hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

3360 Commits

Author SHA1 Message Date
Joe Farebrother
1f409b0456 Merge pull request #15671 from joefarebrother/ruby-activerecord-extra-args 
Ruby: Consider additional arguments to certain `ActiveRecord` methods as sql injection sinks.
 2024-02-22 14:01:56 +00:00
Joe Farebrother
92bdd637a3 Address reveiw comment - add create nd remove select_insert 2024-02-22 09:55:46 +00:00
Tom Hvitved
ebee35b385 Ruby: No fieldFlowBranchLimit for SummarizedCallables 2024-02-22 10:27:25 +01:00
Tom Hvitved
23869fc8e6 Ruby: Fix bug in allowParameterReturnInSelf 2024-02-22 09:43:52 +01:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
Joe Farebrother
10da4d14d9 Add addtional arguments as sinks to certain methods 2024-02-20 16:35:29 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Joe Farebrother
e36b9f4d3c Add tests and change note 2024-02-15 15:26:20 +00:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Peter Stöckli
2f7b946c9f Ruby: add sources on request object of Rails 2024-02-13 15:52:18 +01:00
Harry Maclean
6cc5c09769 Ruby: Simplify ErbOutputDirective 2024-02-13 08:38:16 +00:00
Harry Maclean
11040d628b Ruby: Add changenote 2024-02-13 08:38:15 +00:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Marcono1234
d814decc17 Ruby: Fix formatting in changelog 2024-02-10 00:23:57 +01:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Harry Maclean
3a90d78c36 Ruby: Fix Rails view file regex 
This picks up non-nested template files correctly.
 2024-02-09 09:41:43 +00:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Harry Maclean
f792b58421 Ruby: Recognise more ActiveRecord connections 2024-02-05 16:45:59 +00:00
Jim Ockers
e477909200 Merge branch 'main' into ockers/certification_not_certificate 2024-02-02 15:39:29 -08:00
James Ockers
9f7f9fcc6e Updating change-notes to reflect what will be the visible change to end users 2024-02-02 11:38:17 -08:00
Harry Maclean
06334eee2e Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness 
Ruby: Add Insecure Randomness Query
 2024-01-31 17:16:32 +00:00
James Ockers
0f1e21aa09 Adding per-language change-notes 2024-01-30 17:28:34 -08:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Tom Hvitved
803513acc6 Add change note 2024-01-30 20:30:58 +01:00
Tom Hvitved
d2d017dd64 Ruby: Model flow through ViewComponent render methods 2024-01-30 20:30:58 +01:00
Harry Maclean
557b49cfc5 Ruby: Add basic modeling for ViewComponent 2024-01-30 20:30:58 +01:00
Tom Hvitved
2d95ac9d5f Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework 2024-01-30 20:27:43 +01:00
Peter Stöckli
1947dee46a Merge branch 'main' into p--oj-ox-unsafe-deser 2024-01-30 15:33:39 +01:00
Peter Stöckli
9596aebee3 Format: getValue now on one line 2024-01-30 15:22:16 +01:00
Peter Stöckli
3c8bc96ab5 replace occurence of AssignExprCfgNode for Oj as well 2024-01-30 15:17:37 +01:00
Peter Stöckli
e87effc18c Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2024-01-30 15:14:35 +01:00
Tom Hvitved
503d2f7b95 Ruby: Rework mayBenefitFromCallContext 2024-01-30 09:57:29 +01:00
Harry Maclean
75b13da4e4 Ruby: Block flow from LHS of && expressions 
The only values that can flow from the LHS of an && expression are
`false` and `nil`, neither of which seem relevant for any of our
queries.
 2024-01-30 08:53:32 +00:00
maikypedia
d7314a1689 File format 2024-01-27 14:07:36 +01:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Sid Shankar
2c683c910f Merge branch 'change/adjust-extracted-files-diagnostics' of https://github.com/sidshank/codeql into change/adjust-extracted-files-diagnostics 2024-01-17 14:32:36 +00:00
Sid Shankar
0824ab77e9 Adds change notes 2024-01-17 14:31:40 +00:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00