be mitigated by rotating affected credentials.
{% endnote %}{% endif %}
1. Tell your collaborators to [rebase](https://git-scm.com/book/en/Git-Branching-Rebasing), _not_ merge, any branches they created off of your old (tainted) repository history. One merge commit could reintroduce some or all of the tainted history that you just went to the trouble of purging.

2
content/billing/managing-billing-for-github-actions/about-billing-for-github-actions.md
View File

@@ -25,7 +25,7 @@ shortTitle: Billing for GitHub Actions
{% data reusables.actions.actions-spending-limit-brief %} For more information, see "[About spending limits](#about-spending-limits)."
If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts including with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
If you are an organization owner{% ifversion ghec %} or enterprise owner{% endif%}, you can connect an Azure Subscription ID to your organization {% ifversion ghec %}or enterprise{% endif%} account to enable and pay for {% data variables.product.prodname_actions %} usage beyond the amounts included with your account. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
Minutes reset every month, while storage usage does not.

12
content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md
View File

@@ -63,7 +63,13 @@ SARIF files support both rules and results. The information stored in these elem
When you compare SARIF files generated by analyzing different codebases with the same tool and rules, you should see differences in the results of the analyses but not in the rules.
## Specifying the root for source files
## Specifying the location for source files
Specifying source file locations ensures code scanning alerts are displayed accurately within the file containing the identified problem, allowing for targeted issue resolution.
This precision enhances the efficiency of code review and resolution processes, streamlining development workflows by enabling developers to address issues directly in the context of their codebase.
### Specifying the root for source files
{% data variables.product.prodname_code_scanning_caps %} interprets results that are reported with relative paths as relative to the root of the repository analyzed. If a result contains an absolute URI, the URI is converted to a relative URI. The relative URI can then be matched against a file committed to the repository.
@@ -86,6 +92,10 @@ file:///tmp/go-build/tmp.go -> file:///tmp/go-build/tmp.go
The file is successfully uploaded as both absolute URIs use the same URI scheme as the source root.
### Resolving symlinks before generating SARIF results
If the relative URI for a result is matched against a file defined using a symlink, code scanning is unable to display the result. So you need to resolve any symlinked files, and report any results in those files using the resolved URI.
## Validating your SARIF file
<!--UI-LINK: When code scanning fails, the error banner shown in the Security > Code scanning alerts view links to this anchor.-->

15
content/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites.md
View File

@@ -17,8 +17,8 @@ topics:
With {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can select a specific group of {% data variables.product.prodname_codeql %} queries, called a {% data variables.product.prodname_codeql %} query suite, to run against your code. The following built-in query suites are available through {% data variables.product.prodname_dotcom %}:
- the `default` query suite.
- the `security-extended` query suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
- `default` query suite.
- `security-extended` query suite. This suite is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
Currently, both the `default` query suite and the `security-extended` query suite are available for default setup for {% data variables.product.prodname_code_scanning %}. {% ifversion bulk-code-scanning-query-suite %}Additionally, organization owners and security managers can recommend a query suite for use with default setup throughout their organization. For more information on configuring default setup for individual repositories, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." For more information on configuring default setup at scale and recommending a query suite, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)."{% else %}For more information on default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale)."{% endif %}
@@ -40,6 +40,17 @@ The built-in {% data variables.product.prodname_codeql %} query suites, `default
- Relative to the `default` query suite, the `security-extended` suite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results.
- This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
## Queries included in the `default` and `security-extended` query suites
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries)"
- "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries)"
## Further reading
- "[AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites)"

21
content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: C and C++ queries for CodeQL analysis
shortTitle: C and C++ CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C or C++ when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing C and C++ code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
## Built-in queries for C and C++ analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.cpp %}

21
content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: C# queries for CodeQL analysis
shortTitle: C# CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C# when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing C# code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
## Built-in queries for C# analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.csharp %}

21
content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: Go queries for CodeQL analysis
shortTitle: Go CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Go (Golang) when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing Go code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
## Built-in queries for Go analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.go %}

8
content/code-security/code-scanning/managing-your-code-scanning-configuration/index.md
View File

@@ -17,4 +17,12 @@ children:
- /editing-your-configuration-of-default-setup
- /built-in-codeql-query-suites
- /viewing-code-scanning-logs
- /c-cpp-built-in-queries
- /csharp-built-in-queries
- /go-built-in-queries
- /java-kotlin-built-in-queries
- /javascript-typescript-built-in-queries
- /python-built-in-queries
- /ruby-built-in-queries
- /swift-built-in-queries
---

23
content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: Java and Kotlin queries for CodeQL analysis
shortTitle: Java and Kotlin CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Java or Kotlin when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing Java and Kotlin code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
{% data reusables.code-scanning.beta-kotlin-support %}
## Built-in queries for Java and Kotlin analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.java %}

21
content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: JavaScript and TypeScript queries for CodeQL analysis
shortTitle: JavaScript and TypeScript queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in JavaScript or TypeScript when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing JavaScript and TypeScript code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
## Built-in queries for JavaScript and TypeScript analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.javascript %}

21
content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: Python queries for CodeQL analysis
shortTitle: Python CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Python when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing Python code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
## Built-in queries for Python analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.cpp %}

23
content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: Ruby queries for CodeQL analysis
shortTitle: Ruby CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Ruby when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing Ruby code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
{% data reusables.code-scanning.beta-ruby-support %}
## Built-in queries for Ruby analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.ruby %}

23
content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: Swift queries for CodeQL analysis
shortTitle: Swift CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Swift when you select the `default` or the `security-extended` query suite.'
product: '{% data reusables.gated-features.code-scanning %}'
allowTitleToDifferFromFilename: true
versions:
feature: code-scanning-without-workflow
type: reference
topics:
- Code scanning
- CodeQL
---
{% data variables.product.prodname_codeql %} includes many queries for analyzing Swift code. {% data reusables.code-scanning.codeql-query-tables.query-suite-behavior %}
{% data reusables.code-scanning.beta-swift-support %}
## Built-in queries for Swift analysis
{% data reusables.code-scanning.codeql-query-tables.codeql-version-info %}
{% data reusables.code-scanning.codeql-query-tables.swift %}

10
content/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates.md
View File

@@ -63,6 +63,16 @@ When you merge a pull request that contains a security update, the corresponding
{% data reusables.dependabot.automated-tests-note %}
{% ifversion dependabot-grouped-security-updates %}
## About grouped security updates
{% data reusables.dependabot.dependabot-grouped-security-updates-beta-note %}
To further reduce the number of pull requests you may be seeing, you can enable grouped security updates to group sets of dependencies together (per package ecosystem). {% data variables.product.prodname_dependabot %} then raises a single pull request to update as many vulnerable dependencies as possible in the group to secure versions at the same time. For security updates, {% data variables.product.prodname_dependabot %} **will** group dependencies from different directories. {% data variables.product.prodname_dependabot %} **will not** group dependencies from different package ecosystems together, and it **will not** group security updates with version updates. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request)."
{% endif %}
{% ifversion fpt or ghec %}
## About compatibility scores

