hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

4804 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
122d188f1d Merge pull request #10832 from erik-krogh/passRb 
RB: add model for the `Digest` and `OpenSSL::Digest` modules
 2022-10-17 10:02:33 +02:00
erik-krogh
191efdf6e0 replace getMethod("new").getReturn() with getInstance() 2022-10-17 09:35:44 +02:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Harry Maclean
aa6c433529 Ruby: Update test fixture 
This change is due to a8fdda65fb.
 2022-10-17 09:44:32 +13:00
Harry Maclean
eddb8493d8 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-10-17 09:34:44 +13:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
8ae86cf443 Ruby: Consider header writes as XSS sinks 2022-10-17 08:17:37 +13:00
Harry Maclean
545222d1e9 Ruby: Add change note 2022-10-17 08:17:37 +13:00
Harry Maclean
73ca595b56 Ruby: Model ActionDispatch::Response 2022-10-17 08:17:37 +13:00
Arthur Baars
ae0c9b76e0 Merge pull request #10843 from aibaars/fix-self 
Ruby: fix self variables in blocks
 2022-10-15 00:48:14 +02:00
Alex Ford
2c5129e720 Merge pull request #10369 from alexrford/rb/sensitive-get-query 
Ruby: add `rb/sensitive-get-query` query
 2022-10-14 22:34:47 +01:00
Arthur Baars
a8fdda65fb Ruby: fix self variables in blocks 2022-10-14 16:02:39 +02:00
Asger F
8cb4f230d8 Merge branch 'main' into rb/fix-spurious-singleton-calls 2022-10-14 15:52:38 +02:00
Tom Hvitved
407f7072e4 Merge pull request #10829 from hvitved/ruby/call-graph-perf 
Ruby: Call graph performance improvements
 2022-10-14 15:24:27 +02:00
Asger F
1bd3d29409 Ruby: workaround issue with 'def self.method' in a block 2022-10-14 15:07:33 +02:00
erik-krogh
5f826d0eef fix typo 2022-10-14 14:43:51 +02:00
Asger F
17a246b321 Ruby: more uninteresting test updates 2022-10-14 13:59:52 +02:00
erik-krogh
dfdf8c7869 add change-note 2022-10-14 13:28:36 +02:00
erik-krogh
7c76645157 add model for the core OpenSSL::Digest module 2022-10-14 13:25:34 +02:00
erik-krogh
e2476949b9 add model for the core Digest module 2022-10-14 12:49:37 +02:00
Arthur Baars
9ccf5a7798 Merge pull request #10749 from aibaars/run_request 
Ruby: treat Faraday#run_request as remote source
 2022-10-14 12:24:39 +02:00
Asger F
8228730634 Ruby: fix regression for methods in singleton classes 2022-10-14 11:57:35 +02:00
Alex Ford
b29bf82e05 Ruby: fix merge error 2022-10-14 10:51:12 +01:00
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Asger F
30f7380f74 Ruby: Add regression test for lost calls 2022-10-14 11:49:55 +02:00
Alex Ford
24dad5599a Ruby: fix SensitiveNode detection relating to class/instance variables 2022-10-14 10:41:46 +01:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Alex Ford
36a1b18f5b Ruby: revert SensitiveDataHeuristics changes 2022-10-14 09:19:41 +01:00
Asger F
a06cc30f05 Ruby: fix some more spurious call edges 2022-10-14 10:11:22 +02:00
Asger F
b1dadc224c Ruby: uninteresting test output update 2022-10-14 10:10:39 +02:00
Asger F
ae71828fc4 Ruby: add more tests for singleton up/down calls 2022-10-14 10:09:59 +02:00
Asger F
789f591de4 Ruby: add another spurious call edge test 2022-10-14 10:09:57 +02:00
Asger F
1476efbe2c Ruby: restrict to a use of 'self' in singleton methods 2022-10-14 10:09:11 +02:00
Asger F
329ab9156a Ruby: add test showing spurious call 2022-10-14 10:07:34 +02:00
Tom Hvitved
81bc6c2d49 Ruby: Call graph performance improvements 2022-10-14 09:47:27 +02:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Harry Maclean
e6dc27a7b5 Add content_mime_type, fix env/filtered_env 2022-10-14 19:49:22 +13:00
Harry Maclean
0130e4ba7f Re-add path methods that are user-controlled 2022-10-14 16:49:15 +13:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Alex Ford
3d478a3951 Ruby: clarify qhelp 2022-10-13 22:39:54 +01:00
Alex Ford
9fbd293944 Ruby: avoid making notSensitiveRegexp always flag instance/class variables as not sensitive 2022-10-13 22:38:42 +01:00
Alex Ford
15cab6eed5 Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-13 21:43:59 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
d94ebe9a4e spelling: unknown 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
e1b4476399 spelling: the 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
0999ec3c70 spelling: specifies 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
9be162a119 spelling: recursion 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
124c5544cf spelling: predicates 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
eab3e18962 spelling: possibility 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00