Harry Maclean
|
ae3d91b546
|
Ruby: First draft of rails callback flow
|
2023-02-21 19:26:36 +13:00 |
|
Harry Maclean
|
6eeb711988
|
Ruby: Add AdditionalJumpStep class
|
2023-02-21 19:26:36 +13:00 |
|
Alex Ford
|
774030a8db
|
Merge pull request #12083 from pwntester/ruby_twirp_support
[Ruby] Add support for Twirp framework
|
2023-02-20 13:16:52 +00:00 |
|
Michael Nebel
|
813ffa440c
|
Java: Consider ai-generated flow summaries to as generated summaries in dataflow.
|
2023-02-20 12:11:48 +01:00 |
|
Harry Maclean
|
4e07fd3eb1
|
Ruby: Model ApplicationController.renderer
|
2023-02-19 13:37:27 +13:00 |
|
gregxsunday
|
fe97d2a05d
|
fix file formatting
|
2023-02-17 14:01:28 +00:00 |
|
Grzegorz Niedziela
|
9d8c117c61
|
added QLDocs for ZipSlip module
|
2023-02-17 12:57:35 +00:00 |
|
Grzegorz Niedziela
|
652c7ff1ed
|
Push Sanitizer definition to ZipSlipCustomization.qll
|
2023-02-17 12:49:31 +00:00 |
|
Grzegorz Niedziela
|
8bbbb95a87
|
Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll
|
2023-02-17 12:49:04 +00:00 |
|
github-actions[bot]
|
8eb8daa4d4
|
Post-release preparation for codeql-cli-2.12.3
|
2023-02-16 17:23:25 +00:00 |
|
github-actions[bot]
|
b0315119c6
|
Release preparation for version 2.12.3
|
2023-02-16 11:49:06 +00:00 |
|
gregxsunday
|
d1aaa9ad86
|
Add ZipSlip/TarSlip query for ruby
|
2023-02-16 11:24:15 +00:00 |
|
Alex Ford
|
74782bf6a2
|
Merge branch 'main' into ruby_twirp_support
|
2023-02-15 17:15:08 +00:00 |
|
Alex Ford
|
1556b1a728
|
Merge branch 'main' into js-use-shared-cryptography
|
2023-02-15 17:13:53 +00:00 |
|
Alex Ford
|
43af306d60
|
dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()
|
2023-02-15 16:55:18 +00:00 |
|
Alex Ford
|
d4d0b91085
|
dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate
|
2023-02-15 16:23:46 +00:00 |
|
Alex Ford
|
c7aaad9ed0
|
JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby
|
2023-02-15 16:23:46 +00:00 |
|
Rasmus Wriedt Larsen
|
c72dbc49fc
|
Merge pull request #12165 from RasmusWL/crypto-updates
Python/Ruby/JS Crypto: Add a few algorithms + block modes
|
2023-02-15 14:35:40 +01:00 |
|
erik-krogh
|
17f7ba2a8f
|
rewrite the taint-step for join() to a flowsummary
|
2023-02-15 12:34:59 +01:00 |
|
erik-krogh
|
d2bd70dc33
|
Merge branch 'main' into more-shell-taint
|
2023-02-15 11:35:58 +01:00 |
|
Alvaro Muñoz
|
4644a88b89
|
address code review comments
|
2023-02-14 14:27:17 +01:00 |
|
Tom Hvitved
|
2113c3c3d9
|
Ruby: Remove NumberUtils.qll
|
2023-02-13 15:59:50 +01:00 |
|
Anders Schack-Mulligen
|
e877b161d8
|
Merge pull request #12124 from hvitved/dataflow/stage1-dispatch
Data flow: Call context virtual dispatch pruning in stage 1
|
2023-02-13 13:13:43 +01:00 |
|
Arthur Baars
|
457a2bb2a2
|
Merge pull request #12093 from aibaars/oneline-match
Ruby: add support for one-line pattern matches
|
2023-02-13 12:38:28 +01:00 |
