4603 Commits

Author	SHA1	Message	Date
Asger F	be64daf265	Merge branch 'main' into js/graph-export	2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider	6ba27dc863	Upgrade rules_pkg to 0.10.1.	2024-04-16 16:29:56 +02:00
github-actions[bot]	622e176a16	Post-release preparation for codeql-cli-2.17.1	2024-04-16 14:21:32 +00:00
Tom Hvitved	75b1e14098	Merge pull request #16205 from samgiz/samgiz-tiny-docs-fix ... Tiny docs fix	2024-04-16 13:57:38 +02:00
github-actions[bot]	9bfe4ea90a	Release preparation for version 2.17.1	2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen	2f0987e980	Dataflow: Add dummy DataFlowSecondLevelScope implementations. ... These could be an empty type, but Unit was available and it probably doesn't matter.	2024-04-15 15:16:30 +02:00
Zigmas Bitinas	5125468307	Tiny docs fix ... Noticed the mistake when browsing the docs [here](https://codeql.github.com/codeql-standard-libraries/ruby/codeql/ruby/security/CodeInjectionCustomizations.qll/module.CodeInjectionCustomizations$CodeInjection$FlowState.html)	2024-04-13 21:18:36 +01:00
Alex Ford	91bca4a2c3	Ruby: limit ActiveRecord conditions sink to first array element	2024-04-12 15:32:16 +01:00
Alex Ford	2950890180	Ruby: add more ActiveRecord conditions arg test cases	2024-04-12 15:31:28 +01:00
Alex Ford	f98479dca3	Ruby: prepare test case whitespace	2024-04-12 15:30:42 +01:00
Tom Hvitved	e7dc120456	Add deprecation comments	2024-04-12 13:40:15 +02:00
Tom Hvitved	04de315e0e	Ruby: Deprecate models-as-data CSV interface	2024-04-12 13:40:14 +02:00
Joe Farebrother	5cebcadc56	Merge pull request #15987 from joefarebrother/ruby-mass-reassignment ... Ruby: Add query for insecure mass assignment	2024-04-12 10:18:41 +01:00
Anders Schack-Mulligen	2c43d0c5a4	Ruby: Update expected output (interesting).	2024-04-12 09:20:38 +02:00
Anders Schack-Mulligen	7cc8fd00aa	Ruby: Update expected output (uninteresting).	2024-04-12 09:20:35 +02:00
Anders Schack-Mulligen	6991f5452f	Ruby: Add alert provenance plumbing.	2024-04-12 09:20:04 +02:00
Anders Schack-Mulligen	eafc0075fd	Legacy dataflow: Sync.	2024-04-12 09:19:54 +02:00
Joe Farebrother	06d7b3ce80	Use cfg nodes	2024-04-11 22:30:41 +01:00
Erik Krogh Kristensen	c00e2075a4	Merge pull request #16111 from erik-krogh/rb-url ... RB: Improve QHelp for `rb/url-redirect`, and fix an FP.	2024-04-11 13:03:35 +02:00
Joe Farebrother	ec973ac1f3	Use not exists	2024-04-11 09:38:41 +01:00
Joe Farebrother	0a3d73d902	Add flow steps and sanitizers for permit calls	2024-04-10 21:47:07 +01:00
Erik Krogh Kristensen	844e78dce5	remove redundant cast ... Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2024-04-10 20:02:49 +02:00
erik-krogh	4ae25c2d34	don't mention arrays in the qhelp for rb/shell-command-constructed-from-input, because there are no array	2024-04-10 14:26:00 +02:00
Joe Farebrother	976ca48317	Review suggestions - rename sink class and add barrier out	2024-04-10 10:17:19 +01:00
Tom Hvitved	6c9a0e4a9a	Merge pull request #16154 from hvitved/ruby/redundant-implicit-read ... Ruby: Remove two redundant `allowImplicitRead` predicates	2024-04-09 15:38:05 +02:00
Asger F	f5355cfa98	Dynamic: Sync ApiGraphModels.qll	2024-04-09 14:37:20 +02:00
Tom Hvitved	5f8eb7b138	Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content ... Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`	2024-04-09 11:26:24 +02:00
Tom Hvitved	e6984aa865	Ruby: Remove two redundant allowImplicitRead predicates	2024-04-09 10:10:25 +02:00
erik-krogh	642a134035	add tests for the fixes in the qhelp, and fix an FP that appeared	2024-04-08 12:00:27 +02:00
erik-krogh	59c72b683c	update the url-redirect QHelp	2024-04-08 12:00:27 +02:00
Tom Hvitved	aa24c29395	Merge pull request #16122 from hvitved/ruby/cfg-may-raise-issue ... Ruby: Fix CFG for nodes that may raise	2024-04-08 11:20:49 +02:00
Erik Krogh Kristensen	0cfac605bd	Merge pull request #16100 from erik-krogh/fix-js-rb-typo ... RB: fix language specifier typo in qhelp for rb/multi-char-san	2024-04-04 15:42:45 +02:00
Tom Hvitved	ce3b359813	Ruby: Fix CFG for nodes that may raise	2024-04-04 13:27:29 +02:00
Tom Hvitved	6d2d9654b5	Ruby: Add CFG test	2024-04-04 13:27:29 +02:00
Tom Hvitved	c2d771b334	Ruby: Reduce alerts produced by MassAssignment.ql	2024-04-03 19:58:51 +02:00
Tom Hvitved	3c96bf6b22	Fix bad join	2024-04-03 19:41:37 +02:00
Erik Krogh Kristensen	35f61d9de4	Merge pull request #16107 from erik-krogh/fix-log-injection-typo ... RB: Tiny fixes to log-injection QHelp	2024-04-03 18:29:37 +02:00
Tom Hvitved	2d4cf55c87	Merge pull request #15985 from hvitved/ruby/phi-barrier-guards ... Ruby: Extend barrier guards to handle phi inputs	2024-04-03 15:22:39 +02:00
Tom Hvitved	7871fb8ce6	Data flow: Block flow at expectsContents nodes in parameterValueFlow	2024-04-03 15:19:34 +02:00
Tom Hvitved	137594cf36	Ruby: Add regression test	2024-04-03 15:19:34 +02:00
erik-krogh	ec32bdce63	fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines	2024-04-03 09:19:18 +02:00
erik-krogh	572d3ba542	fix language specifier typo in qhelp for rb/multi-char-san	2024-04-02 19:40:46 +02:00
Harry Maclean	409f46ef7b	Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled ... Ruby: Add a query for CSRF protection not enabled	2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen	332c1e3b8a	Merge pull request #16026 from erik-krogh/htmlSafeSan ... RB: Add barrier guard for `.html_safe?` to the XSS queries	2024-04-02 07:54:19 +02:00
github-actions[bot]	8e61c6625b	Post-release preparation for codeql-cli-2.17.0	2024-04-01 15:27:42 +00:00
github-actions[bot]	ec97d9a304	Release preparation for version 2.17.0	2024-04-01 13:46:57 +00:00
Henry Mercer	0646744928	Merge branch 'main' into henrymercer/merge-back-rc-3.13	2024-03-26 12:59:12 +00:00
github-actions[bot]	f67b5f9158	Post-release preparation for codeql-cli-2.16.6	2024-03-25 18:17:15 +00:00
github-actions[bot]	71ab804274	Release preparation for version 2.16.6	2024-03-25 16:58:08 +00:00
Joe Farebrother	fb19288981	Address review comments - Fix docs typo and add a reference	2024-03-25 15:46:45 +00:00