Skip to content

Actions: Fix some Ql4Ql violations. #20324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2025
Merged

Actions: Fix some Ql4Ql violations. #20324

merged 1 commit into from
Sep 3, 2025

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Sep 1, 2025
edited
Loading

Fix some Ql4Ql violations based on the following checks

  • ql/field-only-used-in-charpred
  • ql/could-be-cast
  • ql/counting-to-zero
  • ql/dataflow-module-naming-convention
  • ql/if-with-none
  • ql/missing-parameter-qldoc
  • ql/misspelling

DCA looks good.

@github-actions github-actions bot added the Actions Analysis of GitHub Actions label Sep 1, 2025
@michaelnebel michaelnebel added the no-change-note-required This PR does not need a change note label Sep 2, 2025
@michaelnebel michaelnebel marked this pull request as ready for review September 2, 2025 07:17
@michaelnebel michaelnebel requested a review from a team as a code owner September 2, 2025 07:17
@Copilot Copilot AI review requested due to automatic review settings September 2, 2025 07:17
Copilot
Copilot AI reviewed Sep 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes Ql4Ql violations across various security-related query files in the GitHub Actions CodeQL library. The changes primarily address code quality issues by removing unused variables, simplifying conditional logic, and correcting minor documentation issues.

  • Eliminates unused variables in class constructors and predicates
  • Simplifies conditional logic patterns using exists clauses instead of if-then-else constructs
  • Fixes a spelling error in documentation

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file
File Description
ArtifactPoisoningPathTraversal.ql Refactors upload artifact check to use instanceof instead of exists
UseOfUnversionedImmutableAction.qll Removes unused immutable_action field
OutputClobberingQuery.qll Removes unused variables and moves them to exists scope
EnvVarInjectionQuery.qll Moves unused variables to exists scope in class constructors
ControlChecks.qll Moves unused condition variable to exists scope
ArtifactPoisoningQuery.qll Removes unused variables and refactors if-then-else to conditional logic
ArgumentInjectionQuery.qll Removes unused argument variables
FlowSources.qll Moves unused variables to exists scope
ExternalFlow.qll Refactors if-then-else to conditional logic
BasicBlocks.qll Fixes typo in comment from bb to bbStart
Ast.qll Refactors if-then-else constructs and fixes spelling error
Locations.qll Updates parameter names in documentation comment

@michaelnebel michaelnebel merged commit a9baf34 into github:main Sep 3, 2025
17 checks passed
@michaelnebel michaelnebel deleted the actions/ql4ql branch September 3, 2025 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@owen-mc owen-mc owen-mc approved these changes

Assignees
No one assigned
Labels
Actions Analysis of GitHub Actions no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michaelnebel @owen-mc