4766 Commits

Author	SHA1	Message	Date
Harry Maclean	8b23f6db10	Ruby: Add URI.open example to rb/kernel-open qhelp	2024-04-27 09:53:54 +01:00
erik-krogh	800d7546fa	change all the change-notes to breaking	2024-04-26 17:17:23 +02:00
erik-krogh	14d88eb3ce	add change-notes	2024-04-26 12:56:28 +02:00
erik-krogh	baa31e1469	delete outdated deprecations	2024-04-25 22:19:28 +02:00
Alex Ford	98a6d0fa26	Ruby: add another SQLi AR conditions test case	2024-04-24 14:46:53 +01:00
Alex Ford	6b0e7961fa	Ruby: prepare test case whitespace	2024-04-24 14:39:06 +01:00
Nick Rolfe	8f2e51faa6	Ruby: do fewer regexp matches in SensitiveActions	2024-04-24 12:32:49 +01:00
Nick Rolfe	af72c0848e	Merge pull request #16306 from github/nickrolfe/js-sensitive ... JS: do fewer regexp matches in SensitiveActions	2024-04-24 09:49:44 +01:00
Nick Rolfe	003d208574	JS: do fewer regexp matches in SensitiveActions	2024-04-23 15:31:38 +01:00
Anders Schack-Mulligen	b2f09949df	Merge pull request #15599 from aschackmull/dataflow/fieldflowbranchlimit-v2 ... Dataflow: update fieldFlowBranchLimit semantics	2024-04-23 10:08:05 +02:00
Asger F	decd576a6b	Merge pull request #15386 from asgerf/js/graph-export ... JS: Add library for exporting graphs as type models	2024-04-18 11:56:17 +02:00
Alexander Eyers-Taylor	da3fa22cbd	Merge pull request #16228 from github/post-release-prep/codeql-cli-2.17.1 ... Post-release preparation for codeql-cli-2.17.1	2024-04-17 11:24:34 +01:00
Asger F	3335d48154	Sync files	2024-04-16 20:26:41 +02:00
Asger F	be64daf265	Merge branch 'main' into js/graph-export	2024-04-16 20:23:33 +02:00
Cornelius Riemenschneider	6ba27dc863	Upgrade rules_pkg to 0.10.1.	2024-04-16 16:29:56 +02:00
github-actions[bot]	622e176a16	Post-release preparation for codeql-cli-2.17.1	2024-04-16 14:21:32 +00:00
Tom Hvitved	75b1e14098	Merge pull request #16205 from samgiz/samgiz-tiny-docs-fix ... Tiny docs fix	2024-04-16 13:57:38 +02:00
github-actions[bot]	9bfe4ea90a	Release preparation for version 2.17.1	2024-04-15 17:34:47 +00:00
Anders Schack-Mulligen	2f0987e980	Dataflow: Add dummy DataFlowSecondLevelScope implementations. ... These could be an empty type, but Unit was available and it probably doesn't matter.	2024-04-15 15:16:30 +02:00
Zigmas Bitinas	5125468307	Tiny docs fix ... Noticed the mistake when browsing the docs [here](https://codeql.github.com/codeql-standard-libraries/ruby/codeql/ruby/security/CodeInjectionCustomizations.qll/module.CodeInjectionCustomizations$CodeInjection$FlowState.html)	2024-04-13 21:18:36 +01:00
Alex Ford	91bca4a2c3	Ruby: limit ActiveRecord conditions sink to first array element	2024-04-12 15:32:16 +01:00
Alex Ford	2950890180	Ruby: add more ActiveRecord conditions arg test cases	2024-04-12 15:31:28 +01:00
Alex Ford	f98479dca3	Ruby: prepare test case whitespace	2024-04-12 15:30:42 +01:00
Tom Hvitved	e7dc120456	Add deprecation comments	2024-04-12 13:40:15 +02:00
Tom Hvitved	04de315e0e	Ruby: Deprecate models-as-data CSV interface	2024-04-12 13:40:14 +02:00