43
content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
View File

@@ -59,10 +59,53 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
{% data reusables.repositories.navigate-to-code-security-and-analysis %}
1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
{% ifversion dependabot-grouped-security-updates %}
## Grouping {% data variables.product.prodname_dependabot_security_updates %} into a single pull request
{% data reusables.dependabot.dependabot-grouped-security-updates-beta-note %}
To reduce the number of pull requests you may be seeing, you can enable grouped security updates for your repository or organization. When this is enabled, {% data variables.product.prodname_dependabot %} will group security updates into one pull request for each package ecosystem. In order to use grouped security updates, you must first enable the following features:
- **Dependency graph**. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph)."
- **{% data variables.product.prodname_dependabot_alerts %}**. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)."
- **{% data variables.product.prodname_dependabot_security_updates %}**. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
{% note %}
**Note:** When grouped security updates are first enabled, {% data variables.product.prodname_dependabot %} will immediately try to create grouped pull requests. You may notice {% data variables.product.prodname_dependabot %} closing old pull requests and opening new ones.
{% endnote %}
### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an individual repository
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-code-security-and-analysis %}
1. Under "Code security and analysis", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it.
### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization
Organization owners can enable or disable grouped security updates for all repositories in their organization. However, individual repositories can update their settings to override the default organization settings.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}
1. Under "Code security and analysis", to the right of "Grouped security updates", click **Disable all** or **Enable all**.
1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**.
{% endif %}
## Overriding the default behavior with a configuration file
You can override the default behavior of {% data variables.product.prodname_dependabot_security_updates %} by adding a `dependabot.yml` file to your repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)."
{% ifversion dependabot-grouped-security-updates %}{% note %}
**Note:** If you use grouped security updates, you cannot use the configuration file to customize the default grouping behavior for {% data variables.product.prodname_dependabot_security_updates %}. The `groups` option in the `dependabot.yml` file only applies to grouped version updates.
{% endnote %}{% endif %}
If you only require security updates and want to exclude version updates, you can set `open-pull-requests-limit` to `0` in order to prevent version updates for a given `package-ecosystem`. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit)."
```yaml

2
content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
View File

@@ -337,7 +337,7 @@ If you use the same configuration as in the example above, bumping the `requests
### `groups`
{% data reusables.dependabot.dependabot-version-updates-groups-supported %}
{% ifversion dependabot-grouped-security-updates %}{% data reusables.dependabot.dependabot-security-updates-groups-supported %}{% else %}{% data reusables.dependabot.dependabot-version-updates-groups-supported %}{% endif %}
{% data reusables.dependabot.dependabot-version-updates-groups-about %}

8
content/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates.md
View File

@@ -46,6 +46,12 @@ If you customize the `dependabot.yml` file, you may notice some changes to the p
For an example, see "[Setting custom labels](#setting-custom-labels)" below.
{% ifversion dependabot-grouped-security-updates %}{% note %}
**Note:** If you use grouped security updates, the grouped pull requests will also inherit relevant configuration settings from the `dependabot.yml` file. However, they will not inherit any customizations made with the `groups` option, which only applies to version updates. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
{% endnote %}{% endif %}
## Modifying scheduling
When you set a `daily` update schedule, by default, {% data variables.product.prodname_dependabot %} checks for new versions at 05:00 UTC. You can use `schedule.time` to specify an alternative time of day to check for updates (format: `hh:mm`).
@@ -150,7 +156,7 @@ updates:
{% data reusables.dependabot.dependabot-version-updates-groups-match-first %}
{% data reusables.dependabot.dependabot-version-updates-groups-supported %}
{% ifversion dependabot-grouped-security-updates %}{% data reusables.dependabot.dependabot-security-updates-groups-supported %}{% else %}{% data reusables.dependabot.dependabot-version-updates-groups-supported %}{% endif %}
You must configure groups per package ecosystem.

6
content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
View File

@@ -126,8 +126,8 @@ registries:
- Image names may not always be detected in Containerfiles, Helm files, or yaml files.
- Dockerfiles may only receive a version update to the first `FROM` directive.
- Dockerfiles do not receive updates to images specified with the `ARG` directive. There is a workaround available for the `COPY` directive. For more information, see https://github.com/dependabot/dependabot-core/issues/5103#issuecomment-1692420920.
- {% data variables.product.prodname_dependabot %} doesn't support multi-stage Docker builds. For more information, see https://github.com/dependabot/dependabot-core/issues/7640.
- Dockerfiles do not receive updates to images specified with the `ARG` directive. There is a workaround available for the `COPY` directive. For more information, see "[{% data variables.product.prodname_dependabot %} ignores image references in COPY Dockerfile statement](https://github.com/dependabot/dependabot-core/issues/5103#issuecomment-1692420920)" in the `github/dependabot/dependabot-core` repository.
- {% data variables.product.prodname_dependabot %} doesn't support multi-stage Docker builds. For more information, see "[Support for Docker multi-stage builds](https://github.com/dependabot/dependabot-core/issues/7640)" in the `github/dependabot/dependabot-core` repository.
### Gradle
@@ -510,7 +510,7 @@ If the `yarn.lock` file doesn't list the private registry as the dependency sour
- Manually set the private registry to the `.yarnrc` file by adding the registry to a `.yarnrc.yml` file in the project root with the key `npmRegistryServer`, or
- Perform the same action by running `yarn config set npmRegistryServer <private registry URL>` in your terminal.
Example of a `.yarnrc.yml` file with a private registry configured:
Example of a `.yarnrc.yml` file with a private registry configured:
`npmRegistryServer: "https://nexus.example.com/repository/yarn-all"`
For more information, see [npmRegistryServer](https://yarnpkg.com/configuration/yarnrc#npmRegistryServer) in the Yarn documentation.

8
content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
View File

@@ -30,7 +30,7 @@ shortTitle: Manage Dependabot PRs
When {% data variables.product.prodname_dependabot %} raises a pull request, you're notified by your chosen method for the repository. Each pull request contains detailed information about the proposed change, taken from the package manager. These pull requests follow the normal checks and tests defined in your repository.
{% ifversion fpt or ghec %}In addition, where enough information is available, you'll see a compatibility score. This may also help you decide whether or not to merge the change. For information about this score, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."{% endif %}
If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. {% ifversion dependabot-version-updates-groups %} You may also want to group sets of dependencies together, so that multiple dependencies are updated in a single pull request.{% endif %} For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates)."
If you have many dependencies to manage, you may want to customize the configuration for each package manager so that pull requests have specific reviewers, assignees, and labels. {% ifversion dependabot-version-updates-groups %} You may also want to group sets of dependencies together, so that multiple dependencies are updated in a single pull request.{% endif %} For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates){% ifversion dependabot-grouped-security-updates %} and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request)."{% else %}."{% endif %}
{% ifversion dependabot-updates-paused %}
@@ -88,6 +88,12 @@ For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-vers
In {% data variables.product.prodname_dependabot %} pull requests for grouped version updates, you can use comment commands to ignore and un-ignore updates for specific dependencies and versions. You can use any of the following commands to manage ignore conditions for grouped version updates.
{% ifversion dependabot-grouped-security-updates %}{% note %}
**Note:** The following comment commands do not work for grouped {% data variables.product.prodname_dependabot_security_updates %}.
{% endnote %}{% endif %}
- `@dependabot ignore DEPENDENCY_NAME` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from updating this dependency.
- `@dependabot ignore DEPENDENCY_NAME major version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from updating this dependency's major version.
- `@dependabot ignore DEPENDENCY_NAME minor version` closes the pull request and prevents {% data variables.product.prodname_dependabot %} from updating this dependency's minor version.

37
content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md
View File

@@ -155,11 +155,11 @@ To allow {% data variables.product.prodname_dependabot %} to update the dependen
{% ifversion dependabot-version-updates-groups %}
### {% data variables.product.prodname_dependabot %} fails to group a set of dependencies into a single pull request
### {% data variables.product.prodname_dependabot %} fails to group a set of dependencies into a single pull request for {% data variables.product.prodname_dependabot_version_updates %}
{% data reusables.dependabot.dependabot-version-updates-groups-supported %}
{% ifversion dependabot-grouped-security-updates %}The [`groups`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) configuration settings in the `dependabot.yml` file only apply to version updates.{% else %}{% data reusables.dependabot.dependabot-version-updates-groups-supported %}{% endif %}
You must configure groups per package ecosystem. To debug the problem, we recommend you look at the logs. For information about accessing the logs for a manifest, see "[Investigating errors with {% data variables.product.prodname_dependabot_version_updates %}](#investigating-errors-with-dependabot-version-updates)" above.
When you configure grouped version updates, you must configure groups per package ecosystem. To debug the problem, we recommend you look at the logs. For information about accessing the logs for a manifest, see "[Investigating errors with {% data variables.product.prodname_dependabot_version_updates %}](#investigating-errors-with-dependabot-version-updates)" above.
You may have unintentionally created empty groups. This happens, for example, when you set a `dependency-type` in the `allow` key for the overall job.
@@ -183,9 +183,30 @@ You need to ensure that configuration settings don't cancel each other, and upda
For more information on how to configure groups for {% data variables.product.prodname_dependabot_version_updates %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups)."
{% ifversion dependabot-grouped-security-updates %}
### {% data variables.product.prodname_dependabot %} fails to group a set of dependencies into a single pull request for {% data variables.product.prodname_dependabot_security_updates %}
The [`groups`](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) configuration settings in the `dependabot.yml` file only apply to version updates.
For grouped security updates, {% data variables.product.prodname_dependabot %} uses the following guidelines to create grouped pull requests.
- {% data variables.product.prodname_dependabot %} **will** group dependencies from the same package ecosystem that are located in different directories.
- {% data variables.product.prodname_dependabot %} **will** apply other relevant customization options from the `dependabot.yml` file to pull requests for grouped security updates.
- {% data variables.product.prodname_dependabot %} **will not** group dependencies from different package ecosystems together.
- {% data variables.product.prodname_dependabot %} **will not** group security updates with version updates.
For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates#impact-of-configuration-changes-on-security-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
{% endif %}
### {% data variables.product.prodname_dependabot %} fails to update one of the dependencies in a grouped pull request
**Version updates only.**{% data variables.product.prodname_dependabot %} will show the failed update in your logs, as well as in the job summary at the end of your logs. You should use the `@dependabot recreate` comment on the pull request to build the group again. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
{% ifversion dependabot-grouped-security-updates %}There are different troubleshooting techniques you can use for failed version updates and failed security updates.
#### Handling failures in grouped version updates{% endif %}
**Version updates only.** {% data variables.product.prodname_dependabot %} will show the failed update in your logs, as well as in the job summary at the end of your logs. You should use the `@dependabot recreate` comment on the pull request to build the group again. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
If the dependency still fails to update, you should use the `exclude-patterns` configuration so that the dependency is excluded from the group. {% data variables.product.prodname_dependabot %} will then raise a separate pull request to update the dependency.
@@ -193,6 +214,14 @@ If the dependency still fails to update, there may be a problem with the depende
{% data reusables.dependabot.dependabot-ignore-dependencies %}
{% ifversion dependabot-grouped-security-updates %}
#### Handling failures in grouped security updates
**Security updates only.** If a grouped pull request for security updates fails or is unable to be merged, we recommend you manually open pull requests to bump the versions of breaking changes. When you manually update a package that is included in a grouped pull request, {% data variables.product.prodname_dependabot %} will rebase the pull request so it does not include the manually updated package.
{% endif %}
### Continuous integration (CI) fails on my grouped pull request
**Version updates only.** If the failure is due to a single dependency, you should use the `exclude-patterns` configuration so that the dependency is excluded from the group. {% data variables.product.prodname_dependabot %} will then raise a separate pull request to update the dependency.

2
content/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/browsing-security-advisories-in-the-github-advisory-database.md
View File

@@ -1,6 +1,6 @@
---
title: Browsing security advisories in the GitHub Advisory Database
intro: 'You can browse the {% data variables.product.prodname_advisory_database %} to find advisories for security risks in open source projects that are hosted on {% data variables.product.company_short %}.'
intro: 'You can browse the {% data variables.product.prodname_advisory_database %} to find CVEs and {% data variables.product.prodname_dotcom %}-originated advisories affecting the open source world.'
shortTitle: Browse Advisory Database
redirect_from:
- /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database

22
content/codespaces/troubleshooting/troubleshooting-your-connection-to-github-codespaces.md
View File

@@ -26,9 +26,27 @@ Sometimes you may not be able to access a codespace from your browser. If this h
- If the codespace is not listed on that page, check that you are the owner of the codespace you are trying to connect to. You can only open a codespace that you created.
- If the codespace is listed but you cannot connect from that page, check whether you can connect using a different browser.
Your company network may be blocking the connection. If possible, check any logging for rejected connections on your device.
### Diagnose by error message
If you still cannot connect, {% data reusables.codespaces.contact-support %}
#### "Oh no, it looks like you are offline"
Check that you have a stable internet connection and that your company network is not blocking the connection. If possible, check logging for rejected connections on your device.
If you see rejected connections, make sure the domains documented by the `/meta` REST API endpoint are not blocked by your firewall. For more information, see "[AUTOTITLE](/rest/meta/meta?apiVersion=2022-11-28#get-github-meta-information)."
To get the list of domains required by {% data variables.product.prodname_github_codespaces %}, execute the following command using {% data variables.product.prodname_cli %}:
`gh api meta | jq .domains.codespaces`
### "We are having trouble fetching your codespace information"
This is a transitional error. Wait for a few minutes and try again.
### "We were unable to authenticate your connection"
This indicates that something went wrong with authentication. Try clearing up your local storage and cookies and try again.
If you still can't connect and the message you're seeing isn't in this list, check the service availability of {% data variables.product.prodname_codespaces %} at [githubstatus.com](https://www.githubstatus.com/). If the {% data variables.product.prodname_codespaces %} service is available, {% data reusables.codespaces.contact-support %}
## Unable to connect to your codespace in JupyterLab

4
content/copilot/github-copilot-enterprise/copilot-chat-in-github/using-github-copilot-chat-in-githubcom.md
View File

@@ -26,7 +26,7 @@ On {% data variables.product.prodname_dotcom_the_website %}, you can use {% data
The following limitations apply to this beta release of {% data variables.product.prodname_copilot_chat_dotcom %}:
- {% data reusables.copilot.chat-limited-docset-availability %}
- Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. Owners of organizations {% ifversion ghec %}or enterprises {% endif %} can index up to 10 repositories for each organization.
- Chat responses may be suboptimal if you ask questions about a specific repository that you've selected as a context, and the repository has not been indexed for semantic code search. Owners of organizations {% ifversion ghec %}or enterprises {% endif %} can index up to {% data variables.copilot.max-chat-indexed-repos %} repositories for each organization.
- The quality of the results from {% data variables.product.prodname_copilot_chat_short %} may, in some situations, be degraded if very large files, or a large number of files, are used as a context for a question.
## Prerequisites
@@ -92,7 +92,7 @@ You can choose a specific context, such as a particular repository or a document
{% data variables.product.prodname_copilot_short %}'s ability to answer natural language questions like these in a repository context is improved when the repository has been indexed for semantic code search. The indexing status of the repository is displayed when you start a conversation that has a repository context.
If you are an organization owner{% ifversion ghec %}, or an enterprise owner,{% endif %} and the repository has not been indexed, an **Index this repository** button is displayed. Click this button to start the indexing process. You can index up to 10 repositories in an organization.
If you are an organization owner{% ifversion ghec %}, or an enterprise owner,{% endif %} and the repository has not been indexed, an **Index this repository** button is displayed. Click this button to start the indexing process. You can index up to {% data variables.copilot.max-chat-indexed-repos %} repositories in an organization.
![Screenshot showing the 'Index this repository' button highlighted with a dark orange outline.](/assets/images/help/copilot/index-this-repo.png)

10
content/copilot/github-copilot-enterprise/overview/about-github-copilot-enterprise.md
View File

@@ -16,9 +16,9 @@ topics:
