Merge pull request github#744 from github/xcorail-patch-4

.github/ISSUE_TEMPLATE/all-for-one.yml

@@ -0,0 +1,91 @@
+name: All for One, One For All bounty submission
+description: Submit a CodeQL query for the All For One, One For All bounty (https://securitylab.github.com/bounties#allforone)
+title: "[<language>]: <short description>"
+labels: [All For One]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        # Introduction
+
+        Thank you for submitting a query to the GitHub CodeQL project!
+
+        After you submit this issue, the GitHub Security Lab and CodeQL teams will triage the submission and, if it meets the Query Bounty Program requirements, we will grant you a bounty through our HackerOne program.
+
+        Please make sure to carefully read the [bounty program description and conditions](https://securitylab.github.com/bounties#allforone)
+
+        # Questionnaire
+  - type: input
+    id: pr_url 
+    attributes:
+      label: Query PR
+      description: Link to pull request with your CodeQL query
+      placeholder: |
+        ex. https://github.com/github/codeql/pull/nnnn
+    validations:
+      required: true
+  - type: dropdown
+    id: language
+    attributes:
+      label: Language
+      description: What programming language is your query written for?
+      options:
+        - Java
+        - Javascript
+        - GoLang
+        - Python
+        - Ruby
+        - C/C++
+        - C#
+    validations:
+      required: true
+  - type: textarea
+    id: cve_ids
+    attributes:
+      label: CVE(s) ID list
+      description: Enter a list of the CVE ID(s) associated with this query, one bullet for each distinct CVE. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories). If the result(s) is **NOT YET** fixed **nor disclosed**, and you are still waiting for a CVE, then you can privately share your result via email to [security@github.com](mailto:security@github.com?subject=[BugBounty]%20Issue%20#000%20useful%20result)
+      placeholder: |
+        ex.
+        - [CVE-20nn-xxxx](<relevant URL>)
+        - [CVE-20nn-yyyy](<relevant URL>)
+    validations:
+      required: true
+  - type: input
+    id: cwe
+    attributes:
+      label: CWE
+      description: "[CWE](https://cwe.mitre.org/data/index.html) that best fits the vulnerability class modeled with your query"
+      placeholder: |
+        ex. CWE-502: Deserialization of Untrusted Data
+    validations:
+      required: false
+  - type: textarea
+    id: report
+    attributes:
+      label: Report
+      description: Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
+      placeholder: |
+        1. What is the vulnerability?
+        2. How does the vulnerability work?
+        3. What strategy do you use in your query to find the vulnerability?
+        4. How have you reduced the number of **false positives**?
+        5. Other information?
+    validations:
+      required: true
+  - type: checkboxes
+    id: social 
+    attributes:
+      label: Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). 
+      description: We would love to have you spread the word about the good work you are doing
+      options:
+        - label: "Yes"
+        - label: "No" 
+    validations:
+      required: true
+  - type: input
+    id: social_url
+    attributes:
+      label: Blog post link
+      description: If you have already blogged about your query, please provide a link.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/bug-slayer.yml

@@ -0,0 +1,66 @@
+name: The Bug Slayer bounty submission
+description: Submit a CodeQL query for the Bug Slayer bounty (https://securitylab.github.com/bounties)
+title: "[<language>]: <short description>"
+labels: [The Bug Slayer]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        # Introduction
+
+        Thank you for your submission to the bounty program!
+
+        After you submit this issue, the GitHub Security Lab and CodeQL teams will triage the submission and, if it meets the Query Bounty Program requirements, we will grant you a bounty through our HackerOne program.
+
+        Please make sure to carefully read the [bounty program description and conditions](https://securitylab.github.com/bounties/)
+
+        # Questionnaire
+  - type: textarea
+    id: cve_ids
+    attributes:
+      label: CVE(s) ID list
+      description: Enter a list of the CVE ID(s) associated with this query, one bullet for each distinct CVE. You need at least four high severity CVEs or two critical severity CVEs. 
+      placeholder: |
+        ex.
+        - [CVE-20nn-xxxx](<relevant URL>)
+        - [CVE-20nn-yyyy](<relevant URL>)
+    validations:
+      required: true
+  - type: input
+    id: a41_url 
+    attributes:
+      label: All For One submission
+      description: Link to the All For One submission with your CodeQL query
+      placeholder: |
+        ex. https://github.com/github/securitylab/issues/nnn
+    validations:
+      required: true
+  - type: textarea
+    id: details
+    attributes:
+      label: Details
+      description: Detail here how you found each CVE with your query. You can provide LGTM results, links to codeql DBs, ... anything that demonstrates that your query finds each CVE.
+      placeholder: |
+        ex.
+        - link/to/my/lgtm/runs
+        - link/to/gist/with/modified/query
+        - link/to/codeql/db
+    validations:
+      required: true
+  - type: checkboxes
+    id: social 
+    attributes:
+      label: Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
+      description: We would love to have you spread the word about the good work you are doing
+      options:
+        - label: "Yes"
+        - label: "No"
+    validations:
+      required: true
+  - type: input
+    id: social_url
+    attributes:
+      label: Blog post link
+      description: If you have already blogged about your query, please provide a link.
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/wall-of-fame.yml

@@ -0,0 +1,59 @@
+name: CodeQL Wall of Fame submission
+description: Propose an entry to the CodeQL Wall of Fame (https://securitylab.github.com/codeql-wall-of-fame)
+title: "[wall-of-fame]: <short description>"
+labels: [wall-of-fame]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        # Welcome!
+
+        Thank you for submitting an entry for the CodeQL Wall of Fame!
+
+        # Details
+  - type: input
+    id: date 
+    attributes:
+      label: Date
+      description: Publication date of the blog post, in YYYY-MM-DD format
+      placeholder: |
+        ex. 2023-01-01
+    validations:
+      required: true
+  - type: input
+    id: title 
+    attributes:
+      label: Title
+      description: Title of the blog post
+    validations:
+      required: true
+  - type: input
+    id: author
+    attributes:
+      label: Author
+      description: Author of the blog post
+    validations:
+      required: true
+  - type: input
+    id: url
+    attributes:
+      label: URL
+      description: URL of the blog post
+    validations:
+      required: true
+  - type: input
+    id: cve
+    attributes:
+      label: CVE
+      description: CVE ID(s), comma separated
+      placeholder: |
+        ex. CVE-2023-0001, CVE-2023-0002
+    validations:
+      required: true
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Short summary of the blog post
+    validations:
+      required: true