hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

4863 Commits

Author SHA1 Message Date
erik-krogh
ec32bdce63 fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines 2024-04-03 09:19:18 +02:00
erik-krogh
572d3ba542 fix language specifier typo in qhelp for rb/multi-char-san 2024-04-02 19:40:46 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen
332c1e3b8a Merge pull request #16026 from erik-krogh/htmlSafeSan 
RB: Add barrier guard for `.html_safe?` to the XSS queries
 2024-04-02 07:54:19 +02:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
Joe Farebrother
fb19288981 Address review comments - Fix docs typo and add a reference 2024-03-25 15:46:45 +00:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Joe Farebrother
a6ee19ca2d Fix query id 2024-03-22 14:36:47 +00:00
Joe Farebrother
01f712476b Add change note and update severity 2024-03-22 14:07:11 +00:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
a8aac318d0 Add qhelp 2024-03-22 14:04:52 +00:00
Joe Farebrother
89838981b7 Add test cases 2024-03-22 14:04:52 +00:00
Joe Farebrother
0f45a53adc Add mass assignment query 2024-03-22 14:04:52 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Tom Hvitved
8f56edea80 Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table 
Tree-sitter: Split up `ast_node_info` table into two tables
 2024-03-20 20:38:18 +01:00
erik-krogh
db3bf0e482 use the sanitizers from ReflectedXSS in unsafe-html-construction 2024-03-20 10:11:07 +01:00
Tom Hvitved
90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Tom Hvitved
0f0acc0428 Ruby: Add barrier guard flow tests 2024-03-20 09:25:20 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Harry Maclean
219cd4e415 Merge pull request #14426 from hmac/hmac-ar-scopes 
Ruby: Track flow into ActiveRecord scopes
 2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e Ruby: Fix Hash#keys flow summary 2024-03-19 13:47:45 +00:00
Harry Maclean
22ddf2129b Ruby: remove isString from TSymbol 2024-03-19 12:27:34 +00:00
Tom Hvitved
865026f22b Ruby: Add up/downgrade scripts (sigh) 2024-03-19 13:04:12 +01:00
Tom Hvitved
72ff494739 Ruby: Regenerate dbscheme and stats 2024-03-19 13:04:07 +01:00
Harry Maclean
dde148ee7e Ruby: add changenote 2024-03-19 08:40:30 +00:00
Harry Maclean
32b80f8cb1 Ruby: Add tests for hash flow 2024-03-19 08:38:14 +00:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved
8899d66132 Merge pull request #15734 from hvitved/dataflow/hidden-subpath 
Data flow: Account for hidden `subpath` wrappers
 2024-03-18 20:17:16 +01:00
Harry Maclean
187a68bf76 Ruby: Add flow summary for Hash#keys 2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a Ruby: Taint flow to second block param in map 
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
 2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4 Merge pull request #15907 from joefarebrother/ruby-uploaded-file 
Ruby: Model ActiveDispatch::Http::UploadedFile
 2024-03-18 14:02:33 +00:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
Arthur Baars
dbf16827bf Merge pull request #15951 from github/aibaars/changenotes-fixes 
Fix minor formatting issues in changenotes
 2024-03-18 12:56:50 +01:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Joe Farebrother
8c5fff2d11 Update names and qldoc for params taint predicates 2024-03-15 14:43:29 +00:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00