hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Marcono1234
d814decc17 Ruby: Fix formatting in changelog 2024-02-10 00:23:57 +01:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Harry Maclean
3a90d78c36 Ruby: Fix Rails view file regex 
This picks up non-nested template files correctly.
 2024-02-09 09:41:43 +00:00
Dave Bartolomeo
92bd550c55 Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2 
Post-release preparation for codeql-cli-2.16.2
 2024-02-08 05:58:17 -08:00
github-actions[bot]
b5139078d0 Post-release preparation for codeql-cli-2.16.2 2024-02-06 19:22:35 +00:00
github-actions[bot]
c1b35fbf47 Release preparation for version 2.16.2 2024-02-05 17:58:57 +00:00
Harry Maclean
f792b58421 Ruby: Recognise more ActiveRecord connections 2024-02-05 16:45:59 +00:00
Jim Ockers
e477909200 Merge branch 'main' into ockers/certification_not_certificate 2024-02-02 15:39:29 -08:00
James Ockers
9f7f9fcc6e Updating change-notes to reflect what will be the visible change to end users 2024-02-02 11:38:17 -08:00
Harry Maclean
06334eee2e Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness 
Ruby: Add Insecure Randomness Query
 2024-01-31 17:16:32 +00:00
James Ockers
0f1e21aa09 Adding per-language change-notes 2024-01-30 17:28:34 -08:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Tom Hvitved
803513acc6 Add change note 2024-01-30 20:30:58 +01:00
Tom Hvitved
d2d017dd64 Ruby: Model flow through ViewComponent render methods 2024-01-30 20:30:58 +01:00
Harry Maclean
557b49cfc5 Ruby: Add basic modeling for ViewComponent 2024-01-30 20:30:58 +01:00
Tom Hvitved
2d95ac9d5f Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework 2024-01-30 20:27:43 +01:00
Peter Stöckli
1947dee46a Merge branch 'main' into p--oj-ox-unsafe-deser 2024-01-30 15:33:39 +01:00
Peter Stöckli
9596aebee3 Format: getValue now on one line 2024-01-30 15:22:16 +01:00
Peter Stöckli
3c8bc96ab5 replace occurence of AssignExprCfgNode for Oj as well 2024-01-30 15:17:37 +01:00
Peter Stöckli
e87effc18c Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2024-01-30 15:14:35 +01:00
Tom Hvitved
503d2f7b95 Ruby: Rework mayBenefitFromCallContext 2024-01-30 09:57:29 +01:00
Harry Maclean
75b13da4e4 Ruby: Block flow from LHS of && expressions 
The only values that can flow from the LHS of an && expression are
`false` and `nil`, neither of which seem relevant for any of our
queries.
 2024-01-30 08:53:32 +00:00
maikypedia
d7314a1689 File format 2024-01-27 14:07:36 +01:00
github-actions[bot]
d0b74c00fe Post-release preparation for codeql-cli-2.16.1 2024-01-23 23:02:29 +00:00
github-actions[bot]
7ef611e6dc Release preparation for version 2.16.1 2024-01-23 19:45:16 +00:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Sid Shankar
2c683c910f Merge branch 'change/adjust-extracted-files-diagnostics' of https://github.com/sidshank/codeql into change/adjust-extracted-files-diagnostics 2024-01-17 14:32:36 +00:00
Sid Shankar
0824ab77e9 Adds change notes 2024-01-17 14:31:40 +00:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0 
Post-release preparation for codeql-cli-2.16.0
 2024-01-16 14:50:40 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
maikypedia
6c8fbe877d Changes 2024-01-09 00:46:41 +01:00
Alex Ford
ef8ca55d92 Merge pull request #15203 from pwntester/patch-3 
Ruby: Update Kernel.qll to include `Object.send` aliases
 2024-01-08 15:32:57 +00:00
Chuan-kai Lin
a743fca3a5 Merge pull request #15243 from github/cklin/upgrade-delete-fixes-ruby 
Ruby: Fix upgrade delete directives
 2024-01-08 07:27:59 -08:00
github-actions[bot]
a6c8cc9551 Release preparation for version 2.16.0 2024-01-08 13:11:26 +00:00
Arthur Baars
f4df5c9556 Merge pull request #15224 from aibaars/ruby-update-grammar 
Ruby: update tree-sitter-ruby
 2024-01-08 11:01:42 +01:00
Alvaro Muñoz
dbefc132de Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2024-01-07 10:31:50 +01:00
Chuan-kai Lin
66d2b9b7d2 Ruby: Fix upgrade delete directives 2024-01-05 14:21:52 -08:00
Alvaro Muñoz
9146407f23 Add [] to the list of methods returning an `ActionController::Parameters" 2024-01-05 15:14:11 +01:00
Arthur Baars
aad42b1b0d Add change note 2024-01-05 14:36:52 +01:00
Harry Maclean
c96be39474 Merge pull request #15048 from hmac/hmac-model-editor-ruby-modules 
Ruby: Model editor improvements
 2024-01-03 12:53:43 +00:00
Alvaro Muñoz
2964aef083 Update Kernel.qll to include send aliases 
Add `public_send` and `__send__` as Code Injection sinks as proposed by @vcsjones
 2023-12-28 19:08:03 +01:00
Aditya Sharad
b1803d0ac2 Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00