hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,531 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.7
Commit Graph

4941 Commits

Author SHA1 Message Date
Alex Ford
5f78bbbf52 add missing documentation 2021-11-04 21:07:54 +00:00
Alex Ford
543bd28b03 add a change note for rb/csrf-protection-disabled 2021-11-04 20:14:54 +00:00
Alex Ford
d324f9397c qhelp for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Alex Ford
25da904314 test cases for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Alex Ford
4666024419 model some ways to configure Rails 2021-11-04 19:56:56 +00:00
Alex Ford
91f99ed2a1 model skip_forgery_protection calls in ActionController classes 2021-11-04 19:56:56 +00:00
Alex Ford
fad7e9489b Add a query to detect instances of CSRF protection being disabled 2021-11-04 19:56:55 +00:00
Alex Ford
8a412dc5fd Add CSRFProtectionSetting concept 2021-11-04 18:18:29 +00:00
Tom Hvitved
3544c85445 Ruby: Make the target of basicStoreStep the post-update node 2021-11-04 14:21:22 +01:00
Tom Hvitved
1101b1054d Ruby: Make target of basicStoreStep a normal data flow node 2021-11-04 14:20:07 +01:00
Tom Hvitved
a56a5e4e7d Ruby: Add type tracker tests 2021-11-04 14:19:16 +01:00
Erik Krogh Kristensen
02f500b9c2 Merge branch 'main' into htmlReg 2021-11-04 12:58:42 +01:00
Tom Hvitved
16d96d2ad3 Ruby: Remove Node::getEnclosingCallable and ParameterNode::isParameterOf 2021-11-03 15:59:29 +01:00
Tom Hvitved
df6962143d Shared SSA: Sync files 2021-11-03 14:21:50 +01:00
Nick Rolfe
dd17271ec8 Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection 2021-11-03 11:55:42 +00:00
Tom Hvitved
ab37ae6613 Merge pull request #7036 from hvitved/ruby/truncate-get-value-text 
Ruby: Truncate concatenated strings in `getValueText`
 2021-11-03 10:57:43 +01:00
Mathias Vorreiter Pedersen
4a2894a707 Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
Tom Hvitved
8b287a7846 Ruby: Truncate concatenated strings in getValueText 2021-11-02 18:19:49 +01:00
Anders Schack-Mulligen
7d0152f3c0 Merge pull request #6932 from aschackmull/dataflow/flow-features 
Dataflow: Add support for call context restrictions on sources/sinks.
 2021-11-02 13:24:17 +01:00
Nick Rolfe
898f5ec596 Ruby: use the rb/ prefix in all query ids 2021-11-02 11:42:02 +00:00
Mathias Vorreiter Pedersen
6f4107ff23 Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma. 2021-11-02 11:37:40 +00:00
Tom Hvitved
302373d154 Merge pull request #6858 from hvitved/python/type-tracker-changes 
Python: Type tracker changes
 2021-11-02 11:47:01 +01:00
CodeQL CI
5d62aa5b29 Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Tom Hvitved
fe80c4a17b Ruby: Sync files 2021-11-02 11:16:46 +01:00
Nick Rolfe
da5d10fd6b Merge pull request #7012 from MalikIdreesHasanKhan/main 
Fixed a typo. ( Minor PR)
 2021-11-01 11:30:13 +00:00
MalikIdreesHasa
e44e982065 Fixed a typo. 2021-10-31 15:11:39 +00:00
Nick Rolfe
fed0a06353 Ruby: add change note for rb/regexp-injection 2021-10-29 11:28:34 +01:00
Anders Schack-Mulligen
5951ae79b9 Dataflow: Add language specific predicates. 2021-10-29 11:11:35 +02:00
Anders Schack-Mulligen
00df6798b1 Dataflow: Sync 2021-10-29 11:00:23 +02:00
Erik Krogh Kristensen
15c90adec5 remove redundant cast where the type is enforced by an equality comparison 2021-10-28 18:08:20 +02:00
Erik Krogh Kristensen
e75448ebb0 remove redundant inline casts 2021-10-28 16:35:53 +02:00
Nick Rolfe
2059896882 Ruby: clean up docs 2021-10-28 12:04:48 +01:00
Nick Rolfe
bd92403b42 Ruby: fix qhelp 2021-10-28 10:42:56 +01:00
Nick Rolfe
f557df6c4e Revert "Ruby: update Cargo.lock" 
This reverts commit 0a89028663.
 2021-10-27 18:38:22 +01:00
Nick Rolfe
f1229ff071 Revert "Ruby: update Cargo.lock" 
This reverts commit 7a5e8f1756.
 2021-10-27 18:38:08 +01:00
Nick Rolfe
7a5e8f1756 Ruby: update Cargo.lock 2021-10-27 16:21:33 +01:00
Nick Rolfe
ff7826dd96 Revert "Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator" 
This reverts commit 4cedb43a54.
 2021-10-27 16:21:33 +01:00
Nick Rolfe
fc1f874f92 Revert "Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor" 
This reverts commit e9da027539.
 2021-10-27 16:21:33 +01:00
Nick Rolfe
11154a9409 Ruby: add regex injection query 2021-10-27 15:58:12 +01:00
Anders Schack-Mulligen
6eabb610b4 Dataflow: Sync Ruby 2021-10-27 13:58:30 +02:00
Nick Rolfe
0a89028663 Ruby: update Cargo.lock 2021-10-27 11:43:09 +01:00
Erik Krogh Kristensen
8a4b043cb1 fix imports 2021-10-26 15:39:45 +02:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Erik Krogh Kristensen
c15ddf6e92 update ReDoSUtil in ruby 2021-10-26 15:03:09 +02:00
Erik Krogh Kristensen
2ddf445caf move ruby files to match file structure from js/py 2021-10-26 14:54:12 +02:00
Mathias Vorreiter Pedersen
67fd38f328 C#/Ruby: Use a 'noinline' instead of a 'only_bind_into'. 2021-10-26 09:41:52 +01:00
Mathias Vorreiter Pedersen
4b137ede0e Ruby: Sync identical files. 2021-10-25 22:03:44 +01:00
Nick Rolfe
779e24eb73 Ruby: remove VS Code workspace 2021-10-25 13:12:31 +01:00
Nick Rolfe
fb79886fe7 Merge pull request #6944 from github/dependabot/cargo/ruby/extractor/tracing-subscriber-0.3 
Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor
 2021-10-25 12:50:48 +01:00
dependabot[bot]
e9da027539 Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor 
Updates the requirements on [tracing-subscriber](https://github.com/tokio-rs/tracing) to permit the latest version.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.0...tracing-subscriber-0.3.0)

---
updated-dependencies:
- dependency-name: tracing-subscriber
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-25 10:40:34 +00:00