hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,255 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.2
Commit Graph

539 Commits

Author SHA1 Message Date
Tom Hvitved
978a816f11 Ruby: Track types in data flow 2025-01-06 13:26:10 +01:00
Asger F
be939dca29 Merge pull request #14350 from asgerf/shared/deduplicate-path-graph 
Shared: Add DataFlow::DeduplicatePathGraph
 2024-12-18 14:04:29 +01:00
Michael Nebel
138e294dae Ruby: Update all test util paths to point to the new location. 2024-12-12 13:54:37 +01:00
Asger F
f9c0ba3826 Ruby: use DeduplicatePathGraph in CodeInjection query 2024-12-11 11:48:15 +01:00
Jeroen Ketema
ca40b60e62 Ruby: update expected test results 2024-12-03 19:18:46 +01:00
Tom Hvitved
5b5ca05e87 Ruby: Post-processing query for inline test expectations 2024-10-29 13:35:33 +01:00
Geoffrey White
86cc2dc5a1 Ruby: Add rb/diagnostics/extraction-warnings so that we don't miss anything we had before. 2024-10-03 17:40:17 +01:00
Geoffrey White
1ea94faccf Ruby: Make similar changes to differentiate extraction errors and warnings, and mostly restore original behaviour. 2024-10-03 17:39:56 +01:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Tom Hvitved
ed9008a064 Update expected test output 2024-09-18 13:51:02 +02:00
Tom Hvitved
c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Alex Ford
9fb657c4c4 Merge pull request #16781 from alexrford/rb/weak-sensitive-data-hashing 
Add `rb/weak-sensitive-data-hashing` query port
 2024-07-25 14:11:42 +01:00
Alex Ford
51f3f15e42 Ruby: remove outdated test comment 2024-06-18 17:51:49 +01:00
Alex Ford
d994959720 Ruby: add tests for rb/weak-sensitive-data-hashing 2024-06-18 17:47:32 +01:00
Joe Farebrother
07f03be8cc Add unit tests 2024-06-12 15:11:35 +01:00
Arthur Baars
4ee80653e2 Merge pull request #16471 from Sim4n6/ruby-UBV 
Ruby: Add some method calls as a Source
 2024-06-12 12:42:08 +02:00
Sim4n6
7c0ce6486b Rerun the test learn 2024-06-10 12:21:10 +01:00
Anders Schack-Mulligen
5d51b5b97b Ruby: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:47:48 +02:00
Tom Hvitved
ad99158838 Ruby: Fix/accept extraction errors 2024-06-04 12:55:44 +02:00
Anders Schack-Mulligen
bbebdfea8d Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Alex Ford
8119a27540 Merge pull request #16185 from alexrford/rb/conditions-arr0 
Ruby: ActiveRecord - refine `conditions` argument as an SQLi sink
 2024-05-22 12:19:10 +01:00
Anders Schack-Mulligen
012b861ffb Ruby: Accept qltest .expected file changes. 2024-05-22 10:08:59 +02:00
Anders Schack-Mulligen
c4ae18649e Ruby: Accept qltest .expected file changes (interesting). 2024-05-22 10:08:59 +02:00
am0o0
dcadda23cd update expected file 2024-05-16 15:15:27 +02:00
Alex Ford
78dc6502f5 Merge branch 'main' into amammad-ruby-bombs 2024-05-16 13:53:31 +01:00
Harry Maclean
ef88f3ed09 Merge pull request #16377 from hmac/hmac-sanitization-fp 
Ruby: Fix StringSubstitutionCall charpred
 2024-05-02 13:31:01 +01:00
Harry Maclean
c00d0d302d Ruby: fix wording in rb/request-without-cert-validation 2024-05-01 17:25:58 +01:00
Harry Maclean
f7fc2e0b00 Ruby: Fix StringSubstitutionCall charpred 
Some missing parens meant this class targeted way more things than
intended.
 2024-05-01 16:14:58 +01:00
Harry Maclean
51bc8e917e Ruby: Reduce FPs for rb/incomplete-hostname-regexp 
Arguments in calls to `match[?]` should only be considered regular
expression interpretations if the `match` refers to the standard library
method, not a method in source code.
 2024-04-29 11:19:34 +01:00
Alex Ford
98a6d0fa26 Ruby: add another SQLi AR conditions test case 2024-04-24 14:46:53 +01:00
Alex Ford
6b0e7961fa Ruby: prepare test case whitespace 2024-04-24 14:39:06 +01:00
Alex Ford
91bca4a2c3 Ruby: limit ActiveRecord conditions sink to first array element 2024-04-12 15:32:16 +01:00
Alex Ford
2950890180 Ruby: add more ActiveRecord conditions arg test cases 2024-04-12 15:31:28 +01:00
Alex Ford
f98479dca3 Ruby: prepare test case whitespace 2024-04-12 15:30:42 +01:00
Tom Hvitved
04de315e0e Ruby: Deprecate models-as-data CSV interface 2024-04-12 13:40:14 +02:00
Joe Farebrother
5cebcadc56 Merge pull request #15987 from joefarebrother/ruby-mass-reassignment 
Ruby: Add query for insecure mass assignment
 2024-04-12 10:18:41 +01:00
Anders Schack-Mulligen
2c43d0c5a4 Ruby: Update expected output (interesting). 2024-04-12 09:20:38 +02:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
Joe Farebrother
0a3d73d902 Add flow steps and sanitizers for permit calls 2024-04-10 21:47:07 +01:00
erik-krogh
642a134035 add tests for the fixes in the qhelp, and fix an FP that appeared 2024-04-08 12:00:27 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
89838981b7 Add test cases 2024-03-22 14:04:52 +00:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Joe Farebrother
dbd33d1cf0 Model Argument[1] of ActiveRecord from 2024-03-08 14:04:01 +00:00
Joe Farebrother
0b7b7ea1b8 Add test cases and improve controller model 2024-03-01 09:57:24 +00:00