|
Erik Krogh Kristensen
|
2f404df17c
|
Merge pull request #10782 from erik-krogh/rbPoly
Ruby: add library input as a source for `rb/polynomial-redos`
|
2023-02-13 12:26:07 +01:00 |
|
Erik Krogh Kristensen
|
26d5fb2412
|
Merge pull request #11824 from erik-krogh/secondMissAnchor
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
|
2023-02-13 11:26:05 +01:00 |
|
erik-krogh
|
634087b417
|
Merge branch 'main' into rbPoly
|
2023-02-13 10:46:00 +01:00 |
|
Rasmus Wriedt Larsen
|
5235964b07
|
sync files
|
2023-02-13 10:44:12 +01:00 |
|
Tom Hvitved
|
f7a5a33474
|
Address review comment
|
2023-02-13 09:01:15 +01:00 |
|
Arthur Baars
|
679f02c274
|
Address comments
|
2023-02-10 18:08:30 +01:00 |
|
Arthur Baars
|
07947e6528
|
Address comments
|
2023-02-09 12:02:14 +01:00 |
|
Arthur Baars
|
78ad9d67b4
|
Address comments
|
2023-02-08 13:40:46 +01:00 |
|
Tom Hvitved
|
8e8897b08b
|
Data flow: Sync files
|
2023-02-07 15:15:04 +01:00 |
|
Tom Hvitved
|
10534b62c9
|
Data flow: Call context virtual dispatch pruning in stage 1
|
2023-02-07 15:14:27 +01:00 |
|
Tom Hvitved
|
984729f9b0
|
Merge pull request #12117 from hvitved/ruby/delay-location-to-string
Ruby: Avoid computing `Location::toString` in full
|
2023-02-07 12:42:03 +01:00 |
|
Alvaro Muñoz
|
642a138eaa
|
Update Twirp.qll
|
2023-02-07 10:44:48 +01:00 |
|
Tom Hvitved
|
c0e3186607
|
Ruby: Avoid computing Location::toString in full
|
2023-02-07 10:06:47 +01:00 |
|
Mathias Vorreiter Pedersen
|
00fe448e3a
|
Merge pull request #12072 from aschackmull/dataflow/stage3-perf
Dataflow: Fix join in `fwdFlowRead` (take 2)
|
2023-02-06 10:43:11 +00:00 |
|
Arthur Baars
|
e382d6d000
|
Ruby: update stats
|
2023-02-06 10:28:19 +01:00 |
|
Arthur Baars
|
ec46f33a01
|
Ruby: add change note
|
2023-02-06 10:17:19 +01:00 |
|
Arthur Baars
|
4af0c4bb03
|
Ruby: desugar one-line pattern matches
|
2023-02-06 10:17:19 +01:00 |
|
Arthur Baars
|
edbba85b96
|
Ruby: add one-line pattern matches to AST
|
2023-02-06 10:17:18 +01:00 |
|
Arthur Baars
|
e390ca50b0
|
Ruby: upgrade/downgrade scripts
|
2023-02-06 10:17:18 +01:00 |
|
Arthur Baars
|
90c51ef404
|
Ruby: re-generate dbscheme and library
|
2023-02-06 10:17:18 +01:00 |
|
Alex Ford
|
7768026e70
|
Merge branch 'main' into js-use-shared-cryptography
|
2023-02-03 15:18:30 +00:00 |
|
Alex Ford
|
6c35feaa98
|
ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code
|
2023-02-03 14:39:32 +00:00 |
|
Alex Ford
|
b968b59afc
|
CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match
|
2023-02-03 14:15:32 +00:00 |
|
Alvaro Muñoz
|
3a9d650cb9
|
add qldocs for member predicates
|
2023-02-03 10:09:16 +01:00 |
|
Alvaro Muñoz
|
dd31be43e0
|
Support for Twirp framework
|
2023-02-03 09:35:22 +01:00 |
|
github-actions[bot]
|
faf21f3edb
|
Post-release preparation for codeql-cli-2.12.2
|
2023-02-02 23:01:04 +00:00 |
|