Joe Farebrother	5cebcadc56	Merge pull request #15987 from joefarebrother/ruby-mass-reassignment ... Ruby: Add query for insecure mass assignment	2024-04-12 10:18:41 +01:00
Anders Schack-Mulligen	2c43d0c5a4	Ruby: Update expected output (interesting).	2024-04-12 09:20:38 +02:00
Anders Schack-Mulligen	7cc8fd00aa	Ruby: Update expected output (uninteresting).	2024-04-12 09:20:35 +02:00
Anders Schack-Mulligen	6991f5452f	Ruby: Add alert provenance plumbing.	2024-04-12 09:20:04 +02:00
Anders Schack-Mulligen	eafc0075fd	Legacy dataflow: Sync.	2024-04-12 09:19:54 +02:00
Joe Farebrother	06d7b3ce80	Use cfg nodes	2024-04-11 22:30:41 +01:00
Erik Krogh Kristensen	c00e2075a4	Merge pull request #16111 from erik-krogh/rb-url ... RB: Improve QHelp for `rb/url-redirect`, and fix an FP.	2024-04-11 13:03:35 +02:00
Joe Farebrother	ec973ac1f3	Use not exists	2024-04-11 09:38:41 +01:00
Joe Farebrother	0a3d73d902	Add flow steps and sanitizers for permit calls	2024-04-10 21:47:07 +01:00
Erik Krogh Kristensen	844e78dce5	remove redundant cast ... Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2024-04-10 20:02:49 +02:00
erik-krogh	4ae25c2d34	don't mention arrays in the qhelp for rb/shell-command-constructed-from-input, because there are no array	2024-04-10 14:26:00 +02:00
Joe Farebrother	976ca48317	Review suggestions - rename sink class and add barrier out	2024-04-10 10:17:19 +01:00
Tom Hvitved	6c9a0e4a9a	Merge pull request #16154 from hvitved/ruby/redundant-implicit-read ... Ruby: Remove two redundant `allowImplicitRead` predicates	2024-04-09 15:38:05 +02:00
Asger F	f5355cfa98	Dynamic: Sync ApiGraphModels.qll	2024-04-09 14:37:20 +02:00
Tom Hvitved	5f8eb7b138	Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content ... Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`	2024-04-09 11:26:24 +02:00
Tom Hvitved	e6984aa865	Ruby: Remove two redundant allowImplicitRead predicates	2024-04-09 10:10:25 +02:00
erik-krogh	642a134035	add tests for the fixes in the qhelp, and fix an FP that appeared	2024-04-08 12:00:27 +02:00
erik-krogh	59c72b683c	update the url-redirect QHelp	2024-04-08 12:00:27 +02:00
Tom Hvitved	aa24c29395	Merge pull request #16122 from hvitved/ruby/cfg-may-raise-issue ... Ruby: Fix CFG for nodes that may raise	2024-04-08 11:20:49 +02:00
Erik Krogh Kristensen	0cfac605bd	Merge pull request #16100 from erik-krogh/fix-js-rb-typo ... RB: fix language specifier typo in qhelp for rb/multi-char-san	2024-04-04 15:42:45 +02:00
Tom Hvitved	ce3b359813	Ruby: Fix CFG for nodes that may raise	2024-04-04 13:27:29 +02:00
Tom Hvitved	6d2d9654b5	Ruby: Add CFG test	2024-04-04 13:27:29 +02:00
Tom Hvitved	c2d771b334	Ruby: Reduce alerts produced by MassAssignment.ql	2024-04-03 19:58:51 +02:00
Tom Hvitved	3c96bf6b22	Fix bad join	2024-04-03 19:41:37 +02:00
Erik Krogh Kristensen	35f61d9de4	Merge pull request #16107 from erik-krogh/fix-log-injection-typo ... RB: Tiny fixes to log-injection QHelp	2024-04-03 18:29:37 +02:00