hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

4804 Commits

Author SHA1 Message Date
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
thiggy1342
0456870136 Merge branch 'main' into experimental-manually-check-request-verb 2022-06-18 15:21:53 -04:00
thiggy1342
ecb2114b7b replace duplicate post with put 2022-06-18 19:21:17 +00:00
thiggy1342
8b36191023 drop precision to low for now 2022-06-18 18:38:58 +00:00
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
thiggy1342
8aa2602d9e trying to hone in on eq comparison and include? 2022-06-18 03:09:04 +00:00
thiggy1342
78f5186e6a remove barrierguards import 2022-06-18 00:43:01 +00:00
thiggy1342
b171883cd0 Merge branch 'main' into experimental-decompression-api 2022-06-17 12:30:38 -04:00
thiggy1342
4163ae1ca3 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-17 12:30:22 -04:00
thiggy1342
3b87c1d040 add qlhelp file and example 2022-06-17 16:03:40 +00:00
Rasmus Wriedt Larsen
b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Alex Ford
5923eb4962 Merge pull request #9566 from alexrford/ruby/activerecord-findby-dynamic 
Ruby: recognize ActiveRecord `find_by_x` methods
 2022-06-17 09:39:46 +01:00
Nick Rolfe
cac53b5163 Merge pull request #9588 from github/dependabot/cargo/ruby/thread_local-1.1.4 
Bump thread_local from 1.1.3 to 1.1.4 in /ruby
 2022-06-17 09:28:24 +01:00
Harry Maclean
230192df3b Merge pull request #9267 from hmac/hmac/improper-memoization 
Ruby: Add Improper Memoization query
 2022-06-17 16:31:55 +12:00
thiggy1342
7c2b19baad tweaks and add Zip::File.open_buffer to query 2022-06-17 02:43:54 +00:00
dependabot[bot]
583ab492f9 Bump thread_local from 1.1.3 to 1.1.4 in /ruby 
Bumps [thread_local](https://github.com/Amanieu/thread_local-rs) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/Amanieu/thread_local-rs/releases)
- [Commits](https://github.com/Amanieu/thread_local-rs/compare/v1.1.3...1.1.4)

---
updated-dependencies:
- dependency-name: thread_local
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-17 01:44:43 +00:00
thiggy1342
01cb408393 Merge branch 'main' into experimental-decompression-api 2022-06-16 17:23:55 -04:00
Arthur Baars
e95194ce67 Merge pull request #9477 from thiggy1342/experimental-archive-api 
RB: Adding experimental query for detecting path traversal in Archive libraries
 2022-06-16 17:45:18 +02:00
Rasmus Wriedt Larsen
45af148f05 Merge pull request #9215 from RasmusWL/ruby-mad-argument-self 
Ruby: Fixes for `Argument[any,any-named]` in MaD
 2022-06-16 17:38:32 +02:00
thiggy1342
6416b8ddb9 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-16 10:20:17 -04:00
Alex Ford
c44a68613a Ruby: add a test case for ActiveRecord dynamic finder methods 2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498 Ruby: trim some SQLi related comments from ActiveRecord.rb 2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a Ruby: rename ActiveRecord.rb test case file 2022-06-16 11:29:56 +01:00
Anders Schack-Mulligen
6518a01ded Dataflow: Sync. 2022-06-16 11:25:28 +02:00
Rasmus Wriedt Larsen
24750dcc17 Ruby: Sync comment for self API graph label 2022-06-16 11:03:07 +02:00
Rasmus Wriedt Larsen
2ad4921a76 Ruby: Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2022-06-16 11:01:14 +02:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
056fa71f3e add change notes 2022-06-16 01:04:50 +00:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
Harry Maclean
311296469d Minor improvements to ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
ff0422c12d Ruby: Add rb/improper-memoization change note 2022-06-16 12:44:33 +12:00
Harry Maclean
1ac604f769 Ruby: Private import in ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
457a84006c Ruby: Narrow memo method candidates earlier 2022-06-16 12:44:33 +12:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
Alex Ford
34065f9e93 Ruby: recognize ActiveRecord find_by_x methods 2022-06-15 14:33:09 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
thiggy1342
0fce620536 Merge branch 'main' into experimental-decompression-api 2022-06-14 21:54:08 -04:00
thiggy1342
ae86e0daea spelling fix 2022-06-15 01:51:40 +00:00
thiggy1342
1bdaf529d9 fix qlformat errors 2022-06-15 01:49:48 +00:00
thiggy1342
df226ee610 remove standalone archive api query 2022-06-15 01:39:47 +00:00
thiggy1342
0832e299f2 move archive api path traversal tests to cwe-022 2022-06-15 01:39:47 +00:00
thiggy1342
a0f1c86031 add framework test 2022-06-15 01:39:47 +00:00