hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

34 Commits

Author SHA1 Message Date
Tom Hvitved
978a816f11 Ruby: Track types in data flow 2025-01-06 13:26:10 +01:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Alex Ford
98a6d0fa26 Ruby: add another SQLi AR conditions test case 2024-04-24 14:46:53 +01:00
Alex Ford
6b0e7961fa Ruby: prepare test case whitespace 2024-04-24 14:39:06 +01:00
Alex Ford
91bca4a2c3 Ruby: limit ActiveRecord conditions sink to first array element 2024-04-12 15:32:16 +01:00
Alex Ford
2950890180 Ruby: add more ActiveRecord conditions arg test cases 2024-04-12 15:31:28 +01:00
Alex Ford
f98479dca3 Ruby: prepare test case whitespace 2024-04-12 15:30:42 +01:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Joe Farebrother
dbd33d1cf0 Model Argument[1] of ActiveRecord from 2024-03-08 14:04:01 +00:00
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00
Joe Farebrother
2257df5c6f Model Arel::Nodes::SqlLiteral.new 2024-02-26 10:09:33 +00:00
Joe Farebrother
10da4d14d9 Add addtional arguments as sinks to certain methods 2024-02-20 16:35:29 +00:00
Anders Schack-Mulligen
35a3aa0a09 Ruby: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Alex Ford
8db23dc775 Ruby: refine ActiveRecord update_all as an SQL sink 2023-10-30 09:47:16 +00:00
Alex Ford
013e7aae97 Ruby: test whitespace changes 2023-10-30 09:32:44 +00:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
Asger F
f392af220b Ruby: benign changes to SQLi tests (fixed FNs) 2023-06-19 12:15:57 +02:00
Maiky
8dca585207 Expected 2023-05-23 20:04:34 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00
Harry Maclean
2d95b6a049 Ruby: Add count_by_sql as SQL sink 2023-03-13 08:40:32 +13:00
Harry Maclean
c97dccf0de Ruby: Add reorder as a SQL sink 
In recent versions of Rails this method doesn't seem to be vulnerable,
but it may be in previous versions. There's a slight FP risk here, but
I think it is small.
 2023-03-13 08:38:17 +13:00
Nick Rolfe
5a15558355 Ruby: treat an Arel.sql call as a SqlConstruction 2022-11-10 14:11:14 +00:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Tom Hvitved
400802c5ce Ruby: Add flow summaries for Array/Enumerable methods 2021-12-22 15:56:20 +01:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00