hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

1635 Commits

Author SHA1 Message Date
Alex Ford
9d36ab9204 Merge pull request #13606 from alexrford/rb/sqlite3-getSql 
Ruby: fix sqlite3 `PreparedStatementExecution.getSql()` predicate
 2023-06-30 12:18:46 +01:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
Alex Ford
ede6b262cd Ruby: fix sqlite3 PreparedStatementExecution.getSql() predicate 2023-06-28 17:09:43 +01:00
Asger F
7af3d226c9 Ruby: simplify Twirp model 2023-06-28 13:20:59 +02:00
Asger F
129e6349f7 Ruby: expand Twirp test 2023-06-28 13:20:59 +02:00
Asger F
67032b5d73 Ruby: add test for self.class call 2023-06-28 13:20:58 +02:00
Alex Ford
8fdc48753c Ruby: rack - replace RackApplication with just the rack RequestHandler 2023-06-26 15:36:37 +01:00
amammad
9540c58c4a make one ql file 2023-06-26 20:55:11 +10:00
amammad
796075f9dc V1 Bombs 2023-06-25 00:59:21 +10:00
Alex Ford
b67b80ca2a Ruby: rack - rename App as RackApplication 2023-06-23 16:12:23 +01:00
Alex Ford
29844e61e4 Ruby: rack - test for response tracking 2023-06-23 13:16:04 +01:00
Asger F
0039cb141e Merge branch 'main' into rb/tracking-on-demand 2023-06-23 12:55:54 +02:00
Alex Ford
b8f537a437 Ruby: update rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
e8079727ee Ruby: rack - extend rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
24e83165ee Merge pull request #13289 from alexrford/rb/rack-redirect 
Ruby: rack - model redirect responses
 2023-06-22 13:45:02 +01:00
Alex Ford
7aec22c1e4 Ruby: rack - remove MIME modelling 2023-06-20 14:57:23 +01:00
Jeroen Ketema
c53e529bac Ruby: Update remaining inline expectation tests to use the paramterized module 2023-06-20 10:16:01 +02:00
Asger F
8539db07c4 Ruby: Update ActiveDispatch due to change in toString 2023-06-19 12:16:07 +02:00
Asger F
f392af220b Ruby: benign changes to SQLi tests (fixed FNs) 2023-06-19 12:15:57 +02:00
Asger F
ce0073b30c Ruby: update StoredXSS test results 
These results were previously flagged for the wrong reason.

Calls to a user-define method were seen as ORM calls. The real source is inside the user-defined method, but we miss that due to lack of 'self' handling in ORM tracking.
 2023-06-19 12:15:57 +02:00
Asger F
e3a04499f6 Ruby: minor overhaul of ActiveResource model 2023-06-19 12:15:57 +02:00
Asger F
8bc4193ce0 Ruby: minor overhaul of ActiveRecord model 
Old version had scalability issues when adding taking more interprocedural flow and inheritance into account.
 2023-06-19 12:15:44 +02:00
Asger F
0110610c6a Ruby: overhaul API graphs 2023-06-19 12:01:42 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Alex Ford
75ccbe58ee Ruby: rack - use Mimetype rather than MimeType in predicate names for consistency with concepts 2023-06-13 12:44:29 +01:00
Alex Ford
977ceb89fd Ruby: rack - remove PotentialResponseNode#getAStatusCode 2023-06-13 12:42:46 +01:00
Jeroen Ketema
c3ba206b6a Merge pull request #13346 from jketema/inline-2 
Update inline expectation tests to use parameterized module
 2023-06-13 10:10:55 +02:00
Asger F
0d45074caa Merge pull request #13422 from asgerf/rb/map_filter 
Ruby: fix bug in filter_map summary
 2023-06-13 09:43:47 +02:00
Arthur Baars
fad73d71e5 Merge pull request #13307 from hmac/amammad-ruby-YAMLunsafeLoad 
Ruby: Add YAML unsafe deserialization sinks
 2023-06-12 10:43:37 +02:00
Anders Schack-Mulligen
0c62901a67 Ruby: Fix tests. 2023-06-09 15:39:18 +02:00
Asger F
d47477bd3b Ruby: update line numbers in expectation file 2023-06-09 14:52:21 +02:00
Asger F
a50d91ea48 Ruby: fix bug in filter_map summary 2023-06-09 14:31:10 +02:00
Jeroen Ketema
4485560f43 Ruby: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:43:05 +02:00
Alex Ford
397a809426 Merge remote-tracking branch 'origin/main' into rb/rack-redirect 2023-06-08 12:07:57 +01:00
Alex Ford
22b9ab43c6 Merge pull request #13259 from alexrford/rb/actiondispatch-refactor 
Ruby: Refactor and slightly expand `ActionDispatch` modelling
 2023-06-08 11:08:36 +01:00
Tom Hvitved
cee70883f0 Merge pull request #12964 from hvitved/ruby/remove-synth-returns 
Ruby: Remove canonical return nodes
 2023-06-08 10:07:48 +02:00
Arthur Baars
7324d1705e Merge branch 'main' into amammad-ruby-YAMLunsafeLoad 2023-06-06 12:09:06 +02:00
Alex Ford
c95cf5ad6f Merge pull request #13062 from maikypedia/maikypedia/sqli-sink 
Ruby: Add MySQL as SQL Injection Sink
 2023-06-02 17:06:35 +01:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00
Jeroen Ketema
5f64354a70 Merge pull request #13353 from jketema/expecation 
Fix typo in spelling of expectation
 2023-06-02 12:29:49 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
Alex Ford
6fa9e13a2e Ruby: update TaintStep output 2023-06-01 16:27:20 +01:00
Alex Ford
d09f6d318c Merge branch 'main' into maikypedia/sqli-sink 2023-06-01 15:02:44 +01:00
Alex Ford
4905a70e21 Ruby: update rack test output 2023-06-01 14:01:40 +01:00
Alex Ford
a5a15f3804 Ruby: restructure rack model 2023-06-01 14:01:40 +01:00
Alex Ford
b2958f87b2 ruby: rack - add redirect responses 2023-06-01 14:01:40 +01:00
Alex Ford
c3ab867595 ruby: start restructuring rack 2023-06-01 14:01:40 +01:00
Alex Ford
f8d2cbbe79 ruby: rack responses implement are HTTP responses 2023-06-01 14:01:39 +01:00