## About the {% data variables.product.prodname_copilot_enterprise_short %} beta
{% data variables.product.prodname_copilot_enterprise %} is a {% data variables.product.prodname_copilot_short %} plan available for organizations and enterprises that use {% data variables.product.prodname_ghe_cloud %}. {% data variables.product.prodname_copilot_enterprise_short %} is currently in beta and available to a limited number of customers.
{% data variables.product.prodname_copilot_enterprise %} is a {% data variables.product.prodname_copilot_short %} plan available for enterprises that use {% data variables.product.prodname_ghe_cloud %}. {% data variables.product.prodname_copilot_enterprise_short %} is currently in beta and available to a limited number of customers.
If {% data variables.product.prodname_copilot_enterprise_short %} is enabled for an organization or enterprise, members get access to the following {% data variables.product.prodname_copilot_short %} features on {% data variables.product.prodname_dotcom_the_website %}.
If {% data variables.product.prodname_copilot_enterprise_short %} is enabled for an enterprise, members get access to the following {% data variables.product.prodname_copilot_short %} features on {% data variables.product.prodname_dotcom_the_website %}.
- {% data variables.product.prodname_copilot_chat_short %} (see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-chat-in-github/about-github-copilot-chat)")
- {% data variables.product.prodname_copilot_for_prs %} (see "[AUTOTITLE](/copilot/github-copilot-enterprise/copilot-pull-request-summaries/about-copilot-pull-request-summaries)")
@@ -27,8 +27,8 @@ These features are in beta and subject to change. Additional features will be ad
## Signing up for the {% data variables.product.prodname_copilot_enterprise_short %} beta
You can nominate an organization or enterprise that you're a member of for the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join). To join the waitlist, the organization or enterprise must use {% data variables.product.prodname_ghe_cloud %} and have an active {% data variables.product.prodname_copilot_for_business %} subscription.
You can nominate an enterprise that you're a member of for the [{% data variables.product.prodname_copilot_enterprise_short %} waitlist](https://github.com/github-copilot/copilot_enterprise_waitlist_signup/join). To join the waitlist, the enterprise must use {% data variables.product.prodname_ghe_cloud %} and have an active {% data variables.product.prodname_copilot_for_business %} subscription.
Nominating an organization or enterprise for the waitlist does not guarantee access. By signing up to the waitlist, you are agreeing to the pre-release license terms. For more information, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-license-terms)."
Nominating an enterprise for the waitlist does not guarantee access. By signing up to the waitlist, you are agreeing to the pre-release license terms. For more information, see "[AUTOTITLE](/free-pro-team@latest/site-policy/github-terms/github-copilot-pre-release-license-terms)."
If an organization or enterprise is granted access to the {% data variables.product.prodname_copilot_enterprise_short %} beta, an administrator must enable the features before members can start using them. For more information, see {% ifversion ghec %}"[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)."{% elsif fpt %}"[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
If an enterprise is granted access to the {% data variables.product.prodname_copilot_enterprise_short %} beta, an administrator must enable the features before members can start using them. For more information, see {% ifversion ghec %}"[AUTOTITLE](/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)."{% elsif fpt %}"[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-enterprise/overview/enabling-github-copilot-enterprise)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}

3
content/desktop/installing-and-authenticating-to-github-desktop/installing-github-desktop.md
View File

@@ -9,6 +9,9 @@ redirect_from:
versions:
feature: desktop
---
{% data reusables.desktop.desktop-cta-button %}
## About {% data variables.product.prodname_desktop %} installation
You can install {% data variables.product.prodname_desktop %} on supported operating systems, which currently include {% data variables.desktop.mac-osx-versions %} and {% data variables.desktop.windows-versions %}. If you have an account on {% data variables.product.prodname_dotcom %} or {% data variables.product.prodname_enterprise %}, you can connect your account to {% data variables.product.prodname_desktop %}.{% ifversion fpt or ghec %} For more information about creating an account, see "[AUTOTITLE](/get-started/quickstart/creating-an-account-on-github)."{% endif %}{% ifversion ghec %} If you're part of an organization that uses {% data variables.product.prodname_emus %} and you do not have an account, contact your enterprise administrator.{% elsif ghes or ghae %} If you're a member of an organization that uses {% data variables.product.product_name %} and you do not have an account, contact your {% data variables.product.prodname_enterprise %} site administrator.{% endif %}

19
content/desktop/overview/about-github-desktop.md
View File

@@ -11,21 +11,28 @@ redirect_from:
- /get-started/using-github/github-desktop
---
{% data reusables.desktop.desktop-cta-button %}
## About {% data variables.product.prodname_desktop %}
{% data variables.product.prodname_desktop %} is a free, open source application that helps you to work with files hosted on {% data variables.product.prodname_dotcom %} or other Git hosting services.
You can use {% data variables.product.prodname_desktop %} alongside any tools you need to contribute to a project. For example, a typical workflow would be to use {% data variables.product.prodname_desktop %} to download a {% data variables.product.prodname_dotcom %} repository to your computer and create a new branch, use an editor such as {% data variables.product.prodname_vscode %} to make changes to the code, then return to {% data variables.product.prodname_desktop %} to commit and push the changes to {% data variables.product.prodname_dotcom %}.
## Benefits of {% data variables.product.prodname_desktop %}
## About the benefits of {% data variables.product.prodname_desktop %}
{% data variables.product.prodname_desktop %} is useful for beginning and advanced users. Benefits include:
Like any tool for contributing changes to repositories on {% data variables.product.prodname_dotcom %}, {% data variables.product.prodname_desktop %} is built around the version control software Git. If you're new to Git and {% data variables.product.prodname_dotcom %}, you may find it easier to get started with {% data variables.product.prodname_desktop %} than you would using Git on the command line. Because {% data variables.product.prodname_desktop %} has a graphical user interface, it simplifies many of the aspects of Git that can be challenging for new users, such as memorizing commands and visualizing the changes you're making.
- **Get started easily.** If you're new to Git and {% data variables.product.prodname_dotcom %}, you may find it easier to use {% data variables.product.prodname_desktop %} than to use Git on the command line. {% data variables.product.prodname_desktop %} has a graphical user interface that simplifies commands and helps you visualize changes.
- **Find commands.** Because {% data variables.product.prodname_desktop %} has a visual interface, you can easily access less-common Git commands, such as choosing which changed lines to include in a commit or adding a co-author to a commit, without needing to memorize or look up syntax.
- **Follow best practices.** {% data variables.product.prodname_desktop %} encourages best practices. For example, it helps you to create an accurate and easy-to-follow commit history so other collaborators on a project can easily review your work.
- **Integrate with {% data variables.product.prodname_dotcom %}.** {% data variables.product.prodname_desktop %} is specifically designed for use with {% data variables.product.prodname_dotcom %}. For example, you can authenticate to {% data variables.product.prodname_dotcom_the_website %} or {% data variables.product.prodname_ghe_server %} quickly, without needing to use a separate credential manager. You can also check out a pull request to run checks without needing to open your browser.
Even if you have experience with command-line Git, you may benefit from incorporating {% data variables.product.prodname_desktop %} into your work. If you frequently need to look up syntax for less common Git commands, such as choosing which changed lines to include in a commit or adding a co-author to a commit, you may benefit from switching to {% data variables.product.prodname_desktop %} to perform these commands.
## {% data variables.product.prodname_desktop %} workflow
Because {% data variables.product.prodname_desktop %} makes commands like these easy to find, and helps you visualize the changes you're introducing with an integrated diff view, it encourages best practices and helps you to create an accurate and easy-to-follow commit history so other collaborators on a project can easily review your work.
You can use {% data variables.product.prodname_desktop %} alongside any tools you need to contribute to a project. For example, a typical workflow is:
Unlike other Git clients, {% data variables.product.prodname_desktop %} is specifically designed for use with {% data variables.product.prodname_dotcom %}, so it can make you more productive when working with repositories on {% data variables.product.prodname_dotcom %}. For example, you can authenticate to {% data variables.product.prodname_dotcom_the_website %} or {% data variables.product.prodname_ghe_server %} quickly, without needing to use a separate credential manager, and you can check out a pull request to run checks without needing to open your browser.
- Use {% data variables.product.prodname_desktop %} to download a {% data variables.product.prodname_dotcom %} repository to your computer and create a new branch
- Use an editor such as {% data variables.product.prodname_vscode %} to make changes to the code
- Return to {% data variables.product.prodname_desktop %} to commit and push the changes to {% data variables.product.prodname_dotcom %}
## Getting started

2
content/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax.md
View File

@@ -346,7 +346,7 @@ Footnotes are not supported in wikis.
Alerts are an extension of the blockquote syntax that you can use to emphasize critical information. On {% data variables.product.product_name %}, they are displayed with distinctive colors and icons to indicate the importance of the content. Alert syntax is supported in:
- Issues
- Pull requestes
- Pull requests
- Markdown files
- Discussions
- Gists

2
content/graphql/guides/forming-calls-with-graphql.md
View File

@@ -407,7 +407,7 @@ For more information on the difference between enums and strings, see the [offic
There is a _lot_ more you can do when forming GraphQL calls. Here are some places to look next:
- [Pagination](https://graphql.org/learn/pagination/)
- [AUTOTITLE](/graphql/guides/using-pagination-in-the-graphql-api)
- [Fragments](https://graphql.org/learn/queries/#fragments)
- [Inline fragments](https://graphql.org/learn/queries/#inline-fragments)
- [Directives](https://graphql.org/learn/queries/#directives)

2
content/graphql/guides/index.md
View File

@@ -16,8 +16,8 @@ children:
- /using-global-node-ids
- /migrating-from-rest-to-graphql
- /using-the-explorer
- /using-pagination-in-the-graphql-api
- /managing-enterprise-accounts
- /using-the-graphql-api-for-discussions
- /migrating-graphql-global-node-ids
---

2
content/graphql/guides/introduction-to-graphql.md
View File

@@ -71,7 +71,7 @@ It's helpful to picture a graph: dots connected by lines. The dots are nodes, th
## Edge
Edges represent connections between nodes. When you query a connection, you traverse its edges to get to its nodes. Every `edges` field has a `node` field and a `cursor` field. Cursors are used for [pagination](https://graphql.github.io/learn/pagination/).
Edges represent connections between nodes. When you query a connection, you traverse its edges to get to its nodes. Every `edges` field has a `node` field and a `cursor` field. Cursors are used for pagination. For more information, see "[AUTOTITLE](/graphql/guides/using-pagination-in-the-graphql-api)."
## Node

101
content/graphql/guides/using-pagination-in-the-graphql-api.md Normal file
View File

@@ -0,0 +1,101 @@
---
title: Using pagination in the GraphQL API
intro: Learn how to traverse data sets using cursor based pagination with the GraphQL API.
versions:
fpt: '*'
ghes: '*'
ghae: '*'
ghec: '*'
topics:
- API
shortTitle: Pagination
---
## About pagination
{% data variables.product.company_short %}'s GraphQL API limits the number of items that you can fetch in a single request in order to protect against excessive or abusive requests to GitHub's servers. When you use the GraphQL API, you must supply a `first` or `last` argument on any connection. The value of these arguments must be between 1 and 100. The GraphQL API will return the number of connections specified by the `first` or `last` argument.
If the data that you are accessing has more connections than the number of items specified by the `first` or `last` argument, the response is divided into smaller "pages" of the specified size. These pages can be fetched one at a time until the entire data set has been retrieved. Each page contains the number of items specified by the `first` or `last` argument, unless it is the last page, which may contain a lower number of items.
This guide demonstrates how to request additional pages of results for paginated responses, how to change the number of results returned on each page, and how to write a script to fetch multiple pages of results.
## Requesting a `cursor` in your query
When using the GraphQL API, you use cursors to traverse through a paginated data set. The cursor represents a specific position in the data set. You can get the first and last cursor on a page by querying the `pageInfo` object. For example:
```graphql
query($owner: String!, $name: String!) {
repository(owner: $owner, name: $name) {
pullRequests(first: 100, after: null) {
nodes {
createdAt
number
title
}
pageInfo {
endCursor
startCursor
hasNextPage
hasPreviousPage
}
}
}
}
```
In this example, `pageInfo.startCursor` gives the cursor for the first item on the page. `pageInfo.endCursor` gives the cursor for the last item on the page. `pageInfo.hasNextPage` and `pageInfo.hasPreviousPage` indicate whether there is a page before and after the page that was returned.
## Changing the number of items per page
The `first` and `last` arguments control how many items are returned. The maximum number of items you can fetch using the `first` or `last` argument is 100. You may need to request fewer than 100 items if your query touches a lot of data in order to avoid hitting a rate or node limit. For more information, see "[AUTOTITLE](/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api)."
## Traversing the data set using pagination
Once you return a cursor from a query, you can use the cursor to request the next page of results. To do so, you will use the `after` or `before` argument and the cursor.
For example, assuming the `pageInfo.endCursor` value from the previous example was `Y3Vyc29yOnYyOpHOUH8B7g==`, you can use this query to request the next page of results:
```graphql
query($owner: String!, $name: String!) {
repository(owner: $owner, name: $name) {
pullRequests(first: 1, after: "Y3Vyc29yOnYyOpHOUH8B7g==") {
nodes {
createdAt
number
title
}
pageInfo {
endCursor
hasNextPage
hasPreviousPage
}
}
}
}
```
You can continue to send queries with the new `pageInfo.endCursor` value returned in the response until there are no pages left to traverse, indicated by `pageInfo.hasNextPage` returning `false`.
If you specified the `last` instead of the `first` argument, the last page of results will be returned first. In this case, you will use the `pageInfo.startCursor` value and the `before` argument to get the previous page of results. Once `pageInfo.hasPreviousPage` returns `false`, you have reached the last page. For example:
```graphql
query($owner: String!, $name: String!) {
repository(owner: $owner, name: $name) {
pullRequests(last: 1, before: "R3Vyc29yOnYyOpHOHcfoOg==") {
nodes {
createdAt
number
title
}
pageInfo {
startCursor
hasPreviousPage
}
}
}
}
```
## Next steps
You can use {% data variables.product.company_short %}'s Octokit SDK and the `octokit/plugin-paginate-graphql` plugin to support pagination in your scripts. For more information, see "[plugin-paginate-graphql.js](https://github.com/octokit/plugin-paginate-graphql.js)."

3
content/graphql/index.md
View File

@@ -13,7 +13,7 @@ featuredLinks:
- /graphql/overview/explorer
- /graphql/overview/public-schema
- /graphql/overview/schema-previews
- /graphql/guides/using-the-graphql-api-for-discussions
- /graphql/guides/using-pagination-in-the-graphql-api
guideCards:
- /graphql/guides/migrating-from-rest-to-graphql
- /graphql/guides/managing-enterprise-accounts
@@ -33,4 +33,3 @@ children:
- /reference
- /guides
---

4
content/issues/planning-and-tracking-with-projects/managing-your-project/managing-access-to-your-projects.md
View File

@@ -56,7 +56,7 @@ You can also add teams, external collaborators, and individual organization memb
{% ifversion projects-v2-add-to-team %}
If you grant a team read permissions or greater for a project, the project is also displayed on the team's projects page. You can also add projects to a team on the team's projects page. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team)."
If you grant a team read permissions or greater for a project, the project is also displayed on the team's projects page. You can also add projects to a team on the team's projects page. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/adding-your-project-to-a-team)."
{% endif %}
@@ -93,7 +93,7 @@ You can only invite an individual user to collaborate on your organization-level
{% note %}
This only affects collaborators for your project, not for repositories in your project. To view an item on the project, someone must have the required permissions for the repository that the item belongs to. If your project includes items from a private repository, people who are not collaborators in the repository will not be able to view items from that repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)."
This only affects collaborators for your project, not for repositories in your project. To view an item on the project, someone must have the required permissions for the repository that the item belongs to. Only people with access to a private repository will be able to view project items from that private repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)."
{% endnote %}

53
content/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization.md
View File

@@ -17,24 +17,13 @@ allowTitleToDifferFromFilename: true
You can {% ifversion projects-v2-org-templates-improvements %}create a template, or {% endif %}set a project as a template{% ifversion projects-v2-org-templates-improvements %},{% endif %} to share a pre-configured project with other people in your organization which they can then use as the base for their projects.
The projects you have marked as templates are made available in the "Select a template" pop-up window when other people create projects in your organization.
The projects you mark as templates are shown in the "Create a project" dialog when anyone creates a project in your organization. {% ifversion projects-v2-org-templates-GA-updates %}You can also configure up to six templates to recommend to your organization's members.{% endif %}
When someone creates a project from a template, the {% data reusables.projects.what-gets-copied %} are copied from the template to the new project. {% ifversion projects-v2-org-templates-improvements %}You can find the template that a project used from the project's settings page, under the "Templates" section.{% endif %}
{% ifversion projects-v2-org-templates-improvements %}
## Creating templates
{% else %}
## Setting a project as a template
{% endif %}
{% ifversion projects-v2-org-templates-improvements %}
You can either create a new template directly, or you can set a project as a template.
### Creating a new template
## Creating a new template
{% data reusables.profile.access_org %}
{% data reusables.user-settings.access_org %}
@@ -42,9 +31,10 @@ You can either create a new template directly, or you can set a project as a tem
{% data reusables.projects.templates-tab %}
