hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

3479 Commits

Author SHA1 Message Date
Tom Hvitved
04de315e0e Ruby: Deprecate models-as-data CSV interface 2024-04-12 13:40:14 +02:00
Joe Farebrother
5cebcadc56 Merge pull request #15987 from joefarebrother/ruby-mass-reassignment 
Ruby: Add query for insecure mass assignment
 2024-04-12 10:18:41 +01:00
Anders Schack-Mulligen
6991f5452f Ruby: Add alert provenance plumbing. 2024-04-12 09:20:04 +02:00
Anders Schack-Mulligen
eafc0075fd Legacy dataflow: Sync. 2024-04-12 09:19:54 +02:00
Joe Farebrother
06d7b3ce80 Use cfg nodes 2024-04-11 22:30:41 +01:00
Erik Krogh Kristensen
c00e2075a4 Merge pull request #16111 from erik-krogh/rb-url 
RB: Improve QHelp for `rb/url-redirect`, and fix an FP.
 2024-04-11 13:03:35 +02:00
Joe Farebrother
ec973ac1f3 Use not exists 2024-04-11 09:38:41 +01:00
Joe Farebrother
0a3d73d902 Add flow steps and sanitizers for permit calls 2024-04-10 21:47:07 +01:00
Erik Krogh Kristensen
844e78dce5 remove redundant cast 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2024-04-10 20:02:49 +02:00
Joe Farebrother
976ca48317 Review suggestions - rename sink class and add barrier out 2024-04-10 10:17:19 +01:00
Asger F
f5355cfa98 Dynamic: Sync ApiGraphModels.qll 2024-04-09 14:37:20 +02:00
Tom Hvitved
e6984aa865 Ruby: Remove two redundant allowImplicitRead predicates 2024-04-09 10:10:25 +02:00
erik-krogh
642a134035 add tests for the fixes in the qhelp, and fix an FP that appeared 2024-04-08 12:00:27 +02:00
Tom Hvitved
ce3b359813 Ruby: Fix CFG for nodes that may raise 2024-04-04 13:27:29 +02:00
Tom Hvitved
c2d771b334 Ruby: Reduce alerts produced by MassAssignment.ql 2024-04-03 19:58:51 +02:00
Tom Hvitved
3c96bf6b22 Fix bad join 2024-04-03 19:41:37 +02:00
Tom Hvitved
2d4cf55c87 Merge pull request #15985 from hvitved/ruby/phi-barrier-guards 
Ruby: Extend barrier guards to handle phi inputs
 2024-04-03 15:22:39 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen
332c1e3b8a Merge pull request #16026 from erik-krogh/htmlSafeSan 
RB: Add barrier guard for `.html_safe?` to the XSS queries
 2024-04-02 07:54:19 +02:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
0f45a53adc Add mass assignment query 2024-03-22 14:04:52 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Tom Hvitved
8f56edea80 Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table 
Tree-sitter: Split up `ast_node_info` table into two tables
 2024-03-20 20:38:18 +01:00
erik-krogh
db3bf0e482 use the sanitizers from ReflectedXSS in unsafe-html-construction 2024-03-20 10:11:07 +01:00
Tom Hvitved
90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Harry Maclean
219cd4e415 Merge pull request #14426 from hmac/hmac-ar-scopes 
Ruby: Track flow into ActiveRecord scopes
 2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e Ruby: Fix Hash#keys flow summary 2024-03-19 13:47:45 +00:00
Harry Maclean
22ddf2129b Ruby: remove isString from TSymbol 2024-03-19 12:27:34 +00:00
Tom Hvitved
865026f22b Ruby: Add up/downgrade scripts (sigh) 2024-03-19 13:04:12 +01:00
Tom Hvitved
72ff494739 Ruby: Regenerate dbscheme and stats 2024-03-19 13:04:07 +01:00
Harry Maclean
dde148ee7e Ruby: add changenote 2024-03-19 08:40:30 +00:00
Harry Maclean
32b80f8cb1 Ruby: Add tests for hash flow 2024-03-19 08:38:14 +00:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Harry Maclean
187a68bf76 Ruby: Add flow summary for Hash#keys 2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a Ruby: Taint flow to second block param in map 
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
 2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4 Merge pull request #15907 from joefarebrother/ruby-uploaded-file 
Ruby: Model ActiveDispatch::Http::UploadedFile
 2024-03-18 14:02:33 +00:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00