hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4931 Commits

Author SHA1 Message Date
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Asger F
30f7380f74 Ruby: Add regression test for lost calls 2022-10-14 11:49:55 +02:00
Alex Ford
24dad5599a Ruby: fix SensitiveNode detection relating to class/instance variables 2022-10-14 10:41:46 +01:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Alex Ford
36a1b18f5b Ruby: revert SensitiveDataHeuristics changes 2022-10-14 09:19:41 +01:00
Asger F
a06cc30f05 Ruby: fix some more spurious call edges 2022-10-14 10:11:22 +02:00
Asger F
b1dadc224c Ruby: uninteresting test output update 2022-10-14 10:10:39 +02:00
Asger F
ae71828fc4 Ruby: add more tests for singleton up/down calls 2022-10-14 10:09:59 +02:00
Asger F
789f591de4 Ruby: add another spurious call edge test 2022-10-14 10:09:57 +02:00
Asger F
1476efbe2c Ruby: restrict to a use of 'self' in singleton methods 2022-10-14 10:09:11 +02:00
Asger F
329ab9156a Ruby: add test showing spurious call 2022-10-14 10:07:34 +02:00
Tom Hvitved
81bc6c2d49 Ruby: Call graph performance improvements 2022-10-14 09:47:27 +02:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Harry Maclean
e6dc27a7b5 Add content_mime_type, fix env/filtered_env 2022-10-14 19:49:22 +13:00
Harry Maclean
0130e4ba7f Re-add path methods that are user-controlled 2022-10-14 16:49:15 +13:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Alex Ford
3d478a3951 Ruby: clarify qhelp 2022-10-13 22:39:54 +01:00
Alex Ford
9fbd293944 Ruby: avoid making notSensitiveRegexp always flag instance/class variables as not sensitive 2022-10-13 22:38:42 +01:00
Alex Ford
15cab6eed5 Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-13 21:43:59 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
d94ebe9a4e spelling: unknown 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
e1b4476399 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
0999ec3c70 spelling: specifies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
9be162a119 spelling: recursion 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
eab3e18962 spelling: possibility 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
a37af45f86 spelling: overridable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
be38e6eddc spelling: navigation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
e62dda9c7b spelling: mutation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
f26b380767 spelling: keyword 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
2648cb0322 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
d0866c150f spelling: for 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
f4b32a3042 spelling: excluding 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
893c5457a8 spelling: disambiguation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:40 -04:00
Josh Soref
8483c79aef spelling: continuing 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:02 -04:00
Josh Soref
b986c30454 spelling: connection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
939dc49a88 spelling: compound 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
fe7bd81c9a spelling: captured 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:52:01 -04:00
Josh Soref
72f91c1d29 spelling: ancestors 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:27 -04:00
Josh Soref
5d94733078 spelling: ambiguously 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:51:25 -04:00
Alex Ford
594812640e Merge pull request #10746 from alexrford/ruby/activejob-deserialize 
Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink
 2022-10-13 15:36:45 +01:00
Arthur Baars
9abd599024 Ruby: treat Faraday#run_request as remote source 2022-10-13 15:44:21 +02:00
Anders Schack-Mulligen
f1634d3dca Dataflow: Add support for C#/Python/Ruby/Swift. 2022-10-13 14:29:27 +02:00
Anders Schack-Mulligen
69bf13b1d4 Dataflow: Sync. 2022-10-13 14:19:12 +02:00
Erik Krogh Kristensen
3a1a94b8af Merge pull request #10798 from erik-krogh/matchCaseReg 
Rb: add case-when expressions as a sink to rb/polynomial-redos
 2022-10-13 13:55:42 +02:00
Arthur Baars
6ea2b87224 Merge pull request #10811 from aibaars/silence-warning 
Ruby: remove warning
 2022-10-13 13:38:25 +02:00
Anders Schack-Mulligen
d79a7e863a Merge pull request #10806 from aschackmull/dataflow/additional 
Dataflow:  Add additional annotation.
 2022-10-13 13:02:48 +02:00