1. Click **New template**.
### Setting a project as a template
{% endif %}
## Setting a project as a template
If you have admin permissions for a project in your organization, you can set the project as a template and make it available for others in your organization to use.
{% data reusables.projects.project-settings %}
@@ -83,6 +73,39 @@ If you have write or admin permissions for a project in your organization, you c
{% data reusables.projects.project-settings %}
1. In the "Templates" section, click {% octicon "duplicate" aria-hidden="true" %} **Copy as template**.
{% ifversion projects-v2-org-templates-GA-updates %}
## Configuring recommended templates
If you are an organization owner, you can select up to six templates to recommend to your organization's members. These recommended templates are suggested first when an organization member creates a new project.
### Choosing which templates to recommend
You can add up to six templates to your organization's recommended templates.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
1. In the "Code, planning, and automation" section of the sidebar, click **{% octicon "table" aria-label="The table icon" %} Projects**.
1. Under "Recommended templates", click **Customize recommended templates**.
1. In the list of templates owned by your organization, select up to six templates that you want to recommend to your members.
![Screenshot of the recommended template selection modal.](/assets/images/help/projects-v2/rec-template-select.png)
1. Click **Save**.
### Arranging your recommended templates
You can change the display order of your recommended templates in the "Create project" dialog.
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
1. In the "Code planning, and automation" section of the sidebar, click **{% octicon "table" aria-label="The table icon" %} Projects**.
1. Under "Recommended templates", find the template you want to reposition, click on {% octicon "grabber" aria-label="Drag to reorder" %}, and drag the template to the new position.
![Screenshot of an organization's recommended templates settings. The 'Drag to reorder' handle is highlighted with an orange outline.](/assets/images/help/projects-v2/rec-template-handle.png)
{% endif %}
## Further reading
- "[AUTOTITLE](/issues/planning-and-tracking-with-projects/creating-projects/creating-a-project)"

2
content/issues/planning-and-tracking-with-projects/managing-your-project/managing-visibility-of-your-projects.md
View File

@@ -17,7 +17,7 @@ permissions: Organization owners can manage the visibility of project boards in
Projects can be public or private. For public projects, everyone on the internet can view the project. For private projects, only users granted at least read access can see the project.
Only the project visibility is affected; to view an item on the project, someone must have the required permissions for the repository that the item belongs to. If your project includes items from a private repository, people who are not collaborators in the repository will not be able to view items from that repository.
Only the project visibility is affected; to view an item on the project, someone must have the required permissions for the repository that the item belongs to. Only people with access to a private repository will be able to view project items from that private repository.
![Screenshot showing a project using a table layout. One of the items is marked with a padlock icon, indicating it's hidden, and highlighted with an orange outline.](/assets/images/help/projects-v2/hidden-items.png)

4
content/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/migration-support-for-github-enterprise-importer.md
View File

@@ -64,7 +64,7 @@ When you migrate an organization, a new organization is created within the desti
- Repositories
- Team access to repositories
- Member privileges
- Organization-level webhooks
- Organization-level webhooks (must be re-enabled after your migration, see "[Enabling webhooks](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/migrating-between-github-products-with-github-enterprise-importer#enabling-webhooks)")
- Default branch name for new repositories created in the organization
All repositories are migrated with private visibility. If you want to set a repository's visibility to public or internal, you can do this after the migration using the UI or API.
@@ -87,7 +87,7 @@ When you migrate a repository, either directly or as part of an organization mig
- Projects (classic) at the repository level
- {% data variables.product.prodname_actions %} workflows
- Commit comments
- Active webhooks
- Active webhooks (must be re-enabled after your migration, see "[Enabling webhooks](/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/migrating-between-github-products-with-github-enterprise-importer#enabling-webhooks)")
- Repository topics
- Repository settings
- Branch protections (see "[Branch protections](#branch-protections)" for more details)

2
content/organizations/organizing-members-into-teams/about-teams.md
View File

@@ -16,7 +16,7 @@ topics:
## About teams
You can use teams to manage access for people in an organization, and for sending notifications. Organization owners and team maintainers can give teams admin, read, or write access to organization repositories. Organization members can send a notification to an entire team by mentioning the team's name.
You can use teams to manage access for people in an organization, and for sending notifications. Organization owners and team maintainers can give teams admin, read, or write access to organization repositories. Organization members can send a notification to an entire team by mentioning the team's name. Teams can only be made up of members of your organization, outside collaborators are unable to be on a team.
{% ifversion team-mentions-setting %}Organization owners and team maintainers can disable team notifications. For more information, see "[AUTOTITLE](/organizations/organizing-members-into-teams/configuring-team-notifications)."{% endif %}

8
content/search-github/searching-on-github/finding-files-on-github.md
View File

@@ -26,10 +26,10 @@ topics:
{% ifversion code-search-code-view %}
{% data reusables.repositories.navigate-to-repo %}
1. In the file tree view, click the {% octicon "filter" aria-hidden="true" %} **Jump to file** search bar. You can also find the {% octicon "filter" aria-hidden="true" %} **Jump to file** search bar at the top of the integrated file editor.
![Screenshot of the file tree view for a repository. A search bar, labeled "Jump to file", is outlined in dark orange.](/assets/images/help/repository/file-tree-view-jump-to-file.png)
1. In the search bar, type the name of the file or directory you'd like to find.
1. In the “Go to file search bar, type the name of the file or directory you'd like to find.
![Screenshot of the main view for a repository. A search bar, labeled "Go to file", is outlined in dark orange.](/assets/images/help/repository/repository-main-page-go-to-file.png)
1. Alternatively, if there is no "Go to file" search bar, click **Go to file**, then type the name of the file or directory you'd like to find.
![Screenshot of the main view for a repository. A "Go to file" button is outlined in dark orange.](/assets/images/help/repository/repository-main-page-go-to-file-no-search-bar.png)
1. In the list of results, click the file or directory you wanted to find. You can view the file path for a directory or file below each search result.
{% else %}
{% data reusables.repositories.navigate-to-repo %}

9
content/search-github/searching-on-github/searching-issues-and-pull-requests.md
View File

@@ -160,6 +160,15 @@ You can use the `involves` qualifier to find issues that in some way involve a c
| <code>involves:<em>USERNAME</em></code> | **[involves:defunkt involves:jlord](https://github.com/search?q=involves%3Adefunkt+involves%3Ajlord&type=Issues)** matches issues either @defunkt or @jlord are involved in.
| `in:body` <code>involves:<em>USERNAME</em></code> | [**NOT bootstrap in:body involves:mdo**](https://github.com/search?q=NOT+bootstrap+in%3Abody+involves%3Amdo&type=Issues) matches issues @mdo is involved in that do not contain the word "bootstrap" in the body.
## Search for my issues and pull requests
You can search for issues and pull requests you have created or have interacted with by following the desired qualifier with `@me`. Any qualifier that works with a username allows you to limit your search to issues and pull requests you created, are assigned, mentioned on, or are requested as a reviewer of.
| Qualifier | Example
| ------------- | -------------
| <code>author:<em>@me</em></code> | **[author:@me](https://github.com/search?q=author%3A%40me)** matches issues and pull requests you have authored.
| <code>is:pr commenter:<em>@me</em></code> | **[is:pr commenter:@me](https://github.com/search?q=is%3Apr+commenter%3A%40me&type=pullrequests)** matches pull requests you have commented on.
## Search for linked issues and pull requests
You can narrow your results to only include issues that are linked to a pull request by a closing reference, or pull requests that are linked to an issue that the pull request may close.

4
data/features/dependabot-grouped-security-updates.yml Normal file
View File

@@ -0,0 +1,4 @@
# Reference: Issue #12592 Dependabot Grouped Security Updates
versions:
fpt: '*'
ghec: '*'

5
data/features/projects-v2-org-templates-GA-updates.yml Normal file
View File

@@ -0,0 +1,5 @@
# Issue 11855
versions:
fpt: '*'
ghec: '*'
ghes: '>=3.12'

11
data/reusables/code-scanning/codeql-query-tables/codeql-version-info.md Normal file
View File

@@ -0,0 +1,11 @@
This table lists the queries available with the latest release of the {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %}. For more information, see [{% data variables.product.prodname_codeql %} change logs](https://codeql.github.com/docs/codeql-overview/codeql-changelog/) in the {% data variables.product.prodname_codeql %} documentation site.
{% ifversion ghes %}
{% note %}
**Note:** The initial release of {% data variables.product.product_name %} {{ allVersions[currentVersion].currentRelease }} included {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} {% data variables.product.codeql_cli_ghes_recommended_version %}, which may not include all of these queries. Your site administrator can update your {% data variables.product.prodname_codeql %} version to a newer release. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance)."
{% endnote %}
{% endif %}

86
data/reusables/code-scanning/codeql-query-tables/cpp.md
View File

@@ -0,0 +1,86 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Array offset used before range check](https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/) | 120, 125 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Authentication bypass by spoofing](https://codeql.github.com/codeql-query-help/cpp/cpp-user-controlled-bypass/) | 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad check for overflow of integer addition](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-addition-overflow-check/) | 190, 192 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Badly bounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-badly-bounded-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Call to `memset` may be deleted](https://codeql.github.com/codeql-query-help/cpp/cpp-memset-may-be-deleted/) | 14 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Call to alloca in a loop](https://codeql.github.com/codeql-query-help/cpp/cpp-alloca-in-loop/) | 770 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Call to function with fewer arguments than declared parameters](https://codeql.github.com/codeql-query-help/cpp/cpp-too-few-arguments/) | 234, 685 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cast between HRESULT and a Boolean type](https://codeql.github.com/codeql-query-help/cpp/cpp-hresult-boolean-conversion/) | 253 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cast from char* to wchar_t*](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-string-type-conversion/) | 704 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Certificate not checked](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-not-checked/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Certificate result conflation](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-result-conflation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [CGI script vulnerable to cross-site scripting](https://codeql.github.com/codeql-query-help/cpp/cpp-cgi-xss/) | 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in an SQLite database](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-database/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in buffer](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-buffer/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in file](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-file/) | 260, 313 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-transmission/) | 319, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Comma before misleading indentation](https://codeql.github.com/codeql-query-help/cpp/cpp-comma-before-misleading-indentation/) | 1078, 670 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/cpp/cpp-comparison-with-wider-type/) | 190, 197, 835 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dangerous use of 'cin'](https://codeql.github.com/codeql-query-help/cpp/cpp-dangerous-cin/) | 676 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exposure of system data to an unauthorized control sphere](https://codeql.github.com/codeql-query-help/cpp/cpp-system-data-exposure/) | 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Failure to use HTTPS URLs](https://codeql.github.com/codeql-query-help/cpp/cpp-non-https-url/) | 319, 345 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [File created without restricting permissions](https://codeql.github.com/codeql-query-help/cpp/cpp-world-writable-file-creation/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [File opened with O_CREAT flag but without mode argument](https://codeql.github.com/codeql-query-help/cpp/cpp-open-call-with-mode-argument/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect 'not' operator usage](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-not-operator-usage/) | 480 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect allocation-error handling](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-allocation-error-handling/) | 570, 252, 755 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Invalid pointer dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-invalid-pointer-deref/) | 119, 125, 193, 787 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Likely overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-very-likely-overrunning-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Mismatching new/free or malloc/delete](https://codeql.github.com/codeql-query-help/cpp/cpp-new-free-mismatch/) | 401 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing return-value check for a 'scanf'-like function](https://codeql.github.com/codeql-query-help/cpp/cpp-missing-check-scanf/) | 252, 253 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Multiplication result converted to larger type](https://codeql.github.com/codeql-query-help/cpp/cpp-integer-multiplication-cast-to-long/) | 190, 192, 197, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [No space for zero terminator](https://codeql.github.com/codeql-query-help/cpp/cpp-no-space-for-terminator/) | 131, 120, 122 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Non-constant format string](https://codeql.github.com/codeql-query-help/cpp/cpp-non-constant-format/) | 134 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Not enough memory allocated for array of pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-allocation-size/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Not enough memory allocated for pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-allocation-too-small/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [NULL application name with an unquoted path in call to CreateProcess](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-create-process-call/) | 428 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overflow in uncontrolled allocation size](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-allocation-size/) | 190, 789 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrun-write/) | 119, 131 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Pointer overflow check](https://codeql.github.com/codeql-query-help/cpp/cpp-pointer-overflow-check/) | 758 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Possibly wrong buffer size in string copy](https://codeql.github.com/codeql-query-help/cpp/cpp-bad-strncpy-size/) | 676, 119, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potential double free](https://codeql.github.com/codeql-query-help/cpp/cpp-double-free/) | 415 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potential exposure of sensitive system data to an unauthorized control sphere](https://codeql.github.com/codeql-query-help/cpp/cpp-potential-system-data-exposure/) | 497 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potential use after free](https://codeql.github.com/codeql-query-help/cpp/cpp-use-after-free/) | 416 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially overflowing call to snprintf](https://codeql.github.com/codeql-query-help/cpp/cpp-overflowing-snprintf/) | 190, 253 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially overrunning write with float to string conversion](https://codeql.github.com/codeql-query-help/cpp/cpp-overrunning-write-with-float/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially uninitialized local variable](https://codeql.github.com/codeql-query-help/cpp/cpp-uninitialized-local/) | 665, 457 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially unsafe call to strncat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strncat/) | 788, 676, 119, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially unsafe use of strcat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strcat/) | 676, 120, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Redundant null check due to previous dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-redundant-null-check-simple/) | 476 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Returning stack-allocated memory](https://codeql.github.com/codeql-query-help/cpp/cpp-return-stack-allocated-memory/) | 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Setting a DACL to NULL in a SECURITY_DESCRIPTOR](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-dacl-security-descriptor/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Signed overflow check](https://codeql.github.com/codeql-query-help/cpp/cpp-signed-overflow-check/) | 128, 190 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Static array access may cause overflow](https://codeql.github.com/codeql-query-help/cpp/cpp-static-buffer-overflow/) | 119, 131 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious 'sizeof' use](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-sizeof/) | 467 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious add with sizeof](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-add-sizeof/) | 468 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious pointer scaling](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious pointer scaling to void](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling-void/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Time-of-check time-of-use filesystem race condition](https://codeql.github.com/codeql-query-help/cpp/cpp-toctou-race-condition/) | 367 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Too few arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-number-format-arguments/) | 234, 685 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unbounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-unbounded-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data in arithmetic expression](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-arithmetic/) | 190, 191 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data in SQL query](https://codeql.github.com/codeql-query-help/cpp/cpp-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in OS command](https://codeql.github.com/codeql-query-help/cpp/cpp-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/cpp/cpp-path-injection/) | 022, 023, 036, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled process operation](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/) | 114 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe use of this in constructor](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-use-of-this/) | 670 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsigned difference expression compared to zero](https://codeql.github.com/codeql-query-help/cpp/cpp-unsigned-difference-expression-compared-zero/) | 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unterminated variadic call](https://codeql.github.com/codeql-query-help/cpp/cpp-unterminated-variadic-call/) | 121 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Untrusted input for a condition](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-permissions-check/) | 807 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Upcast array used in pointer arithmetic](https://codeql.github.com/codeql-query-help/cpp/cpp-upcast-array-pointer-arithmetic/) | 119, 843 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/cpp/cpp-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a cryptographic algorithm with insufficient key size](https://codeql.github.com/codeql-query-help/cpp/cpp-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a version of OpenSSL with Heartbleed](https://codeql.github.com/codeql-query-help/cpp/cpp-openssl-heartbleed/) | 327, 788 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-dangerous-function-overflow/) | 242, 676 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of expired stack-address](https://codeql.github.com/codeql-query-help/cpp/cpp-using-expired-stack-address/) | 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of potentially dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of string after lifetime ends](https://codeql.github.com/codeql-query-help/cpp/cpp-use-of-string-after-lifetime-ends/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Wrong type of arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-type-format-argument/) | 686 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/cpp/cpp-external-entity-expansion/) | 611 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

