hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Alex Ford
c87c266871 ruby: add Rack::ResponseNode#getAStatusCode 2023-06-01 14:01:39 +01:00
Alex Ford
e7e0cf5cb3 ruby: add Rack::ResponseNode class 2023-06-01 14:01:39 +01:00
Alex Ford
4794066d3c Merge branch 'main' into maikypedia/sqli-sink-2 2023-06-01 13:04:54 +01:00
Maiky
7579f182ad Add requested changes 2023-06-01 11:00:35 +02:00
Michael Nebel
06b02eb3ce Sync files. 2023-06-01 09:30:31 +02:00
Maiky
13ce6a6d8e Update Frameworks.qll 2023-06-01 00:53:01 +02:00
Arthur Baars
e93b44670f Ruby: printCfg: only show graph for selected CfgScope 2023-05-31 16:08:01 +02:00
Arthur Baars
c211b704f3 Merge pull request #13272 from github/post-release-prep/codeql-cli-2.13.3 
Post-release preparation for codeql-cli-2.13.3
 2023-05-31 15:33:12 +02:00
Michael Nebel
2266e28583 Merge pull request #13262 from michaelnebel/flowsummary/refactorgetcomponentstack 
C#: Re-factor getComponent.
 2023-05-31 08:22:44 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Arthur Baars
d91fa2d038 Ruby: add print-cfg query 2023-05-30 17:30:04 +02:00
Rasmus Lerchedahl Petersen
2daa9577bb ruby/python: implement shared module 
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
 2023-05-30 13:31:24 +02:00
Maiky
345f43fbae fix concepts 2023-05-29 21:17:48 +02:00
Maiky
62353122c0 Add Improper LDAP Authentication query (CWE-287) 2023-05-29 21:16:13 +02:00
Maiky
03b7c5e5e8 naming error 2023-05-29 16:34:40 +02:00
Maiky
a8f887e3f9 naming error 2023-05-29 16:33:58 +02:00
Maiky
2d8318dc02 remove unnecessary imports and edit .qhelp 2023-05-28 17:40:31 +02:00
Maiky
065b69460d remove space 2023-05-28 17:34:16 +02:00
Maiky
5e33f14ff1 Undo Concepts changes 2023-05-28 17:33:05 +02:00
Harry Maclean
562065f29e Ruby: Add change note 2023-05-27 01:20:09 +00:00
Harry Maclean
b8c3cba4ff Ruby: Consolidate unsafe deserialization queries 
Merge the experimental YAMLUnsafeDeserialization and
PlistUnsafeDeserialization queries into the generate
UnsafeDeserialization query in the default suite.

These queries look for some specific sinks that we now find in the
general query.

Also apply some small code and comment refactors.
 2023-05-27 01:20:04 +00:00
amammad
d727d573d5 v4.2 write exact version of yaml.load default loader change 2023-05-27 01:15:29 +00:00
amammad
335441ce04 v4: make variable names camelCase, some inhancement, remove some duplicates 2023-05-27 01:15:29 +00:00
amammad
e76ed9454a v3 add global taint steps for to_ruby of YAML/Psych 2023-05-27 01:15:24 +00:00
amammad
ad7e107ff5 add the new YAML/PLIST sinks into the existing rb/unsafe-deserialization query 2023-05-27 01:14:36 +00:00
Maiky
dfbf259e2d typo 2023-05-26 18:14:49 +02:00
Maiky
9ab6eabd15 add filterTaintStep, qhelp file and test files 2023-05-26 18:13:58 +02:00
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
58fcbc136c Ruby: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
Sim4n6
52dd247a81 Removed redundant cast 2023-05-25 11:55:13 +01:00
Sim4n6
7d68f6afc9 added ActiveSupport::Multibyte::Chars normalize() sink 2023-05-25 09:21:55 +01:00
Sim4n6
d772bb213a Added three more Unicode Normalization sinks 2023-05-25 03:10:00 +01:00
Maiky
40450a2792 typo 2023-05-24 17:02:48 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Tom Hvitved
13ada1e6ad Ruby: Remove canonical return nodes 2023-05-24 11:11:50 +02:00
Tom Hvitved
deee314370 Python/Ruby: Optimize join-order in TypeTracker::[small]step 2023-05-24 11:11:07 +02:00
Tom Hvitved
05f3934042 Merge pull request #13251 from hvitved/ruby/call-graph-self-param 
Ruby: Include both `self` parameters and SSA definitions in call graph construction
 2023-05-24 11:10:34 +02:00
Asger F
818753e922 Merge pull request #13265 from asgerf/rb/delete-name-clash 
Ruby: fix some name clashes between summarized callables
 2023-05-24 11:08:56 +02:00
Tom Hvitved
b486a4d52c Merge pull request #13255 from hvitved/ruby/ssa-param-capture-input 
Ruby: Include underlying SSA parameter definition in `localFlowSsaParamCaptureInput`
 2023-05-24 10:40:54 +02:00
Maiky
27c1e47ece Update ruby/ql/lib/change-notes/2023-05-06-pg.md 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-05-24 01:44:51 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Asger F
0592c8ba99 Ruby: avoid name clash for "assoc" summary 2023-05-23 17:34:19 +02:00
Asger F
50a7b21928 Ruby: fix a name clash for summaries called "delete" 2023-05-23 16:49:17 +02:00