hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4874 Commits

Author SHA1 Message Date
Harry Maclean
4e07fd3eb1 Ruby: Model ApplicationController.renderer 2023-02-19 13:37:27 +13:00
gregxsunday
fe97d2a05d fix file formatting 2023-02-17 14:01:28 +00:00
Grzegorz Niedziela
9d8c117c61 added QLDocs for ZipSlip module 2023-02-17 12:57:35 +00:00
Grzegorz Niedziela
815b5a0312 add changelog file 2023-02-17 12:50:10 +00:00
Grzegorz Niedziela
c03ba2cc13 fix docs references 2023-02-17 12:50:01 +00:00
Grzegorz Niedziela
652c7ff1ed Push Sanitizer definition to ZipSlipCustomization.qll 2023-02-17 12:49:31 +00:00
Grzegorz Niedziela
8bbbb95a87 Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll 2023-02-17 12:49:04 +00:00
Tom Hvitved
e9bce9f8cd Ruby: Update test expectations 2023-02-17 13:22:28 +01:00
Arthur Baars
51f34eb3e9 Ruby: diagnostics: add support for markdown messages 2023-02-17 12:01:41 +01:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
Arthur Baars
006ee5aad9 Ruby: improve encoding related messages 2023-02-16 13:12:55 +01:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
gregxsunday
d1aaa9ad86 Add ZipSlip/TarSlip query for ruby 2023-02-16 11:24:15 +00:00
Alex Ford
74782bf6a2 Merge branch 'main' into ruby_twirp_support 2023-02-15 17:15:08 +00:00
Alex Ford
1556b1a728 Merge branch 'main' into js-use-shared-cryptography 2023-02-15 17:13:53 +00:00
Alex Ford
801ed1ce7c Ruby: add Twirp.expected 2023-02-15 17:05:33 +00:00
Alex Ford
43af306d60 dynamic: more detailed qldoc for CryptographicOperation#getBlockMode() 2023-02-15 16:55:18 +00:00
Alex Ford
d4d0b91085 dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate 2023-02-15 16:23:46 +00:00
Alex Ford
c7aaad9ed0 JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby 2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen
c72dbc49fc Merge pull request #12165 from RasmusWL/crypto-updates 
Python/Ruby/JS Crypto: Add a few algorithms + block modes
 2023-02-15 14:35:40 +01:00
erik-krogh
17f7ba2a8f rewrite the taint-step for join() to a flowsummary 2023-02-15 12:34:59 +01:00
erik-krogh
d2bd70dc33 Merge branch 'main' into more-shell-taint 2023-02-15 11:35:58 +01:00
Harry Maclean
fb14920281 Merge pull request #12056 from hmac/test-refactor 2023-02-15 17:34:25 +13:00
Alvaro Muñoz
4644a88b89 address code review comments 2023-02-14 14:27:17 +01:00
Tom Hvitved
2113c3c3d9 Ruby: Remove NumberUtils.qll 2023-02-13 15:59:50 +01:00
Rasmus Wriedt Larsen
39e50f745d Ruby: Fix .expected for CryptoAlgorithms 2023-02-13 14:21:12 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Arthur Baars
457a2bb2a2 Merge pull request #12093 from aibaars/oneline-match 
Ruby: add support for one-line pattern matches
 2023-02-13 12:38:28 +01:00
Erik Krogh Kristensen
2f404df17c Merge pull request #10782 from erik-krogh/rbPoly 
Ruby: add library input as a source for `rb/polynomial-redos`
 2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen
26d5fb2412 Merge pull request #11824 from erik-krogh/secondMissAnchor 
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
 2023-02-13 11:26:05 +01:00
erik-krogh
634087b417 Merge branch 'main' into rbPoly 2023-02-13 10:46:00 +01:00
Rasmus Wriedt Larsen
5235964b07 sync files 2023-02-13 10:44:12 +01:00
Tom Hvitved
0b8173e2e7 Ruby: Add another data flow test 2023-02-13 09:50:50 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Arthur Baars
ecbd768df4 Ruby: reduce number of diagnostic messages with the status_page flag 
For now we only report real parse errors and character encoding errors. Warnings about
unexpected or missing nodes in the AST are not reported. These are typically side effects
of earlier parse errors.
 2023-02-10 18:53:46 +01:00
Arthur Baars
679f02c274 Address comments 2023-02-10 18:08:30 +01:00
Arthur Baars
07947e6528 Address comments 2023-02-09 12:02:14 +01:00
dependabot[bot]
bd98ae0dcc build(deps): bump serde_json from 1.0.91 to 1.0.93 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.91 to 1.0.93.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.93)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-09 08:13:18 +00:00
Erik Krogh Kristensen
3ebac65167 apply change-note suggestions from doc review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-02-08 14:55:54 +01:00
Arthur Baars
78ad9d67b4 Address comments 2023-02-08 13:40:46 +01:00
erik-krogh
eb564760be improve qhelp based on doc review 2023-02-08 11:00:54 +01:00
Mathias Vorreiter Pedersen
334c41c3e1 Merge pull request #12122 from github/post-release-prep/codeql-cli-2.12.2 
Post-release preparation for codeql-cli-2.12.2
 2023-02-07 16:17:57 +00:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Tom Hvitved
10534b62c9 Data flow: Call context virtual dispatch pruning in stage 1 2023-02-07 15:14:27 +01:00
github-actions[bot]
522a892d32 Post-release preparation for codeql-cli-2.12.2 2023-02-07 13:19:06 +00:00
Tom Hvitved
984729f9b0 Merge pull request #12117 from hvitved/ruby/delay-location-to-string 
Ruby: Avoid computing `Location::toString` in full
 2023-02-07 12:42:03 +01:00
Alvaro Muñoz
642a138eaa Update Twirp.qll 2023-02-07 10:44:48 +01:00
Tom Hvitved
c0e3186607 Ruby: Avoid computing Location::toString in full 2023-02-07 10:06:47 +01:00
Harry Maclean
43ce26e4d0 Ruby: re-add Eval.rb 2023-02-07 09:37:26 +13:00
Arthur Baars
12f5732782 Ruby: downgrade tree-sitter to 0.20.7 
The 0.20.9 version caused a stack overflow error on
the mongo-ruby-driver repository.
 2023-02-06 16:27:51 +01:00