64
data/reusables/code-scanning/codeql-query-tables/csharp.md
View File

@@ -0,0 +1,64 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| ['requireSSL' attribute is not set to true](https://codeql.github.com/codeql-query-help/csharp/cs-web-requiressl-not-set/) | 319, 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/csharp/cs-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [ASP.NET config file enables directory browsing](https://codeql.github.com/codeql-query-help/csharp/cs-web-directory-browse-enabled/) | 548 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Assembly path injection](https://codeql.github.com/codeql-query-help/csharp/cs-assembly-path-injection/) | 114 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear text storage of sensitive information](https://codeql.github.com/codeql-query-help/csharp/cs-cleartext-storage-of-sensitive-information/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cookie security: overly broad domain](https://codeql.github.com/codeql-query-help/csharp/cs-web-broad-cookie-domain/) | 287 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cookie security: overly broad path](https://codeql.github.com/codeql-query-help/csharp/cs-web-broad-cookie-path/) | 287 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cookie security: persistent cookie](https://codeql.github.com/codeql-query-help/csharp/cs-web-persistent-cookie/) | 539 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Creating an ASP.NET debug binary may reveal sensitive information](https://codeql.github.com/codeql-query-help/csharp/cs-web-debug-binary/) | 11, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cross-site scripting](https://codeql.github.com/codeql-query-help/csharp/cs-web-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Denial of Service from comparison of user input against expensive regex](https://codeql.github.com/codeql-query-help/csharp/cs-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of untrusted data](https://codeql.github.com/codeql-query-help/csharp/cs-unsafe-deserialization-untrusted-input/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialized delegate](https://codeql.github.com/codeql-query-help/csharp/cs-deserialized-delegate/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Empty password in configuration file](https://codeql.github.com/codeql-query-help/csharp/cs-empty-password-in-configuration/) | 258, 862 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Encryption using ECB](https://codeql.github.com/codeql-query-help/csharp/cs-ecb-encryption/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exposure of private information](https://codeql.github.com/codeql-query-help/csharp/cs-exposure-of-sensitive-information/) | 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Failure to abandon session](https://codeql.github.com/codeql-query-help/csharp/cs-session-reuse/) | 384 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded connection string with credentials](https://codeql.github.com/codeql-query-help/csharp/cs-hardcoded-connection-string-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/csharp/cs-hardcoded-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Header checking disabled](https://codeql.github.com/codeql-query-help/csharp/cs-web-disabled-header-checking/) | 113 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper control of generation of code](https://codeql.github.com/codeql-query-help/csharp/cs-code-injection/) | 094, 095, 096 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/csharp/cs-information-exposure-through-exception/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through transmitted data](https://codeql.github.com/codeql-query-help/csharp/cs-sensitive-data-transmission/) | 201 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure Direct Object Reference](https://codeql.github.com/codeql-query-help/csharp/cs-web-insecure-direct-object-reference/) | 639 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure randomness](https://codeql.github.com/codeql-query-help/csharp/cs-insecure-randomness/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure SQL connection](https://codeql.github.com/codeql-query-help/csharp/cs-insecure-sql-connection/) | 327 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [LDAP query built from stored user-controlled sources](https://codeql.github.com/codeql-query-help/csharp/cs-stored-ldap-injection/) | 090 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [LDAP query built from user-controlled sources](https://codeql.github.com/codeql-query-help/csharp/cs-ldap-injection/) | 090 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log entries created from user input](https://codeql.github.com/codeql-query-help/csharp/cs-log-forging/) | 117 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing cross-site request forgery token validation](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-token-validation/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing function level access control](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-function-level-access-control/) | 285, 284, 862 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing global error handler](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-global-error-handler/) | 12, 248 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing X-Frame-Options HTTP header](https://codeql.github.com/codeql-query-help/csharp/cs-web-missing-x-frame-options/) | 451, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing XML validation](https://codeql.github.com/codeql-query-help/csharp/cs-xml-missing-validation/) | 112 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Password in configuration file](https://codeql.github.com/codeql-query-help/csharp/cs-password-in-configuration/) | 13, 256, 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/csharp/cs-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resource injection](https://codeql.github.com/codeql-query-help/csharp/cs-resource-injection/) | 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Serialization check bypass](https://codeql.github.com/codeql-query-help/csharp/cs-serialization-check-bypass/) | 20 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from stored user-controlled sources](https://codeql.github.com/codeql-query-help/csharp/cs-second-order-sql-injection/) | 089 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/csharp/cs-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored cross-site scripting](https://codeql.github.com/codeql-query-help/csharp/cs-web-stored-xss/) | 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored XPath injection](https://codeql.github.com/codeql-query-help/csharp/cs-xml-stored-xpath-injection/) | 643 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Thread-unsafe capturing of an ICryptoTransform object](https://codeql.github.com/codeql-query-help/csharp/cs-thread-unsafe-icryptotransform-captured-in-lambda/) | 362 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Thread-unsafe use of a static ICryptoTransform field](https://codeql.github.com/codeql-query-help/csharp/cs-thread-unsafe-icryptotransform-field-in-class/) | 362 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/csharp/cs-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line from stored user input](https://codeql.github.com/codeql-query-help/csharp/cs-stored-command-line-injection/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/csharp/cs-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/csharp/cs-uncontrolled-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Untrusted XML is read insecurely](https://codeql.github.com/codeql-query-help/csharp/cs-xml-insecure-dtd-handling/) | 611, 827, 776 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unvalidated local pointer arithmetic](https://codeql.github.com/codeql-query-help/csharp/cs-unvalidated-local-pointer-arithmetic/) | 119, 120, 122, 788 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/csharp/cs-web-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of file upload](https://codeql.github.com/codeql-query-help/csharp/cs-web-file-upload/) | 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled bypass of sensitive method](https://codeql.github.com/codeql-query-help/csharp/cs-user-controlled-bypass/) | 807, 247, 350 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak encryption](https://codeql.github.com/codeql-query-help/csharp/cs-weak-encryption/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak encryption: inadequate RSA padding](https://codeql.github.com/codeql-query-help/csharp/cs-inadequate-rsa-padding/) | 327, 780 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak encryption: Insufficient key size](https://codeql.github.com/codeql-query-help/csharp/cs-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML injection](https://codeql.github.com/codeql-query-help/csharp/cs-xml-injection/) | 091 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath injection](https://codeql.github.com/codeql-query-help/csharp/cs-xml-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

34
data/reusables/code-scanning/codeql-query-tables/go.md
View File

@@ -0,0 +1,34 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/go/go-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file write extracting an archive containing symbolic links](https://codeql.github.com/codeql-query-help/go/go-unsafe-unzip-symlink/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad redirect check](https://codeql.github.com/codeql-query-help/go/go-bad-redirect-check/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/go/go-clear-text-logging/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Command built from user-controlled sources](https://codeql.github.com/codeql-query-help/go/go-command-injection/) | 078 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/go/go-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabled TLS certificate check](https://codeql.github.com/codeql-query-help/go/go-disabled-certificate-check/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Email content injection](https://codeql.github.com/codeql-query-help/go/go-email-injection/) | 640 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/go/go-hardcoded-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/go/go-incomplete-hostname-regexp/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL scheme check](https://codeql.github.com/codeql-query-help/go/go-incomplete-url-scheme-check/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect conversion between integer types](https://codeql.github.com/codeql-query-help/go/go-incorrect-integer-conversion/) | 190, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/go/go-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure TLS configuration](https://codeql.github.com/codeql-query-help/go/go-insecure-tls/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log entries created from user input](https://codeql.github.com/codeql-query-help/go/go-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/go/go-regex-missing-regexp-anchor/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Open URL redirect](https://codeql.github.com/codeql-query-help/go/go-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially unsafe quoting](https://codeql.github.com/codeql-query-help/go/go-unsafe-quoting/) | 078, 089, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected cross-site scripting](https://codeql.github.com/codeql-query-help/go/go-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Size computation for allocation may overflow](https://codeql.github.com/codeql-query-help/go/go-allocation-size-overflow/) | 190 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Suspicious characters in a regular expression](https://codeql.github.com/codeql-query-help/go/go-suspicious-character-in-regex/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in network request](https://codeql.github.com/codeql-query-help/go/go-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/go/go-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a weak cryptographic key](https://codeql.github.com/codeql-query-help/go/go-weak-crypto-key/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of constant `state` value in OAuth 2.0 URL](https://codeql.github.com/codeql-query-help/go/go-constant-oauth2-state/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of insecure HostKeyCallback implementation](https://codeql.github.com/codeql-query-help/go/go-insecure-hostkeycallback/) | 322 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of insufficient randomness as the key of a cryptographic algorithm](https://codeql.github.com/codeql-query-help/go/go-insecure-randomness/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath injection](https://codeql.github.com/codeql-query-help/go/go-xml-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

105
data/reusables/code-scanning/codeql-query-tables/java.md
View File

@@ -0,0 +1,105 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [`TrustManager` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-insecure-trustmanager/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Access Java object methods through JavaScript exposure](https://codeql.github.com/codeql-query-help/java/java-android-webview-addjavascriptinterface/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android `WebView` that accepts all certificates](https://codeql.github.com/codeql-query-help/java/java-improper-webview-certificate-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android APK installation](https://codeql.github.com/codeql-query-help/java/java-android-arbitrary-apk-installation/) | 094 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android debuggable attribute enabled](https://codeql.github.com/codeql-query-help/java/java-android-debuggable-attribute-enabled/) | 489 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android fragment injection](https://codeql.github.com/codeql-query-help/java/java-android-fragment-injection/) | 470 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android fragment injection in PreferenceActivity](https://codeql.github.com/codeql-query-help/java/java-android-fragment-injection-preference-activity/) | 470 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android Intent redirection](https://codeql.github.com/codeql-query-help/java/java-android-intent-redirection/) | 926, 940 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android missing certificate pinning](https://codeql.github.com/codeql-query-help/java/java-android-missing-certificate-pinning/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android sensitive keyboard cache](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-keyboard-cache/) | 524 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android WebSettings file access](https://codeql.github.com/codeql-query-help/java/java-android-websettings-file-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android Webview debugging enabled](https://codeql.github.com/codeql-query-help/java/java-android-webview-debugging-enabled/) | 489 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Android WebView JavaScript settings](https://codeql.github.com/codeql-query-help/java/java-android-websettings-javascript-enabled/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Android WebView settings allows access to content links](https://codeql.github.com/codeql-query-help/java/java-android-websettings-allow-content-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Application backup allowed](https://codeql.github.com/codeql-query-help/java/java-android-backup-enabled/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/java/java-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Building a command line with string concatenation](https://codeql.github.com/codeql-query-help/java/java-concatenated-command-line/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in cookie](https://codeql.github.com/codeql-query-help/java/java-cleartext-storage-in-cookie/) | 315 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in the Android filesystem](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-filesystem/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using 'Properties' class](https://codeql.github.com/codeql-query-help/java/java-cleartext-storage-in-properties/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using `SharedPreferences` on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-shared-prefs/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information using a local database on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-database/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/java/java-comparison-with-wider-type/) | 190, 197 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Cross-site scripting](https://codeql.github.com/codeql-query-help/java/java-xss/) | 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Depending upon JCenter/Bintray as an artifact repository](https://codeql.github.com/codeql-query-help/java/java-maven-dependency-upon-bintray/) | 1104 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/java/java-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Detect JHipster Generator Vulnerability CVE-2019-16303](https://codeql.github.com/codeql-query-help/java/java-jhipster-prng/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabled Netty HTTP header validation](https://codeql.github.com/codeql-query-help/java/java-netty-http-request-or-response-splitting/) | 93, 113 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabled Spring CSRF protection](https://codeql.github.com/codeql-query-help/java/java-spring-disabled-csrf-protection/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Executing a command with a relative path](https://codeql.github.com/codeql-query-help/java/java-relative-path-command/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Expression language injection (JEXL)](https://codeql.github.com/codeql-query-help/java/java-jexl-expression-injection/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Expression language injection (MVEL)](https://codeql.github.com/codeql-query-help/java/java-mvel-expression-injection/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Expression language injection (Spring)](https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Failure to use HTTPS or SFTP URL in Maven artifact upload/download](https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Failure to use secure cookies](https://codeql.github.com/codeql-query-help/java/java-insecure-cookie/) | 614 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Groovy Language injection](https://codeql.github.com/codeql-query-help/java/java-groovy-injection/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credential in API