hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

4603 Commits

Author SHA1 Message Date
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Peter Stöckli
2f7b946c9f Ruby: add sources on request object of Rails 2024-02-13 15:52:18 +01:00
Harry Maclean
6cc5c09769 Ruby: Simplify ErbOutputDirective 2024-02-13 08:38:16 +00:00
Harry Maclean
11040d628b Ruby: Add changenote 2024-02-13 08:38:15 +00:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Marcono1234
d814decc17 Ruby: Fix formatting in changelog 2024-02-10 00:23:57 +01:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Tom Hvitved
0c43ad45b4 Ruby: Add another captured variable data flow test 2024-02-09 14:48:36 +01:00
Anders Schack-Mulligen
35a3aa0a09 Ruby: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Harry Maclean
3a90d78c36 Ruby: Fix Rails view file regex 
This picks up non-nested template files correctly.
 2024-02-09 09:41:43 +00:00
Harry Maclean
48890b446d Ruby: Add more actioncontroller tests 2024-02-09 09:31:35 +00:00
Koen Vlaswinkel
e596862074 Merge pull request #15541 from github/koesie10/ruby-access-path-constructor-returnvalue 
Ruby: Remove `ReturnValue` as access path for constructors
 2024-02-08 16:25:34 +01:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
Koen Vlaswinkel
87eb1ab103 Ruby: Include ReturnValue and exclude self for constructors 2024-02-08 13:40:10 +01:00
Koen Vlaswinkel
8646bffaea Ruby: Remove ReturnValue as access path for constructors 2024-02-07 14:35:19 +01:00
Henry Mercer
e71f0fc1ba Add supported build modes to extractor metadata 2024-02-06 19:51:13 +00:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
Koen Vlaswinkel
8361efca4d Merge pull request #15503 from github/koesie10/ruby-access-paths 
Ruby: Add query for access paths in model editor
 2024-02-06 10:12:26 +01:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Harry Maclean
f792b58421 Ruby: Recognise more ActiveRecord connections 2024-02-05 16:45:59 +00:00
Koen Vlaswinkel
6a098120e3 Rename details to node 2024-02-05 16:33:29 +01:00
Koen Vlaswinkel
49dbad96f9 Switch from details string to DataFlow::Node 2024-02-05 16:33:01 +01:00
Jim Ockers
e477909200 Merge branch 'main' into ockers/certification_not_certificate 2024-02-02 15:39:29 -08:00
James Ockers
9f7f9fcc6e Updating change-notes to reflect what will be the visible change to end users 2024-02-02 11:38:17 -08:00
Koen Vlaswinkel
f83d2a7d55 Ruby: Avoid using toString where possible 2024-02-02 14:18:21 +01:00
Koen Vlaswinkel
ac1ebf27a7 Ruby: Rename suggestion predicates 2024-02-02 14:18:16 +01:00
Koen Vlaswinkel
8853acb4dd Ruby: Add query for access paths in model editor 2024-02-01 16:20:00 +01:00
Tom Hvitved
8972133d4b Merge pull request #15498 from hvitved/ruby/ctx-sensitivity-test 
Ruby: Add another dataflow test
 2024-02-01 12:46:53 +01:00
Tom Hvitved
792f302bd4 Ruby: Add another dataflow test 2024-02-01 10:52:06 +01:00
Koen Vlaswinkel
ce4d8d6b51 Merge pull request #15490 from github/koesie10/ruby-model-constructor-on-new 
Ruby: Model constructors in endpoint query on new instead of initialize
 2024-02-01 09:31:49 +01:00
Harry Maclean
06334eee2e Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness 
Ruby: Add Insecure Randomness Query
 2024-01-31 17:16:32 +00:00
Koen Vlaswinkel
d5f0a5ce72 Use predicate for isConstructor 2024-01-31 14:19:14 +01:00
Koen Vlaswinkel
c1aaf5a574 Ruby: Model constructors in endpoint query on new 2024-01-31 13:54:48 +01:00
Tom Hvitved
e7676a00d2 Merge pull request #15370 from hvitved/ruby/erb-flow 
Ruby: Model flow through `ViewComponent` render methods
 2024-01-31 13:24:10 +01:00
Koen Vlaswinkel
817fd8c097 Ruby: Move TestFile to modeling Util module 
The TestFile class in the ModelEditor module is more accurate than the
existing RelevantFile class in the Util module, so this moves the
TestFile class to Util and redefines RelevantFile in terms of the
TestFile.
 2024-01-31 11:53:30 +01:00
Koen Vlaswinkel
b51379b533 Ruby: Only model relevant files for type models 2024-01-31 11:30:16 +01:00
Harry Maclean
a298a395e6 Merge pull request #15473 from github/koesie10/ruby-model-only-public-methods 
Ruby: Only generate models for public methods
 2024-01-31 09:27:27 +00:00
James Ockers
0f1e21aa09 Adding per-language change-notes 2024-01-30 17:28:34 -08:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Harry Maclean
4cfdf8b7a3 Ruby: Add test case for view without ERB template 2024-01-30 20:30:59 +01:00
Tom Hvitved
803513acc6 Add change note 2024-01-30 20:30:58 +01:00
Tom Hvitved
d2d017dd64 Ruby: Model flow through ViewComponent render methods 2024-01-30 20:30:58 +01:00
Tom Hvitved
817a2b71a8 Add more tests 2024-01-30 20:30:58 +01:00
Harry Maclean
557b49cfc5 Ruby: Add basic modeling for ViewComponent 2024-01-30 20:30:58 +01:00
Harry Maclean
5b3a2b35b7 Update expected file 2024-01-30 20:30:58 +01:00
Harry Maclean
75a37486c9 Add WIP query for erb flow 2024-01-30 20:30:58 +01:00
Harry Maclean
bf3b86b402 Add test for erb flow 2024-01-30 20:30:58 +01:00