hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Alex Ford
9ccfec0571 Ruby: move actiondispatch components to an internal subdirectory 2023-05-23 15:26:52 +01:00
Alex Ford
c2f5bacc47 Ruby: consider more calls to e.g. ActionDispatch::Request#params as remote input sources 2023-05-23 14:50:16 +01:00
Alex Ford
27729af088 Ruby: move ActionDispatch::Request logic out of ActionController.qll 2023-05-23 14:49:57 +01:00
Alex Ford
9b4914c3f6 Ruby: split ActionDispatch modelling into multiple component files 2023-05-23 14:48:45 +01:00
Tom Hvitved
eaa84cb819 Ruby: Include underlying SSA parameter definition in localFlowSsaParamCaptureInput 2023-05-23 13:56:29 +02:00
Tom Hvitved
349de77474 Ruby: Include both self parameters and SSA definitions in call graph construction 2023-05-23 12:28:06 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Arthur Baars
bec2b7fef9 QL/Ruby: update dbscheme stats 2023-05-22 19:37:58 +02:00
Arthur Baars
294cc930e6 Ruby: add upgrade/downgrade scripts 2023-05-22 19:37:51 +02:00
Arthur Baars
d2bc66e393 QL: switch to shared YAML extractor 2023-05-22 19:28:59 +02:00
Arthur Baars
9f83dd5c7a Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme' 2023-05-22 19:28:51 +02:00
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Sim4n6
97e8e0bd8e Add String Manipulation Method Calls & CGI.escapeHTML() support 2023-05-21 11:52:29 +01:00
Sim4n6
ad754f1385 use of all normalization forms without the ":" prefix 2023-05-20 17:59:08 +01:00
Sim4n6
957023ec44 nfd and nfkd are considered 2023-05-20 12:51:24 +01:00
Sim4n6
eb7e1de65b Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:43:05 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Maiky
3c00235375 Add SqlSanitization to Concepts and turn private 2023-05-15 15:56:52 +02:00
Maiky
f46620c455 Var only used in one side of disjunct 2023-05-15 15:09:44 +02:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Tom Hvitved
425ebba278 Address review comments 2023-05-10 14:04:41 +02:00
Kasper Svendsen
e6ca3fe272 Ruby: Enable implicit this warnings 2023-05-10 13:03:39 +02:00
Kasper Svendsen
6b8a7c2f6f Ruby: Make implicit this receivers explicit 2023-05-10 13:03:39 +02:00
Tom Hvitved
51087d090b Address review comments 2023-05-10 09:42:41 +02:00
Tom Hvitved
60b0f25a9a Ruby: Improvements to RegExpTracking 2023-05-10 09:35:59 +02:00
Calum Grant
3d713ed4a9 Merge pull request #13067 from hvitved/ruby/no-self-flow 
Ruby: Remove local identity flow steps
 2023-05-09 09:33:35 +01:00
Michael Nebel
4ac0396b67 Go/Python/Ruby/Swift: Sync files and make dummy implementation. 2023-05-08 16:18:59 +02:00
Tom Hvitved
2f95af8ef2 Ruby: Remove self edges 2023-05-08 10:26:01 +02:00
Maiky
3960853af0 CWE-089 Add Sequel SQL Injection Sink 2023-05-07 23:56:56 +02:00
Maiky
6a3d995b35 Add Mysql2 as SQL Injection Sink 2023-05-06 12:25:25 +02:00
Mathias Vorreiter Pedersen
09ba9a74ce Merge pull request #12959 from MathiasVP/identity-consistency-check 
DataFlow: Add an "identity-step" consistency check
 2023-05-05 10:03:20 +01:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Sim4n6
14ca20e782 removed redundant imports 2023-05-03 17:43:54 +01:00
Alex Ford
e7213e92cf Merge remote-tracking branch 'origin/main' into rb/sqlite3 2023-05-03 15:18:07 +01:00
Alex Ford
a26f9736f1 Ruby: add change note for sqlite3 support 2023-05-03 15:12:06 +01:00
Erik Krogh Kristensen
f29db40371 Merge pull request #13011 from kaspersv/kaspersv/explicit-this-receivers-shared2 
JS, Python, Ruby: Make implicit this receivers explicit
 2023-05-03 15:34:59 +02:00
Kasper Svendsen
ea75996932 Merge pull request #13005 from kaspersv/kaspersv/ruby-explicit-this-receivers 
Ruby: Make implicit this receivers explicit
 2023-05-03 14:57:43 +02:00
Ian Lynagh
b56b843d13 Merge pull request #12987 from github/post-release-prep/codeql-cli-2.13.1 
Post-release preparation for codeql-cli-2.13.1
 2023-05-03 13:12:10 +01:00
Kasper Svendsen
aca2ace843 JS, Python, Ruby: Make implicit this receivers explicit 2023-05-03 13:51:51 +02:00
Kasper Svendsen
68cf33e791 Ruby: Make implicit this receivers explicit 2023-05-03 12:25:01 +02:00
Alex Ford
82c025020d Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti 2023-05-02 16:18:41 +01:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
github-actions[bot]
18d4af994d Post-release preparation for codeql-cli-2.13.1 2023-05-02 10:50:20 +00:00
Anders Schack-Mulligen
ca09649679 Dataflow: Forward hasLocationInfo. 2023-05-02 10:48:32 +02:00
Anders Schack-Mulligen
5927bb2030 Dataflow: Replace "extends Node" with "instanceof Node". 2023-05-02 09:48:34 +02:00
github-actions[bot]
3bd29171fb Release preparation for version 2.13.1 2023-04-28 12:14:35 +00:00
Mathias Vorreiter Pedersen
e506f638fc DataFlow: Sync identical files. 2023-04-27 18:40:33 +01:00