call](https://codeql.github.com/codeql-query-help/java/java-hardcoded-credential-api-call/) | 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [HTTP response splitting](https://codeql.github.com/codeql-query-help/java/java-http-response-splitting/) | 113 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Implicit narrowing conversion in compound assignment](https://codeql.github.com/codeql-query-help/java/java-implicit-cast-in-compound-assignment/) | 190, 192, 197, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Implicitly exported Android component](https://codeql.github.com/codeql-query-help/java/java-android-implicitly-exported-component/) | 926 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper validation of user-provided array index](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-index/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper validation of user-provided size used for array construction](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-construction/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper verification of intent by broadcast receiver](https://codeql.github.com/codeql-query-help/java/java-improper-intent-verification/) | 925 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/java/java-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/java/java-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure basic authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-basic-auth/) | 522, 319 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure Bean Validation](https://codeql.github.com/codeql-query-help/java/java-insecure-bean-validation/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure JavaMail SSL Configuration](https://codeql.github.com/codeql-query-help/java/java-insecure-smtp-ssl/) | 297 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure LDAP authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-ldap-auth/) | 522, 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insertion of sensitive information into log files](https://codeql.github.com/codeql-query-help/java/java-sensitive-log/) | 532 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Intent URI permission manipulation](https://codeql.github.com/codeql-query-help/java/java-android-intent-uri-permission-manipulation/) | 266, 926 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JNDI lookup with user-controlled name](https://codeql.github.com/codeql-query-help/java/java-jndi-injection/) | 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [LDAP query built from user-controlled sources](https://codeql.github.com/codeql-query-help/java/java-ldap-injection/) | 090 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Leaking sensitive information through a ResultReceiver](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-result-receiver/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Leaking sensitive information through an implicit Intent](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-communication/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Local information disclosure in a temporary directory](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/) | 200, 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Log Injection](https://codeql.github.com/codeql-query-help/java/java-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Loop with unreachable exit condition](https://codeql.github.com/codeql-query-help/java/java-unreachable-exit-in-loop/) | 835 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing JWT signature check](https://codeql.github.com/codeql-query-help/java/java-missing-jwt-signature-check/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing read or write permission in a content provider](https://codeql.github.com/codeql-query-help/java/java-android-incomplete-provider-permissions/) | 926 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [OGNL Expression Language statement with user-controlled input](https://codeql.github.com/codeql-query-help/java/java-ognl-injection/) | 917 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/java/java-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Partial path traversal vulnerability](https://codeql.github.com/codeql-query-help/java/java-partial-path-traversal/) | 023 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Partial path traversal vulnerability from remote](https://codeql.github.com/codeql-query-help/java/java-partial-path-traversal-from-remote/) | 023 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/java/java-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Query built by concatenation with a possibly-untrusted string](https://codeql.github.com/codeql-query-help/java/java-concatenated-sql-query/) | 089, 564 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Query built from user-controlled sources](https://codeql.github.com/codeql-query-help/java/java-sql-injection/) | 089, 564 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Race condition in socket authentication](https://codeql.github.com/codeql-query-help/java/java-socket-auth-race-condition/) | 421 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Reading from a world writable file](https://codeql.github.com/codeql-query-help/java/java-world-writable-file-read/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/java/java-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resolving XML external entity in user-controlled data](https://codeql.github.com/codeql-query-help/java/java-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side request forgery](https://codeql.github.com/codeql-query-help/java/java-ssrf/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side template injection](https://codeql.github.com/codeql-query-help/java/java-server-side-template-injection/) | 1336, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Time-of-check time-of-use race condition](https://codeql.github.com/codeql-query-help/java/java-toctou-race-condition/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Trust boundary violation](https://codeql.github.com/codeql-query-help/java/java-trust-boundary-violation/) | 501 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/java/java-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-uncontrolled-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in content resolution](https://codeql.github.com/codeql-query-help/java/java-android-unsafe-content-uri-resolution/) | 441, 610 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) | 022, 023, 036, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unreleased lock](https://codeql.github.com/codeql-query-help/java/java-unreleased-lock/) | 764, 833 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe certificate trust](https://codeql.github.com/codeql-query-help/java/java-unsafe-cert-trust/) | 273 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe hostname verification](https://codeql.github.com/codeql-query-help/java/java-unsafe-hostname-verification/) | 297 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe resource fetching in Android WebView](https://codeql.github.com/codeql-query-help/java/java-android-unsafe-android-webview-fetch/) | 749, 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/java/java-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a cryptographic algorithm with insufficient key size](https://codeql.github.com/codeql-query-help/java/java-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a potentially broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/java/java-potentially-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a potentially dangerous function](https://codeql.github.com/codeql-query-help/java/java-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a predictable seed in a secure random number generator](https://codeql.github.com/codeql-query-help/java/java-predictable-seed/) | 335, 337 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/java/java-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of implicit PendingIntents](https://codeql.github.com/codeql-query-help/java/java-android-implicit-pendingintents/) | 927 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of RSA algorithm without OAEP](https://codeql.github.com/codeql-query-help/java/java-rsa-without-oaep/) | 780 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled bypass of sensitive method](https://codeql.github.com/codeql-query-help/java/java-user-controlled-bypass/) | 807, 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-tainted-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled data in numeric cast](https://codeql.github.com/codeql-query-help/java/java-tainted-numeric-cast/) | 197, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled data used in permissions check](https://codeql.github.com/codeql-query-help/java/java-tainted-permissions-check/) | 807, 290 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Using a static initialization vector for encryption](https://codeql.github.com/codeql-query-help/java/java-static-initialization-vector/) | 329, 1204 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath injection](https://codeql.github.com/codeql-query-help/java/java-xml-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XSLT transformation with user-controlled stylesheet](https://codeql.github.com/codeql-query-help/java/java-xslt-injection/) | 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

107
data/reusables/code-scanning/codeql-query-tables/javascript.md
View File

@@ -0,0 +1,107 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Arbitrary file access during archive extraction ("Zip Slip")](https://codeql.github.com/codeql-query-help/javascript/js-zipslip/) | 022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/javascript/js-bad-tag-filter/) | 020, 080, 116, 184, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Case-sensitive middleware path](https://codeql.github.com/codeql-query-help/javascript/js-case-sensitive-middleware-path/) | 178 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear text storage of sensitive information](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-storage-of-sensitive-data/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear text transmission of sensitive cookie](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-cookie/) | 614, 311, 312, 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/javascript/js-clear-text-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side request forgery](https://codeql.github.com/codeql-query-help/javascript/js-client-side-request-forgery/) | 918 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Client-side URL redirect](https://codeql.github.com/codeql-query-help/javascript/js-client-side-unvalidated-url-redirection/) | 079, 116, 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/javascript/js-code-injection/) | 094, 095, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CORS misconfiguration for credentials transfer](https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials/) | 346, 639, 942 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Creating biased random numbers from a cryptographically secure source](https://codeql.github.com/codeql-query-help/javascript/js-biased-cryptographic-random/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cross-window communication with unrestricted target origin](https://codeql.github.com/codeql-query-help/javascript/js-cross-window-information-leak/) | 201, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/javascript/js-sql-injection/) | 089, 090, 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dependency download using unencrypted communication channel](https://codeql.github.com/codeql-query-help/javascript/js-insecure-dependency/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling certificate validation](https://codeql.github.com/codeql-query-help/javascript/js-disabling-certificate-validation/) | 295, 297 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling Electron webSecurity](https://codeql.github.com/codeql-query-help/javascript/js-disabling-electron-websecurity/) | 79 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Disabling SCE](https://codeql.github.com/codeql-query-help/javascript/js-angular-disabling-sce/) | 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [DOM text reinterpreted as HTML](https://codeql.github.com/codeql-query-help/javascript/js-xss-through-dom/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Double compilation](https://codeql.github.com/codeql-query-help/javascript/js-angular-double-compilation/) | 1176 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Double escaping or unescaping](https://codeql.github.com/codeql-query-help/javascript/js-double-escaping/) | 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Download of sensitive file through insecure connection](https://codeql.github.com/codeql-query-help/javascript/js-insecure-download/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Empty password in configuration file](https://codeql.github.com/codeql-query-help/javascript/js-empty-password-in-configuration-file/) | 258, 862 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Enabling Electron allowRunningInsecureContent](https://codeql.github.com/codeql-query-help/javascript/js-enabling-electron-insecure-content/) | 494 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exception text reinterpreted as HTML](https://codeql.github.com/codeql-query-help/javascript/js-xss-through-exception/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Exposure of private files](https://codeql.github.com/codeql-query-help/javascript/js-exposure-of-private-files/) | 200, 219, 548 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Expression injection in Actions](https://codeql.github.com/codeql-query-help/javascript/js-actions-command-injection/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Failure to abandon session](https://codeql.github.com/codeql-query-help/javascript/js-session-fixation/) | 384 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [File data in outbound network request](https://codeql.github.com/codeql-query-help/javascript/js-file-access-to-http/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-credentials/) | 259, 321, 798 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded data interpreted as code](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-data-interpreted-as-code/) | 506 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Host header poisoning in email generation](https://codeql.github.com/codeql-query-help/javascript/js-host-header-forgery-in-email-generation/) | 640 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Improper code sanitization](https://codeql.github.com/codeql-query-help/javascript/js-bad-code-sanitization/) | 094, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete HTML attribute sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-html-attribute-sanitization/) | 079, 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete string escaping or encoding](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL scheme check](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-url-scheme-check/) | 020, 184 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-url-substring-sanitization/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incorrect suffix check](https://codeql.github.com/codeql-query-help/javascript/js-incorrect-suffix-check/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Indirect uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-indirect-command-line-injection/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/javascript/js-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/javascript/js-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure randomness](https://codeql.github.com/codeql-query-help/javascript/js-insecure-randomness/) | 338 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure temporary file](https://codeql.github.com/codeql-query-help/javascript/js-insecure-temporary-file/) | 377, 378 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure URL whitelist](https://codeql.github.com/codeql-query-help/javascript/js-angular-insecure-url-whitelist/) | 183, 625 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JWT missing secret or public key verification](https://codeql.github.com/codeql-query-help/javascript/js-jwt-missing-verification/) | 347 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log injection](https://codeql.github.com/codeql-query-help/javascript/js-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Loop bound injection](https://codeql.github.com/codeql-query-help/javascript/js-loop-bound-injection/) | 834, 730 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing CSRF middleware](https://codeql.github.com/codeql-query-help/javascript/js-missing-token-validation/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing origin verification in `postMessage` handler](https://codeql.github.com/codeql-query-help/javascript/js-missing-origin-check/) | 020, 940 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing rate limiting](https://codeql.github.com/codeql-query-help/javascript/js-missing-rate-limiting/) | 770, 307, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/javascript/js-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Network data written to file](https://codeql.github.com/codeql-query-help/javascript/js-http-to-file-access/) | 912, 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/javascript/js-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Password in configuration file](https://codeql.github.com/codeql-query-help/javascript/js-password-in-configuration-file/) | 256, 260, 313, 522 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/javascript/js-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Potential file system race condition](https://codeql.github.com/codeql-query-help/javascript/js-file-system-race/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Potentially unsafe external link](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-external-link/) | 200, 1022 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Prototype-polluting assignment](https://codeql.github.com/codeql-query-help/javascript/js-prototype-polluting-assignment/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Prototype-polluting function](https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution-utility/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Prototype-polluting merge call](https://codeql.github.com/codeql-query-help/javascript/js-prototype-pollution/) | 078, 079, 094, 400, 471, 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/javascript/js-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Remote property injection](https://codeql.github.com/codeql-query-help/javascript/js-remote-property-injection/) | 250, 400 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Replacement of a substring with itself](https://codeql.github.com/codeql-query-help/javascript/js-identity-replacement/) | 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resource exhaustion](https://codeql.github.com/codeql-query-help/javascript/js-resource-exhaustion/) | 400, 770 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resources exhaustion from deep object traversal](https://codeql.github.com/codeql-query-help/javascript/js-resource-exhaustion-from-deep-object-traversal/) | 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Second order command injection](https://codeql.github.com/codeql-query-help/javascript/js-second-order-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive cookie without SameSite restrictions](https://codeql.github.com/codeql-query-help/javascript/js-samesite-none-cookie/) | 1275 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive data read from GET request](https://codeql.github.com/codeql-query-help/javascript/js-sensitive-get-query/) | 598 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive server cookie exposed to the client](https://codeql.github.com/codeql-query-help/javascript/js-client-exposed-cookie/) | 1004 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server crash](https://codeql.github.com/codeql-query-help/javascript/js-server-crash/) | 248, 730 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side request forgery](https://codeql.github.com/codeql-query-help/javascript/js-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side URL redirect](https://codeql.github.com/codeql-query-help/javascript/js-server-side-unvalidated-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Shell command built from environment values](https://codeql.github.com/codeql-query-help/javascript/js-shell-command-injection-from-environment/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Storage of sensitive