hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

16 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
c4ae18649e Ruby: Accept qltest .expected file changes (interesting). 2024-05-22 10:08:59 +02:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
erik-krogh
642a134035 add tests for the fixes in the qhelp, and fix an FP that appeared 2024-04-08 12:00:27 +02:00
Anders Schack-Mulligen
35a3aa0a09 Ruby: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Alex Ford
42cd58695d Ruby: configsig rb/url-redirection 2023-09-03 17:20:05 +01:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
erik-krogh
79a048968e make the alert messages of taint-tracking queries more consistent 2022-09-07 12:22:50 +02:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
314683d5fb Ruby: Improve UrlRedirect query using Rails routes 
Handlers for non-GET requests aren't vulnerable to URL redirect attacks,
because browsers won't initiate non-GET requests when you click a link.

We can use Rails routing information, if present, to filter out any
handlers for non-GET requests.
 2022-02-02 16:26:20 +13:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Tom Hvitved
400802c5ce Ruby: Add flow summaries for Array/Enumerable methods 2021-12-22 15:56:20 +01:00
Tom Hvitved
34fdf11b4b Ruby: Update expected test output 2021-11-10 15:11:13 +01:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00