Merge branch 'main' into rust-ti-implementing-type-method

Author: paldepind

actions/ql/lib/CHANGELOG.md

@@ -4,7 +4,9 @@ No user-facing changes.
 
 ## 0.4.7
 
-No user-facing changes.
+### New Features
+
+* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
 
 ## 0.4.6
 

actions/ql/lib/change-notes/released/0.4.7.md

@@ -1,3 +1,5 @@
 ## 0.4.7
 
-No user-facing changes.
+### New Features
+
+* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.

actions/ql/src/CHANGELOG.md

@@ -20,6 +20,10 @@
 
 ## 0.5.4
 
+### New Features
+
+* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
+
 ### Bug Fixes
 
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

actions/ql/src/change-notes/released/0.5.4.md

@@ -1,5 +1,9 @@
 ## 0.5.4
 
+### New Features
+
+* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
+
 ### Bug Fixes
 
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

actions/ql/src/codeql-suites/actions-code-quality.qls

@@ -1 +1,3 @@
-[]
+- queries: .
+- apply: code-quality-selectors.yml
+  from: codeql/suite-helpers

cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql

@@ -44,6 +44,10 @@ module CastToPointerArithFlowConfig implements DataFlow::StateConfigSig {
     ) and
     getFullyConvertedType(node) = state
   }
+
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) }
+
+  predicate isBarrierOut(DataFlow::Node node) { isSink(node, _) }
 }
 
 /**

cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql

@@ -8,7 +8,7 @@
  * @security-severity 7.8
  * @precision high
  * @tags security
- *       external/cwe/cwe-14
+ *       external/cwe/cwe-014
  */
 
 import cpp

cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql

@@ -5,7 +5,7 @@
  *              to it.
  * @id cpp/count-untrusted-data-external-api
  * @kind table
- * @tags security external/cwe/cwe-20
+ * @tags security external/cwe/cwe-020
  */
 
 import cpp

cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql

@@ -5,7 +5,7 @@
  *              to it.
  * @id cpp/count-untrusted-data-external-api-ir
  * @kind table
- * @tags security external/cwe/cwe-20
+ * @tags security external/cwe/cwe-020
  */
 
 import cpp

cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql

@@ -6,7 +6,7 @@
  * @precision low
  * @problem.severity error
  * @security-severity 7.8
- * @tags security external/cwe/cwe-20
+ * @tags security external/cwe/cwe-020
  */
 
 import cpp