information in build artifact](https://codeql.github.com/codeql-query-help/javascript/js-build-artifact-leak/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored cross-site scripting](https://codeql.github.com/codeql-query-help/javascript/js-stored-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Template Object Injection](https://codeql.github.com/codeql-query-help/javascript/js-template-object-injection/) | 073, 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Type confusion through parameter tampering](https://codeql.github.com/codeql-query-help/javascript/js-type-confusion-through-parameter-tampering/) | 843 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/javascript/js-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unnecessary use of `cat` process](https://codeql.github.com/codeql-query-help/javascript/js-unnecessary-use-of-cat/) | 078 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe code constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-code-construction/) | 094, 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe dynamic method access](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-dynamic-method-access/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe expansion of self-closing HTML tag](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-html-expansion/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe HTML constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-html-constructed-from-input/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe jQuery plugin](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-jquery-plugin/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-shell-command-constructed-from-input/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unvalidated dynamic method call](https://codeql.github.com/codeql-query-help/javascript/js-unvalidated-dynamic-method-call/) | 754 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/javascript/js-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a weak cryptographic key](https://codeql.github.com/codeql-query-help/javascript/js-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/javascript/js-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of password hash with insufficient computational effort](https://codeql.github.com/codeql-query-help/javascript/js-insufficient-password-hash/) | 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Useless regular-expression character escape](https://codeql.github.com/codeql-query-help/javascript/js-useless-regexp-character-escape/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [User-controlled bypass of security check](https://codeql.github.com/codeql-query-help/javascript/js-user-controlled-bypass/) | 807, 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/javascript/js-xxe/) | 611, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML internal entity expansion](https://codeql.github.com/codeql-query-help/javascript/js-xml-bomb/) | 776, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath injection](https://codeql.github.com/codeql-query-help/javascript/js-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

47
data/reusables/code-scanning/codeql-query-tables/python.md
View File

@@ -0,0 +1,47 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Accepting unknown SSH host keys when using Paramiko](https://codeql.github.com/codeql-query-help/python/py-paramiko-missing-host-key-validation/) | 295 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Arbitrary file write during tarfile extraction](https://codeql.github.com/codeql-query-help/python/py-tarslip/) | 022 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/python/py-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Binding a socket to all network interfaces](https://codeql.github.com/codeql-query-help/python/py-bind-socket-all-network-interfaces/) | 200 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-storage-sensitive-data/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/python/py-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/python/py-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Default version of SSL/TLS may be insecure](https://codeql.github.com/codeql-query-help/python/py-insecure-default-protocol/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/python/py-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Flask app is run in debug mode](https://codeql.github.com/codeql-query-help/python/py-flask-debug/) | 215, 489 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Full server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-full-ssrf/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/python/py-hardcoded-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/python/py-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/python/py-incomplete-url-substring-sanitization/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/python/py-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/python/py-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure temporary file](https://codeql.github.com/codeql-query-help/python/py-insecure-temporary-file/) | 377 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Jinja2 templating with autoescape=False](https://codeql.github.com/codeql-query-help/python/py-jinja2-autoescape-false/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [LDAP query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-ldap-injection/) | 090 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log Injection](https://codeql.github.com/codeql-query-help/python/py-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive file permissions](https://codeql.github.com/codeql-query-help/python/py-overly-permissive-file/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/python/py-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [PAM authorization bypass due to incorrect usage](https://codeql.github.com/codeql-query-help/python/py-pam-auth-bypass/) | 285 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Partial server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-partial-ssrf/) | 918 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/python/py-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected server-side cross-site scripting](https://codeql.github.com/codeql-query-help/python/py-reflective-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/python/py-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Request without certificate validation](https://codeql.github.com/codeql-query-help/python/py-request-without-cert-validation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/python/py-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/python/py-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/python/py-shell-command-constructed-from-input/) | 078, 088, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/python/py-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/python/py-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/python/py-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of insecure SSL/TLS version](https://codeql.github.com/codeql-query-help/python/py-insecure-protocol/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of weak cryptographic key](https://codeql.github.com/codeql-query-help/python/py-weak-crypto-key/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/python/py-xxe/) | 611, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML internal entity expansion](https://codeql.github.com/codeql-query-help/python/py-xml-bomb/) | 776, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XPath query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

1
data/reusables/code-scanning/codeql-query-tables/query-suite-behavior.md Normal file
View File

@@ -0,0 +1 @@
All queries in the `default` query suite are run by default. If you choose to use the `security-extended` query suite, additional queries are run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/built-in-codeql-query-suites)."

47
data/reusables/code-scanning/codeql-query-tables/ruby.md
View File

@@ -0,0 +1,47 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/ruby/rb-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Badly anchored regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-regex-badly-anchored-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-storage-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/ruby/rb-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dependency download using unencrypted communication channel](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-dependency/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/ruby/rb-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Download of sensitive file through insecure connection](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-download/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/ruby/rb-hardcoded-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded data interpreted as code](https://codeql.github.com/codeql-query-help/ruby/rb-hardcoded-data-interpreted-as-code/) | 506 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete string escaping or encoding](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-url-substring-sanitization/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/ruby/rb-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log injection](https://codeql.github.com/codeql-query-help/ruby/rb-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/ruby/rb-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Network data written to file](https://codeql.github.com/codeql-query-help/ruby/rb-http-to-file-access/) | 912, 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/ruby/rb-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/ruby/rb-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Reflected server-side cross-site scripting](https://codeql.github.com/codeql-query-help/ruby/rb-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/ruby/rb-regexp-injection/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Request without certificate validation](https://codeql.github.com/codeql-query-help/ruby/rb-request-without-cert-validation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive data read from GET request](https://codeql.github.com/codeql-query-help/ruby/rb-sensitive-get-query/) | 598 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Server-side request forgery](https://codeql.github.com/codeql-query-help/ruby/rb-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/ruby/rb-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored cross-site scripting](https://codeql.github.com/codeql-query-help/ruby/rb-stored-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/ruby/rb-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/ruby/rb-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe code constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-unsafe-code-construction/) | 094, 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe HTML constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-html-constructed-from-input/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-shell-command-constructed-from-input/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/ruby/rb-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input](https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/ruby/rb-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak cookie configuration](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cookie-configuration/) | 732, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/ruby/rb-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

32
data/reusables/code-scanning/codeql-query-tables/swift.md
View File

@@ -0,0 +1,32 @@
{% rowheaders %}
| Query name | Related CWEs | Default | Extended |
| --- | --- | --- | --- |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/swift/swift-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext logging of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-logging/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in a local database](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-database/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext storage of sensitive information in an application preference store](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-storage-preferences/) | 312 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/swift/swift-cleartext-transmission/) | 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Constant password](https://codeql.github.com/codeql-query-help/swift/swift-constant-password/) | 259 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Database query built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Encryption using ECB](https://codeql.github.com/codeql-query-help/swift/swift-ecb-encryption/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded encryption key](https://codeql.github.com/codeql-query-help/swift/swift-hardcoded-key/) | 321 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/swift/swift-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/swift/swift-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure TLS configuration](https://codeql.github.com/codeql-query-help/swift/swift-insecure-tls/) | 757 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insufficient hash iterations](https://codeql.github.com/codeql-query-help/swift/swift-insufficient-hash-iterations/) | 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [JavaScript Injection](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-js-eval/) | 094, 095, 749 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/swift/swift-missing-regexp-anchor/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Predicate built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-predicate-injection/) | 943 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/swift/swift-regex-injection/) | 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Resolving XML external entity in user-controlled data](https://codeql.github.com/codeql-query-help/swift/swift-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Static initialization vector for encryption](https://codeql.github.com/codeql-query-help/swift/swift-static-initialization-vector/) | 329, 1204 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [String length conflation](https://codeql.github.com/codeql-query-help/swift/swift-string-length-conflation/) | 135 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [System command built from user-controlled sources](https://codeql.github.com/codeql-query-help/swift/swift-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/swift/swift-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/swift/swift-uncontrolled-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe WebView fetch](https://codeql.github.com/codeql-query-help/swift/swift-unsafe-webview-fetch/) | 079, 095, 749 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/swift/swift-weak-sensitive-data-hashing/) | 327, 328 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of constant salts](https://codeql.github.com/codeql-query-help/swift/swift-constant-salt/) | 760 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}

5
data/reusables/dependabot/dependabot-grouped-security-updates-beta-note.md Normal file
View File

@@ -0,0 +1,5 @@
{% note %}
**Note:** Grouped pull requests for {% data variables.product.prodname_dependabot_security_updates %} are in beta and subject to change.
{% endnote %}

7
data/reusables/dependabot/dependabot-security-updates-groups-supported.md Normal file
View File

@@ -0,0 +1,7 @@
You can only use the `dependabot.yml` file to create groups for {% data variables.product.prodname_dependabot_version_updates %}. Grouped {% data variables.product.prodname_dependabot_security_updates %} are enabled or disabled in your repository or organization settings and do not support customization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-grouped-security-updates)."
{% note %}
**Note:** If a grouped pull request for {% data variables.product.prodname_dependabot_version_updates %} contains a vulnerable package, {% data variables.product.prodname_dependabot_security_updates %} will still attempt to create a _separate_ pull request to update the vulnerable package to a secure version. Creating a separate pull request for security updates ensures you have visibility into package vulnerabilities.
{% endnote %}

1
data/reusables/desktop/desktop-cta-button.md Normal file
View File

@@ -0,0 +1 @@
<a href="https://desktop.github.com/" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Download {% data variables.product.prodname_desktop %}</span> {% octicon "link-external" height:16 %}</a>

11
data/reusables/projects/create-project.md
View File

@@ -4,9 +4,18 @@
![Screenshot showing profile tabs. The 'Projects' tab is highlighted with an orange outline.](/assets/images/help/projects-v2/tab-projects.png)
1. Click **New project**.
{%- ifversion projects-v2-org-templates-GA-updates %}
1. Select which type of project or template you want to use.
- To create a blank project, under "Start from scratch", click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
- To create a project from a template, click the template you want to use. You can select from the built-in templates curated by {% data variables.product.company_short %}, the templates created by your organization, and the recommended templates that have been chosen by your organization.
1. Optionally, if you selected a template, review the fields, views, workflows, and insights that will be created.
1. In the text box under "Project name", type a name for your new project.
1. Click **Create project**.
{%- else %}
1. Optionally, in the text box under "Project name", type a name for your new project.
![Screenshot showing the template selection modal. The title field is highlighted with an orange outline.](/assets/images/help/projects-v2/projects-select-template-title.png)
1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table** or **Board**.
1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
1. Click **Create**.
{%- endif %}

11
data/reusables/projects/create-user-project.md
View File

@@ -4,9 +4,18 @@
![Screenshot showing profile tabs. The 'Projects' tab is highlighted with an orange outline.](/assets/images/help/projects-v2/tab-projects.png)
1. Click **New project**.
{%- ifversion projects-v2-org-templates-GA-updates %}
1. Select which type of project or template you want to use.
- To create a blank project, under "Start from scratch", click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
- To create a project from a template, click the built-in template that you want to use.
1. Optionally, if you selected a template, review the fields, views, workflows, and insights that will be created.
1. In the text box under "Project name", type a name for your new project.
1. Click **Create project**.
{%- else %}
1. Optionally, in the text box under "Project name", type a name for your new project.
![Screenshot showing the template selection modal. The title field is highlighted with an orange outline.](/assets/images/help/projects-v2/projects-select-template-title.png)
1. Click a template or, to start with an empty project, click **Table** or **Board**.
1. Click a {% ifversion projects-v2-org-templates %}built-in template, a template from your organization{% else %}template{% endif %} or, to start with an empty project, click **Table**{% ifversion projects-v2-roadmaps %}, **Roadmap**,{% endif %} or **Board**.
1. Click **Create**.
{%- endif %}

4
data/reusables/projects/org-templates-release-stage.md
View File

@@ -1,5 +1,9 @@
{% ifversion ghes = 3.10 or ghes = 3.11 %}
{% note %}
**Note:** Project templates for organizations is currently in public beta and subject to change.
{% endnote %}
{% endif %}

2
data/reusables/projects/org-templates.md
View File

@@ -1 +1 @@
You can also set projects in your organization as templates that other organization members can then use as the base for the projects they create. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)."
You can also set projects in your organization as templates{% ifversion projects-v2-org-templates-GA-updates %}, and curate a list of recommended templates to highlight, {% endif %} that other organization members can then use as the base for the projects they create. For more information, see "[AUTOTITLE](/issues/planning-and-tracking-with-projects/managing-your-project/managing-project-templates-in-your-organization)."

5
data/reusables/scim/ghec-open-scim-beta-note.md
View File

@@ -2,7 +2,10 @@
{% note %}
