ci(codeql): try with alt qlpack.yml

damyanpetev · damyanpetev · commit 8639cbea7786 · 2026-03-12T15:48:10.000+02:00
diff --git a/.github/codeql/custom-queries-javascript/ShellSanitizer.qll b/.github/codeql/custom-queries-javascript/ShellSanitizer.qll
@@ -14,6 +14,3 @@ class ShellArgSanitizer extends CommandInjection::Sanitizer {
       this.(DataFlow::CallNode).getCalleeName() = "sanitizeShellArg"
     }
 }
-
-// needed to make the module valid https://codeql.github.com/docs/ql-language-reference/modules/#query-modules
-where 1 = 0 select "no-op"
diff --git a/.github/codeql/custom-queries-javascript/qlpack.yml b/.github/codeql/custom-queries-javascript/qlpack.yml
@@ -0,0 +1,4 @@
+name: igniteui-cli-custom-javascript-queries
+version: 0.0.0
+dependencies:
+  codeql/javascript-queries: "*"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -49,7 +49,7 @@ jobs:
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
-        queries: ./.github/codeql/custom-queries-javascript/ShellSanitizer.ql
+        queries: ./.github/codeql/custom-queries-javascript
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,3 @@ class ShellArgSanitizer extends CommandInjection::Sanitizer {`
`14`	`14`	`this.(DataFlow::CallNode).getCalleeName() = "sanitizeShellArg"`
`15`	`15`	`}`
`16`	`16`	`}`
`17`		`-`
`18`		`-// needed to make the module valid https://codeql.github.com/docs/ql-language-reference/modules/#query-modules`
`19`		`-where 1 = 0 select "no-op"`