hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,671 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

89 Commits

Author SHA1 Message Date
github-actions[bot]
20fe22c8c8 Release preparation for version 2.8.2 2022-02-24 14:57:08 +00:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Alex Ford
746290d903 Merge pull request #7713 from github/ruby/clear-text-logging 
Ruby: Add `rb/clear-text-logging-sensitive-data` query
 2022-02-21 10:12:33 +00:00
Alex Ford
dd383f942f Merge remote-tracking branch 'origin/main' into ruby/clear-text-logging 2022-02-17 15:32:31 +00:00
Asger Feldthaus
69995d5750 Shared: rephrase request forgery name and description 2022-02-17 09:07:08 +01:00
Harry Maclean
a397c65d36 Ruby: Split standard library modeling 
Split the classes modeling various standard library concepts into a
structured group of multiple files.

Things that are part of the core language live in framworks/core and
standard libraries (that aren't part of core) live in frameworks/stdlib.

This mirrors the structure followed by the Ruby docs
(https://docs.ruby-lang.org/en/3.1/).

Tests are split in a followup commit.
 2022-02-17 20:44:04 +13:00
github-actions[bot]
21bf29353f Post-release preparation for codeql-cli-2.8.1 2022-02-11 11:07:31 +00:00
github-actions[bot]
f25fc70b7c Release preparation for version 2.8.1 2022-02-10 22:08:24 +00:00
Tom Hvitved
9440a45015 Merge branch 'main' into post-release-prep/codeql-cli-2.8.0 2022-02-09 09:40:33 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Alex Ford
269722fa86 Ruby: rb/clear-text-logging-sensitive-data changenote 2022-01-28 17:27:05 +00:00
Alex Ford
7fec2d270b Ruby: QL format 2022-01-28 17:24:56 +00:00
Alex Ford
186623f878 Ruby: Add CleartextLogging.qhelp 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Tamás Vajk
3d2cc8890a Update CHANGELOG.md 2022-01-27 11:50:13 +01:00
Tamás Vajk
cc4bb9b02f Update 0.0.8.md 2022-01-27 11:49:29 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Alex Ford
45ed5a806c Ruby: changenote for rb/csrf-protection-disabled enhancement 2022-01-19 13:41:00 +00:00
Alex Ford
d09f48ecb4 Ruby: flag up protect_from_forgery calls without an exception strategy 2022-01-16 20:56:13 +00:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
Alex Ford
712972cb82 Ruby: formatting 2022-01-04 16:41:23 +00:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Alex Ford
dadaf25262 Merge branch 'main' into ruby/rails-cookie-config 2022-01-04 12:04:44 +00:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Alex Ford
7d3932dc8d Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config 2021-12-22 17:54:03 +00:00
Alex Ford
7f01be7067 Ruby: use new changenote format for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
737f7332bc Ruby: add rb/weak-cookie-configuration query 2021-12-22 17:47:44 +00:00
Jeff Gran
7c032f6cb4 fix docs, fix deprecations 2021-12-22 08:35:55 -07:00
Nick Rolfe
dba26a92e9 Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass 2021-12-16 15:05:01 +00:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Rasmus Wriedt Larsen
1e45fa9ed4 JS/Py/Ruby: Add more CWEs to bad-tag-filter queries 
CWE-185: Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to
be improperly matched or compared.

https://cwe.mitre.org/data/definitions/185.html

CWE-186: Overly Restrictive Regular Expression

> A regular expression is overly restrictive, which prevents dangerous values from being detected.
>
> (...) [this CWE] is about a regular expression that does not match all
> values that are intended. (...)

https://cwe.mitre.org/data/definitions/186.html

From my understanding,
CWE-625: Permissive Regular Expression, is not applicable. (since this
is about accepting a regex match where there should not be a match).
 2021-12-13 10:23:24 +01:00
Nick Rolfe
a4da528812 Ruby: query to find user-controlled bypass of sensitive actions 2021-12-10 11:41:09 +00:00
github-actions[bot]
87b968f337 Post-release preparation 2.7.3 2021-12-02 00:46:55 +00:00
github-actions[bot]
337ce65fe5 Release preparation for version 2.7.3 2021-11-30 20:39:35 +00:00
Dave Bartolomeo
9f6c0991cf Catch up with recent change notes 2021-11-29 16:41:18 -05:00
Dave Bartolomeo
5ed9029143 Move change notes to correct directories 2021-11-29 16:31:11 -05:00
Dave Bartolomeo
75fb47c76f Ruby change notes 2021-11-29 16:17:19 -05:00
Dave Bartolomeo
d0dac03bad Manually bump versions 2021-11-29 14:21:08 -05:00
Dave Bartolomeo
2dfcd1dd9c Add groups property 
Also removed versions from test packs
 2021-11-29 14:15:53 -05:00