codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Alex Ford	f8d2cbbe79	ruby: rack responses implement are HTTP responses	2023-06-01 14:01:39 +01:00
Alex Ford	c87c266871	ruby: add Rack::ResponseNode#getAStatusCode	2023-06-01 14:01:39 +01:00
Alex Ford	7d943c7621	Ruby: update test output	2023-06-01 13:50:32 +01:00
Alex Ford	4794066d3c	Merge branch 'main' into maikypedia/sqli-sink-2	2023-06-01 13:04:54 +01:00
Alex Ford	baabd2d1fa	Merge pull request #12832 from maikypedia/maikypedia/pg-sqli Ruby: Add SQL Injection Sinks	2023-05-26 11:36:17 +01:00
Alex Ford	609319da20	ruby: update TaintStep.ql test output	2023-05-25 17:53:01 +01:00
Tom Hvitved	13ada1e6ad	Ruby: Remove canonical return nodes	2023-05-24 11:11:50 +02:00
Asger F	6d1a4451fb	Ruby: update a test expectation	2023-05-24 10:15:51 +02:00
Alex Ford	9f5c73cf63	Ruby: add a test case for instantiating ActionDispatch::Request directly	2023-05-23 15:18:32 +01:00
Alex Ford	1c9e4c0f0b	Ruby: test for RequestInputAccess instances in ActionDispatch	2023-05-23 15:17:38 +01:00
Tom Hvitved	826b6219a0	Ruby: Include `self` parameters in type tracking flow-through logic	2023-05-15 16:02:33 +02:00
Tom Hvitved	3cdb27725a	Ruby: Add more call graph tests	2023-05-15 16:02:33 +02:00
Kasper Svendsen	6b8a7c2f6f	Ruby: Make implicit this receivers explicit	2023-05-10 13:03:39 +02:00
Tom Hvitved	2f95af8ef2	Ruby: Remove self edges	2023-05-08 10:26:01 +02:00
Maiky	3960853af0	CWE-089 Add Sequel SQL Injection Sink	2023-05-07 23:56:56 +02:00
Maiky	6a3d995b35	Add Mysql2 as SQL Injection Sink	2023-05-06 12:25:25 +02:00
Mathias Vorreiter Pedersen	09ba9a74ce	Merge pull request #12959 from MathiasVP/identity-consistency-check DataFlow: Add an "identity-step" consistency check	2023-05-05 10:03:20 +01:00
Mathias Vorreiter Pedersen	924854c6dc	Ruby: Accept consistency changes.	2023-05-03 20:32:33 +01:00
Alex Ford	e7213e92cf	Merge remote-tracking branch 'origin/main' into rb/sqlite3	2023-05-03 15:18:07 +01:00
Alex Ford	6e6eee2dab	Ruby: add test case for instance variable flow with sqlite3	2023-05-03 15:16:16 +01:00
Anders Schack-Mulligen	09d4fe21e8	Ruby: Update more expected output.	2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen	90f84bb516	Ruby: Update expected output.	2023-04-26 13:08:16 +02:00
Alex Ford	9dc04f30ac	Ruby: model sqlite3	2023-04-20 15:47:14 +01:00
Asger F	8c0c335daf	Ruby: update test output	2023-04-17 12:47:23 +02:00
Asger F	c699afd07f	Ruby: instantiate NetHttpRequest even if body is not accessed	2023-03-31 12:56:09 +02:00
Asger F	504a0f8112	Ruby: Add test where response body is not referenced	2023-03-31 12:55:49 +02:00
Asger F	209aebad61	Ruby: Update HttpClients.ql not assume all predicates have results	2023-03-31 11:12:45 +02:00
Asger F	32bab0b8b2	Merge pull request #12654 from asgerf/rb/always-resolve-toplevel-namespace RB: always resolve toplevel namespaces to their locally qualified name	2023-03-28 09:54:59 +02:00
Tom Hvitved	f8c28bee6a	Ruby: Order synthetic children in PrintAST based on their index instead of location	2023-03-27 11:38:30 +02:00
Arthur Baars	9a8e138684	Ruby: also change evaluation order for scoped constants	2023-03-24 16:57:55 +01:00
Arthur Baars	a819797508	Ruby: add test case of destructured assignment with contants	2023-03-24 16:57:39 +01:00
Arthur Baars	8b90d021fa	Ruby: change evaluation order of destructured assignments	2023-03-24 16:57:25 +01:00
Asger F	179d0b36cf	Ruby: make up qnames for top-level namespaces	2023-03-24 13:42:51 +01:00
Tom Hvitved	b816c79248	Ruby: Include all assignments in data flow paths	2023-03-24 10:09:30 +01:00
Asger F	1f70c59bbc	Ruby: add test with deep unresolved classes	2023-03-23 13:36:14 +01:00
Tom Hvitved	5260d9815a	Merge pull request #12582 from hvitved/ruby/element-of-type-content-set Ruby: Introduce `ContentSet::isElementOfType[OrUnknown]/1`	2023-03-21 13:41:15 +01:00
Alex Ford	4b1171ce64	Merge branch 'main' into maikypedia/ruby-ssti	2023-03-20 09:55:53 +00:00
Tom Hvitved	a9ef3f95a2	Ruby: Introduce `ContentSet::isElementOfType[OrUnknown]/1`	2023-03-20 10:03:15 +01:00
Erik Krogh Kristensen	af98ceb3c3	Merge pull request #11478 from erik-krogh/more-shell-taint Rb: more taint-steps for shell-command-construction	2023-03-20 08:41:22 +01:00
Alex Ford	e84b08409c	Ruby: test fixes	2023-03-17 12:08:38 +00:00
Tom Hvitved	d146d816a9	Ruby: Fix semantic merge conflict	2023-03-17 09:59:44 +01:00
Tom Hvitved	75746cbacc	Merge pull request #12549 from hvitved/ruby/ssa-write-access Ruby: `Ssa::WriteDefinition::getWriteAccess` should return a CFG node	2023-03-17 09:31:14 +01:00
Harry Maclean	2c63dbad67	Merge pull request #11954 from hmac/sinatra Ruby: Model Sinatra	2023-03-17 10:46:52 +13:00
Tom Hvitved	1d0b3d4112	Ruby: `Ssa::WriteDefinition::getWriteAccess` should return a CFG node	2023-03-16 11:28:24 +01:00
erik-krogh	2133d1a5ab	Merge branch 'main' into more-shell-taint	2023-03-15 10:54:30 +01:00
erik-krogh	25a6d496d9	Merge branch 'main' into HEAD	2023-03-13 17:33:06 +01:00
Tom Hvitved	714b61b63e	Ruby: Add missing flow through `self.new` constructor calls	2023-03-13 12:45:46 +01:00
Tom Hvitved	6ee231fac5	Ruby: Add more tests for flow through constructors	2023-03-13 10:52:01 +01:00
Harry Maclean	e80ff4efba	Ruby: Fix tests and qldoc	2023-03-13 20:32:37 +13:00
Harry Maclean	071517c74b	Ruby: Clean up Sinatra modeling	2023-03-13 19:25:56 +13:00

... 4 5 6 7 8 ...

1073 Commits