github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Files
480bc8a2be646cccfd9a7ed53f4d6f54eeaba824
containerd/.github/workflows/codeql.yml
Danny Canter 52ef3468bc Update Go to 1.20.6,1.19.11 
go1.20.6 (released 2023-07-11) includes a security fix to the net/http
package, as well as bug fixes to the compiler, cgo, the cover tool, the
go command, the runtime, and the crypto/ecdsa, go/build, go/printer,
net/mail, and text/template packages. See the Go 1.20.6 milestone on
our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

- net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or
entire requests. The HTTP/1 client now refuses to send requests containing
an invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374

Signed-off-by: Danny Canter <danny@dcantah.dev>
2023-07-11 14:34:23 -07:00

52 lines
1.3 KiB
YAML
Raw Blame History

name: "CodeQL Scan"
on:
push:
branches:
- main
- "release/**"
pull_request:
branches:
- main
- "release/**"
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
CodeQL-Build:
if: github.repository == 'containerd/containerd'
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/analyze to upload SARIF results
strategy:
fail-fast: false
# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.20.6
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
- run: |
sudo apt-get install -y libseccomp-dev
make
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
Reference in New Issue View Git Blame Copy Permalink