hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1638 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
thiggy1342
83b720d730 first draft of weak params query 2022-06-21 19:28:53 +00:00
Asger F
7c877c7861 Ruby: Rename getARhs -> asSink 2022-06-21 12:44:16 +02:00
Asger F
2f8086bb57 Ruby: Rename getAUse -> getAValueReachableFromSource 2022-06-21 12:44:16 +02:00
Anders Schack-Mulligen
736372ffd6 Ruby: Remove test. 2022-06-21 11:18:36 +02:00
thiggy1342
c5bf1b8aab update test expectation 2022-06-20 17:27:33 +00:00
thiggy1342
973013ff9c Merge branch 'main' into experimental-decompression-api 2022-06-20 11:37:38 -04:00
thiggy1342
7932d3e4ab Update ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 11:05:56 -04:00
Arthur Baars
c5d3df087d Update tree-sitter-embeded-template 2022-06-20 17:04:27 +02:00
thiggy1342
b4c893d857 Update ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:50:12 -04:00
thiggy1342
2f505c527b Merge branch 'main' into experimental-decompression-api 2022-06-20 09:48:21 -04:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
thiggy1342
0456870136 Merge branch 'main' into experimental-manually-check-request-verb 2022-06-18 15:21:53 -04:00
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
thiggy1342
b171883cd0 Merge branch 'main' into experimental-decompression-api 2022-06-17 12:30:38 -04:00
Rasmus Wriedt Larsen
b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Alex Ford
5923eb4962 Merge pull request #9566 from alexrford/ruby/activerecord-findby-dynamic 
Ruby: recognize ActiveRecord `find_by_x` methods
 2022-06-17 09:39:46 +01:00
Harry Maclean
230192df3b Merge pull request #9267 from hmac/hmac/improper-memoization 
Ruby: Add Improper Memoization query
 2022-06-17 16:31:55 +12:00
thiggy1342
7c2b19baad tweaks and add Zip::File.open_buffer to query 2022-06-17 02:43:54 +00:00
thiggy1342
01cb408393 Merge branch 'main' into experimental-decompression-api 2022-06-16 17:23:55 -04:00
Arthur Baars
e95194ce67 Merge pull request #9477 from thiggy1342/experimental-archive-api 
RB: Adding experimental query for detecting path traversal in Archive libraries
 2022-06-16 17:45:18 +02:00
Rasmus Wriedt Larsen
45af148f05 Merge pull request #9215 from RasmusWL/ruby-mad-argument-self 
Ruby: Fixes for `Argument[any,any-named]` in MaD
 2022-06-16 17:38:32 +02:00
Alex Ford
c44a68613a Ruby: add a test case for ActiveRecord dynamic finder methods 2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498 Ruby: trim some SQLi related comments from ActiveRecord.rb 2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a Ruby: rename ActiveRecord.rb test case file 2022-06-16 11:29:56 +01:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
thiggy1342
0fce620536 Merge branch 'main' into experimental-decompression-api 2022-06-14 21:54:08 -04:00
thiggy1342
1bdaf529d9 fix qlformat errors 2022-06-15 01:49:48 +00:00
thiggy1342
df226ee610 remove standalone archive api query 2022-06-15 01:39:47 +00:00
thiggy1342
0832e299f2 move archive api path traversal tests to cwe-022 2022-06-15 01:39:47 +00:00
thiggy1342
a0f1c86031 add framework test 2022-06-15 01:39:47 +00:00
thiggy1342
af6fbd439c Merge branch 'main' into experimental-archive-api 2022-06-14 20:09:02 -04:00
thiggy1342
6bef71ea2c tweaks to tests 2022-06-14 02:17:12 +00:00
thiggy1342
7bdec98e6f draft tests 2022-06-14 02:13:15 +00:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
thiggy1342
c7e67eb2e2 expand test coverage for sanitizers 2022-06-10 21:30:41 +00:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
thiggy1342
62291124ff remove constraint for Zip::File.open 2022-06-06 21:20:44 +00:00