hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

4874 Commits

Author SHA1 Message Date
Asger F
ae71828fc4 Ruby: add more tests for singleton up/down calls 2022-10-14 10:09:59 +02:00
Asger F
789f591de4 Ruby: add another spurious call edge test 2022-10-14 10:09:57 +02:00
Asger F
1476efbe2c Ruby: restrict to a use of 'self' in singleton methods 2022-10-14 10:09:11 +02:00
Asger F
329ab9156a Ruby: add test showing spurious call 2022-10-14 10:07:34 +02:00
Tom Hvitved
81bc6c2d49 Ruby: Call graph performance improvements 2022-10-14 09:47:27 +02:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Harry Maclean
e6dc27a7b5 Add content_mime_type, fix env/filtered_env 2022-10-14 19:49:22 +13:00
Harry Maclean
0130e4ba7f Re-add path methods that are user-controlled 2022-10-14 16:49:15 +13:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Alex Ford
3d478a3951 Ruby: clarify qhelp 2022-10-13 22:39:54 +01:00
Alex Ford
9fbd293944 Ruby: avoid making notSensitiveRegexp always flag instance/class variables as not sensitive 2022-10-13 22:38:42 +01:00
Alex Ford
15cab6eed5 Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-13 21:43:59 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
d94ebe9a4e spelling: unknown 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
e1b4476399 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
0999ec3c70 spelling: specifies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
9be162a119 spelling: recursion 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
eab3e18962 spelling: possibility 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
a37af45f86 spelling: overridable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
be38e6eddc spelling: navigation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
e62dda9c7b spelling: mutation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
f26b380767 spelling: keyword 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
2648cb0322 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
d0866c150f spelling: for 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
f4b32a3042 spelling: excluding 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
893c5457a8 spelling: disambiguation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:40 -04:00
Josh Soref
8483c79aef spelling: continuing 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:02 -04:00
Josh Soref
b986c30454 spelling: connection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
939dc49a88 spelling: compound 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
fe7bd81c9a spelling: captured 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
72f91c1d29 spelling: ancestors 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:27 -04:00
Josh Soref
5d94733078 spelling: ambiguously 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:25 -04:00
Alex Ford
594812640e Merge pull request #10746 from alexrford/ruby/activejob-deserialize 
Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink
 2022-10-13 15:36:45 +01:00
Arthur Baars
9abd599024 Ruby: treat Faraday#run_request as remote source 2022-10-13 15:44:21 +02:00
Anders Schack-Mulligen
f1634d3dca Dataflow: Add support for C#/Python/Ruby/Swift. 2022-10-13 14:29:27 +02:00
Anders Schack-Mulligen
69bf13b1d4 Dataflow: Sync. 2022-10-13 14:19:12 +02:00
Erik Krogh Kristensen
3a1a94b8af Merge pull request #10798 from erik-krogh/matchCaseReg 
Rb: add case-when expressions as a sink to rb/polynomial-redos
 2022-10-13 13:55:42 +02:00
Arthur Baars
6ea2b87224 Merge pull request #10811 from aibaars/silence-warning 
Ruby: remove warning
 2022-10-13 13:38:25 +02:00
Anders Schack-Mulligen
d79a7e863a Merge pull request #10806 from aschackmull/dataflow/additional 
Dataflow:  Add additional annotation.
 2022-10-13 13:02:48 +02:00
Arthur Baars
16b035600e Ruby: remove warning 2022-10-13 13:01:06 +02:00
Alex Ford
a65850e922 Merge pull request #10784 from alexrford/ruby/pathname-existence 
Ruby: model `Pathname#existence` extension from `ActiveSupport`
 2022-10-13 11:38:22 +01:00
erik-krogh
3a3a5aa17c add case-in as a sink for polynomial-redos 2022-10-13 12:36:07 +02:00
Anders Schack-Mulligen
036724ce8d Dataflow: Sync. 2022-10-13 11:03:30 +02:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
8e55e62b15 Ruby: Add change note 2022-10-13 13:24:16 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00