**Note**: Support for provisioning users with {% data variables.product.company_short %}'s public SCIM schema is in public beta and subject to change. {% data variables.product.company_short %} recommends that you test provisioning in an environment that's isolated from the production data on your IdP and {% data variables.location.product_location %}.
**Notes**:
- Support for provisioning users with {% data variables.product.company_short %}'s public SCIM schema is in private beta and subject to change. To request access to the beta, contact your account manager on {% data variables.contact.contact_enterprise_sales %}.
- {% data variables.product.company_short %} recommends that you test provisioning in an environment that's isolated from the production data on your IdP and {% data variables.location.product_location %}.
{% endnote %}

2
data/reusables/secret-scanning/secret-scanning-configure-notifications.md
View File

@@ -1,7 +1,7 @@
When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. These users include:
- Repository administrators
- Security managers
- Users with with custom roles with read/write access
- Users with custom roles with read/write access
- Organization owners and enterprise owners, if they are administrators of repositories where secrets were leaked
{% note %}

4
data/secret-scanning.yml
View File

@@ -1849,7 +1849,7 @@
isPublic: false
isPrivateWithGhas: true
hasPushProtection: false
hasValidityCheck: false
hasValidityCheck: '{% ifversion fpt or ghes %}false{% else %}true{% endif %}'
- provider: 'Notion'
supportedSecret: 'Notion OAuth Client Secret'
@@ -2731,7 +2731,7 @@
isPublic: true
isPrivateWithGhas: true
hasPushProtection: false
hasValidityCheck: false
hasValidityCheck: '{% ifversion fpt or ghes %}false{% else %}true{% endif %}'
- provider: 'Stripe'
supportedSecret: 'Stripe Webhook Signing Secret'

3
data/variables/copilot.yml
View File

@@ -8,3 +8,6 @@ cfi_price_per_year: '$100 USD'
# Copilot billing: price per month for Copilot for Business
cfb_price_per_month: '$19 USD'
# Copilot Chat in GitHub.com: maximum number of repos that can be indexed for an org
max-chat-indexed-repos: '50'

461
package-lock.json generated
View File

@@ -95,13 +95,13 @@
"devDependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^6.0.0",
"@axe-core/playwright": "^4.8.1",
"@axe-core/playwright": "^4.8.2",
"@github/markdownlint-github": "^0.4.1",
"@graphql-inspector/core": "^5.0.0",
"@graphql-tools/load": "^8.0.0",
"@jest/globals": "29.7.0",
"@octokit/rest": "^20.0.2",
"@playwright/test": "1.39.0",
"@playwright/test": "1.40.1",
"@types/imurmurhash": "^0.1.4",
"@types/js-cookie": "^3.0.6",
"@types/lodash": "^4.14.201",
@@ -152,6 +152,7 @@
"sass": "^1.52.3",
"start-server-and-test": "^2.0.3",
"ts-jest": "29.1.1",
"tsx": "4.6.2",
"typescript": "^5.2.2",
"unist-util-remove": "^4.0.0",
"unist-util-visit-parents": "6.0.1",
@@ -224,9 +225,9 @@
}
},
"node_modules/@axe-core/playwright": {
"version": "4.8.1",
"resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.8.1.tgz",
"integrity": "sha512-KC1X++UdRAwMLRvB+BIKFheyLHUnbJTL0t0Wbv6TJMozn2V2QyEtAcN6jyUiudtGiLUGhHCtj/eWorBnVZ4dAA==",
"version": "4.8.2",
"resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.8.2.tgz",
"integrity": "sha512-9KOhX2tNuvqn9DzpBNyqoqNKRZBrexeSiN9irQ0sEdq8zH13JnatepCJxobuXn4UopNy6iIpP4342beMiH+MSQ==",
"dev": true,
"dependencies": {
"axe-core": "~4.8.2"
@@ -930,6 +931,358 @@
"version": "0.7.5",
"license": "MIT"
},
"node_modules/@esbuild/android-arm": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.18.20.tgz",
"integrity": "sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw==",
"cpu": [
"arm"
],
"dev": true,
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/android-arm64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.18.20.tgz",
"integrity": "sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ==",
"cpu": [
"arm64"
],
"dev": true,
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/android-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.18.20.tgz",
"integrity": "sha512-8GDdlePJA8D6zlZYJV/jnrRAi6rOiNaCC/JclcXpB+KIuvfBN4owLtgzY2bsxnx666XjJx2kDPUmnTtR8qKQUg==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"android"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/darwin-arm64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.18.20.tgz",
"integrity": "sha512-bxRHW5kHU38zS2lPTPOyuyTm+S+eobPUnTNkdJEfAddYgEcll4xkT8DB9d2008DtTbl7uJag2HuE5NZAZgnNEA==",
"cpu": [
"arm64"
],
"dev": true,
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/darwin-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.18.20.tgz",
"integrity": "sha512-pc5gxlMDxzm513qPGbCbDukOdsGtKhfxD1zJKXjCCcU7ju50O7MeAZ8c4krSJcOIJGFR+qx21yMMVYwiQvyTyQ==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/freebsd-arm64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.18.20.tgz",
"integrity": "sha512-yqDQHy4QHevpMAaxhhIwYPMv1NECwOvIpGCZkECn8w2WFHXjEwrBn3CeNIYsibZ/iZEUemj++M26W3cNR5h+Tw==",
"cpu": [
"arm64"
],
"dev": true,
"optional": true,
"os": [
"freebsd"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/freebsd-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.18.20.tgz",
"integrity": "sha512-tgWRPPuQsd3RmBZwarGVHZQvtzfEBOreNuxEMKFcd5DaDn2PbBxfwLcj4+aenoh7ctXcbXmOQIn8HI6mCSw5MQ==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"freebsd"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-arm": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.18.20.tgz",
"integrity": "sha512-/5bHkMWnq1EgKr1V+Ybz3s1hWXok7mDFUMQ4cG10AfW3wL02PSZi5kFpYKrptDsgb2WAJIvRcDm+qIvXf/apvg==",
"cpu": [
"arm"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-arm64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.18.20.tgz",
"integrity": "sha512-2YbscF+UL7SQAVIpnWvYwM+3LskyDmPhe31pE7/aoTMFKKzIc9lLbyGUpmmb8a8AixOL61sQ/mFh3jEjHYFvdA==",
"cpu": [
"arm64"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-ia32": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.18.20.tgz",
"integrity": "sha512-P4etWwq6IsReT0E1KHU40bOnzMHoH73aXp96Fs8TIT6z9Hu8G6+0SHSw9i2isWrD2nbx2qo5yUqACgdfVGx7TA==",
"cpu": [
"ia32"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-loong64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.18.20.tgz",
"integrity": "sha512-nXW8nqBTrOpDLPgPY9uV+/1DjxoQ7DoB2N8eocyq8I9XuqJ7BiAMDMf9n1xZM9TgW0J8zrquIb/A7s3BJv7rjg==",
"cpu": [
"loong64"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-mips64el": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.18.20.tgz",
"integrity": "sha512-d5NeaXZcHp8PzYy5VnXV3VSd2D328Zb+9dEq5HE6bw6+N86JVPExrA6O68OPwobntbNJ0pzCpUFZTo3w0GyetQ==",
"cpu": [
"mips64el"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-ppc64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.18.20.tgz",
"integrity": "sha512-WHPyeScRNcmANnLQkq6AfyXRFr5D6N2sKgkFo2FqguP44Nw2eyDlbTdZwd9GYk98DZG9QItIiTlFLHJHjxP3FA==",
"cpu": [
"ppc64"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-riscv64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.18.20.tgz",
"integrity": "sha512-WSxo6h5ecI5XH34KC7w5veNnKkju3zBRLEQNY7mv5mtBmrP/MjNBCAlsM2u5hDBlS3NGcTQpoBvRzqBcRtpq1A==",
"cpu": [
"riscv64"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-s390x": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.18.20.tgz",
"integrity": "sha512-+8231GMs3mAEth6Ja1iK0a1sQ3ohfcpzpRLH8uuc5/KVDFneH6jtAJLFGafpzpMRO6DzJ6AvXKze9LfFMrIHVQ==",
"cpu": [
"s390x"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/linux-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.18.20.tgz",
"integrity": "sha512-UYqiqemphJcNsFEskc73jQ7B9jgwjWrSayxawS6UVFZGWrAAtkzjxSqnoclCXxWtfwLdzU+vTpcNYhpn43uP1w==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"linux"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/netbsd-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.18.20.tgz",
"integrity": "sha512-iO1c++VP6xUBUmltHZoMtCUdPlnPGdBom6IrO4gyKPFFVBKioIImVooR5I83nTew5UOYrk3gIJhbZh8X44y06A==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"netbsd"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/openbsd-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.18.20.tgz",
"integrity": "sha512-e5e4YSsuQfX4cxcygw/UCPIEP6wbIL+se3sxPdCiMbFLBWu0eiZOJ7WoD+ptCLrmjZBK1Wk7I6D/I3NglUGOxg==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"openbsd"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/sunos-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.18.20.tgz",
"integrity": "sha512-kDbFRFp0YpTQVVrqUd5FTYmWo45zGaXe0X8E1G/LKFC0v8x0vWrhOWSLITcCn63lmZIxfOMXtCfti/RxN/0wnQ==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"sunos"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/win32-arm64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.18.20.tgz",
"integrity": "sha512-ddYFR6ItYgoaq4v4JmQQaAI5s7npztfV4Ag6NrhiaW0RrnOXqBkgwZLofVTlq1daVTQNhtI5oieTvkRPfZrePg==",
"cpu": [
"arm64"
],
"dev": true,
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/win32-ia32": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.18.20.tgz",
"integrity": "sha512-Wv7QBi3ID/rROT08SABTS7eV4hX26sVduqDOTe1MvGMjNd3EjOz4b7zeexIR62GTIEKrfJXKL9LFxTYgkyeu7g==",
"cpu": [
"ia32"
],
"dev": true,
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@esbuild/win32-x64": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.18.20.tgz",
"integrity": "sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ==",
"cpu": [
"x64"
],
"dev": true,
"optional": true,
"os": [
"win32"
],
"engines": {
"node": ">=12"
}
},
"node_modules/@eslint-community/eslint-utils": {
"version": "4.4.0",
"dev": true,
@@ -2256,12 +2609,12 @@
"dev": true
},
"node_modules/@playwright/test": {
"version": "1.39.0",
"resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.39.0.tgz",
"integrity": "sha512-3u1iFqgzl7zr004bGPYiN/5EZpRUSFddQBra8Rqll5N0/vfpqlP9I9EXqAoGacuAbX6c9Ulg/Cjqglp5VkK6UQ==",
"version": "1.40.1",
"resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.40.1.tgz",
"integrity": "sha512-EaaawMTOeEItCRvfmkI9v6rBkF1svM8wjl/YPRrg2N2Wmp+4qJYkWtJsbew1szfKKDm6fPLy4YAanBhIlf9dWw==",
"dev": true,
"dependencies": {
"playwright": "1.39.0"
"playwright": "1.40.1"
},
"bin": {
"playwright": "cli.js"
@@ -5252,6 +5605,43 @@
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/esbuild": {
"version": "0.18.20",
"resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.18.20.tgz",
"integrity": "sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA==",
"dev": true,
"hasInstallScript": true,
"bin": {
"esbuild": "bin/esbuild"
},
"engines": {
"node": ">=12"
},
"optionalDependencies": {
"@esbuild/android-arm": "0.18.20",
"@esbuild/android-arm64": "0.18.20",
"@esbuild/android-x64": "0.18.20",
"@esbuild/darwin-arm64": "0.18.20",
"@esbuild/darwin-x64": "0.18.20",
"@esbuild/freebsd-arm64": "0.18.20",
"@esbuild/freebsd-x64": "0.18.20",
"@esbuild/linux-arm": "0.18.20",
"@esbuild/linux-arm64": "0.18.20",
"@esbuild/linux-ia32": "0.18.20",
"@esbuild/linux-loong64": "0.18.20",
"@esbuild/linux-mips64el": "0.18.20",
"@esbuild/linux-ppc64": "0.18.20",
"@esbuild/linux-riscv64": "0.18.20",
"@esbuild/linux-s390x": "0.18.20",
"@esbuild/linux-x64": "0.18.20",
"@esbuild/netbsd-x64": "0.18.20",
"@esbuild/openbsd-x64": "0.18.20",
"@esbuild/sunos-x64": "0.18.20",
"@esbuild/win32-arm64": "0.18.20",
"@esbuild/win32-ia32": "0.18.20",
"@esbuild/win32-x64": "0.18.20"
}
},
"node_modules/escalade": {
"version": "3.1.1",
"license": "MIT",
@@ -6764,9 +7154,9 @@
"license": "MIT"
},
"node_modules/get-tsconfig": {
"version": "4.7.0",
"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.0.tgz",
"integrity": "sha512-pmjiZ7xtB8URYm74PlGJozDNyhvsVLUcpBa8DZBG3bWHwaHa9bPiRpiSfovw+fjhwONSCWKRyk+JQHEGZmMrzw==",
"version": "4.7.2",
"resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.7.2.tgz",
"integrity": "sha512-wuMsz4leaj5hbGgg4IvDU0bqJagpftG5l5cXIAvo8uZrqn0NJqwtfupTN00VnkQJPcIRrxYrm1Ue24btpCha2A==",
"dev": true,
"dependencies": {
"resolve-pkg-maps": "^1.0.0"
@@ -12015,12 +12405,12 @@
}
},
"node_modules/playwright": {
"version": "1.39.0",
"resolved": "https://registry.npmjs.org/playwright/-/playwright-1.39.0.tgz",
"integrity": "sha512-naE5QT11uC/Oiq0BwZ50gDmy8c8WLPRTEWuSSFVG2egBka/1qMoSqYQcROMT9zLwJ86oPofcTH2jBY/5wWOgIw==",
"version": "1.40.1",
"resolved": "https://registry.npmjs.org/playwright/-/playwright-1.40.1.tgz",
"integrity": "sha512-2eHI7IioIpQ0bS1Ovg/HszsN/XKNwEG1kbzSDDmADpclKc7CyqkHw7Mg2JCz/bbCxg25QUPcjksoMW7JcIFQmw==",
"dev": true,
"dependencies": {
"playwright-core": "1.39.0"
"playwright-core": "1.40.1"
},
"bin": {
"playwright": "cli.js"
@@ -12033,9 +12423,9 @@
}
},
"node_modules/playwright-core": {
"version": "1.39.0",
"resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.39.0.tgz",
"integrity": "sha512-+k4pdZgs1qiM+OUkSjx96YiKsXsmb59evFoqv8SKO067qBA+Z2s/dCzJij/ZhdQcs2zlTAgRKfeiiLm8PQ2qvw==",
"version": "1.40.1",
"resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.40.1.tgz",
"integrity": "sha512-+hkOycxPiV534c4HhpfX6yrlawqVUzITRKwHAmYfmsVreltEl6fAZJ3DPfLMOODw0H3s1Itd6MDCWmP1fl/QvQ==",
"dev": true,
"bin": {
"playwright-core": "cli.js"
@@ -14913,6 +15303,39 @@
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.3.tgz",
"integrity": "sha512-mSxlJJwl3BMEQCUNnxXBU9jP4JBktcEGhURcPR6VQVlnP0FdDEsIaz0C35dXNGLyRfrATNofF0F5p2KPxQgB+w=="
},
"node_modules/tsx": {
"version": "4.6.2",
"resolved": "https://registry.npmjs.org/tsx/-/tsx-4.6.2.tgz",
"integrity": "sha512-QPpBdJo+ZDtqZgAnq86iY/PD2KYCUPSUGIunHdGwyII99GKH+f3z3FZ8XNFLSGQIA4I365ui8wnQpl8OKLqcsg==",
"dev": true,
"dependencies": {
"esbuild": "~0.18.20",
"get-tsconfig": "^4.7.2"
},
"bin": {
"tsx": "dist/cli.mjs"
},
"engines": {
"node": ">=18.0.0"
},
"optionalDependencies": {
"fsevents": "~2.3.3"
}
},
"node_modules/tsx/node_modules/fsevents": {
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
"integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
"dev": true,
"hasInstallScript": true,
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
}
},
"node_modules/tunnel": {
"version": "0.0.6",
"dev": true,

28
package.json
View File

@@ -16,28 +16,41 @@
},
"exports": "./src/frame/server.js",
"scripts": {
"analyze-text": "node src/search/scripts/analyze-text.js",
"archive-version": "node src/ghes-releases/scripts/archive-version.js",
"build": "next build",
"check-github-github-links": "node src/links/scripts/check-github-github-links.js",
"copy-fixture-data": "node src/tests/scripts/copy-fixture-data.js",
"create-translation-health-report": "node src/languages/scripts/create-translation-health-report.js",
"debug": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon --inspect src/frame/server.js",
"delete-orphan-translation-files": "tsx src/workflows/delete-orphan-translation-files.ts",
"dev": "cross-env npm start",
"find-orphaned-assets": "node src/assets/scripts/find-orphaned-assets.js",
"fixture-dev": "cross-env ROOT=src/fixtures/fixtures npm start",
"fixture-test": "cross-env ROOT=src/fixtures/fixtures npm test -- src/fixtures/tests",
"index-test-fixtures": "node src/search/scripts/index-elasticsearch.js -l en -l ja -V ghae -V dotcom --index-prefix tests -- src/search/tests/fixtures/search-indexes",
"lint": "eslint '**/*.{js,mjs,ts,tsx}'",
"lint-content": "node src/content-linter/scripts/lint-content.js",
"lint-translation": "cross-env NODE_OPTIONS=--experimental-vm-modules jest src/content-linter/tests/lint-files.js",
"generate-code-scanning-query-list": "tsx src/code-scanning/scripts/generate-code-scanning-query-list.ts",
"move-content": "node src/content-render/scripts/move-content.js",
"openapi-docs": "node src/rest/docs.js",
"playwright-test": "playwright test --config src/fixtures/playwright.config.ts --project=\"Google Chrome\"",
"post-lints": "node src/content-linter/scripts/post-lints.js",
"postinstall": "cp package-lock.json .installed.package-lock.json && echo \"Updated .installed.package-lock.json\" # see husky/post-checkout and husky/post-merge",
"prepare": "husky install src/workflows/husky",
"prettier": "prettier -w \"**/*.{ts,tsx,js,mjs,scss,yml,yaml}\"",
"prettier-check": "prettier -c \"**/*.{ts,tsx,js,mjs,scss,yml,yaml}\"",
"prevent-pushes-to-main": "node src/workflows/prevent-pushes-to-main.js",
"release-banner": "node src/ghes-releases/scripts/release-banner.js",
"remove-version-markup": "node src/ghes-releases/scripts/remove-version-markup.js",
"rendered-content-link-checker-cli": "node src/links/scripts/rendered-content-link-checker-cli.js",
"rest-dev": "node src/rest/scripts/update-files.js",
"show-action-deps": "echo 'Action Dependencies:' && rg '^[\\s|-]*(uses:.*)$' .github -I -N --no-heading -r '$1$2' | sort | uniq | cut -c 7-",
"start": "cross-env NODE_ENV=development ENABLED_LANGUAGES=en nodemon src/frame/server.js",
"start-all-languages": "cross-env NODE_ENV=development nodemon src/frame/server.js",
"start-for-playwright": "cross-env ROOT=src/fixtures/fixtures TRANSLATIONS_FIXTURE_ROOT=src/fixtures/fixtures/translations ENABLED_LANGUAGES=en,ja NODE_ENV=test node src/frame/server.js",
"symlink-from-local-repo": "node src/early-access/scripts/symlink-from-local-repo.js",
"sync-rest": "node src/rest/scripts/update-files.js",
"sync-search": "cross-env NODE_OPTIONS='--max_old_space_size=8192' start-server-and-test sync-search-server 4002 sync-search-indices",
"sync-search-ghes-release": "cross-env GHES_RELEASE=1 start-server-and-test sync-search-server 4002 sync-search-indices",
@@ -45,8 +58,15 @@
"sync-search-server": "cross-env NODE_ENV=production PORT=4002 MINIMAL_RENDER=true CHANGELOG_DISABLED=true node src/frame/server.js",
"sync-webhooks": "src/rest/scripts/update-files.js -o webhooks",
"test": "cross-env NODE_OPTIONS='--max_old_space_size=4096 --experimental-vm-modules' jest --logHeapUsage",
"test-local-dev": "node src/workflows/test-local-dev.js",
"test-moved-content": "tsx src/content-render/scripts/test-moved-content.ts",
"test-watch": "cross-env NODE_OPTIONS=--experimental-vm-modules jest --watch --notify --notifyMode=change --coverage",
"tsc": "tsc --noEmit"
"toggle-ghae-feature-flags": "node src/versions/scripts/toggle-ghae-feature-flags.js",
"tsc": "tsc --noEmit",
"update-data-and-image-paths": "node src/early-access/scripts/update-data-and-image-paths.js",
"update-internal-links": "node src/links/scripts/update-internal-links.js",
"validate-asset-images": "node src/assets/scripts/validate-asset-images.js",
"warmup-remotejson": "node src/archives/scripts/warmup-remotejson.js"
},
"lint-staged": {
"*.{js,mjs,ts,tsx}": "eslint --cache --fix",
@@ -171,6 +191,7 @@
]
},
"jest": {
"testTimeout": 30000,
"coverageThreshold": {
"global": {
"branches": 95,
@@ -292,13 +313,13 @@
"devDependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^6.0.0",
"@axe-core/playwright": "^4.8.1",
"@axe-core/playwright": "^4.8.2",
"@github/markdownlint-github": "^0.4.1",
"@graphql-inspector/core": "^5.0.0",
"@graphql-tools/load": "^8.0.0",
"@jest/globals": "29.7.0",
"@octokit/rest": "^20.0.2",
"@playwright/test": "1.39.0",
"@playwright/test": "1.40.1",
"@types/imurmurhash": "^0.1.4",
"@types/js-cookie": "^3.0.6",
"@types/lodash": "^4.14.201",
@@ -349,6 +370,7 @@
"sass": "^1.52.3",
"start-server-and-test": "^2.0.3",
"ts-jest": "29.1.1",
"tsx": "4.6.2",
"typescript": "^5.2.2",
"unist-util-remove": "^4.0.0",
"unist-util-visit-parents": "6.0.1",

20
src/audit-logs/data/ghec/enterprise.json
View File

@@ -109,11 +109,6 @@
"description": "A billing manager was added to an enterprise.",
"docs_reference_links": "N/A"
},
{
"action": "business.add_billing_viewer",
"description": "N/A",
"docs_reference_links": "N/A"
},
{
"action": "business.add_organization",
"description": "An organization was added to an enterprise.",
@@ -164,11 +159,6 @@
"description": "An invitation for someone to be an billing manager of an enterprise was canceled.",
"docs_reference_links": "N/A"
},
{
"action": "business.cancel_billing_viewer_invitation",
"description": "N/A",
"docs_reference_links": "N/A"
},
{
"action": "business.cancel_trial",
"description": "The trial of GitHub Enterprise Cloud was cancelled.",
@@ -304,11 +294,6 @@
"description": "An invitation for someone to be an billing manager of an enterprise was sent.",
"docs_reference_links": "N/A"
},
{
"action": "business.invite_billing_viewer",
"description": "N/A",
"docs_reference_links": "N/A"
},
{
"action": "business.members_can_update_protected_branches.clear",
"description": "An enterprise owner unset a policy for whether members of an enterprise can update protected branches on repositories for individual organizations. Organization owners can choose whether to allow updating protected branches settings.",
@@ -364,11 +349,6 @@
"description": "A billing manager was removed from an enterprise.",
"docs_reference_links": "N/A"
},
{
"action": "business.remove_billing_viewer",
"description": "N/A",
"docs_reference_links": "N/A"
},
{
"action": "business.remove_member",
"description": "A member was removed from an enterprise.",

2
src/audit-logs/lib/config.json
View File

@@ -1,4 +1,4 @@
{
"apiOnlyEventsAdditionalDescription": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
"sha": "68fdc3e1d8457be8528802ace4eb3f87def140fe"
"sha": "913efe44fbf62baf32088f71698cc1d7efeffdef"
}

Some files were not shown because too many files have changed in this diff Show More