hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

4731 Commits

Author SHA1 Message Date
Tom Hvitved
4ae8720930 SSA: Add BasicBlock.{getNode/1,length/0} to the input signature 2024-07-03 11:32:35 +02:00
Tom Hvitved
8e8100fd34 Merge pull request #16887 from hvitved/ruby/local-flow-missing-steps 
Ruby: Add missing local flow steps
 2024-07-02 15:43:52 +02:00
Tom Hvitved
19e910e1b5 Merge pull request #16801 from hvitved/ruby/element-reference-block 
Ruby: Handle element references with blocks
 2024-07-02 13:08:31 +02:00
Tom Hvitved
7fdc09c17f Ruby: Add missing local flow steps 2024-07-01 19:46:40 +02:00
Arthur Baars
b12b33c8f9 Merge remote-tracking branch 'upstream/main' into 'rc/3.14' 2024-06-28 19:50:35 +02:00
Tom Hvitved
25daaf9d47 Ruby: Add change note 2024-06-25 10:00:01 +02:00
github-actions[bot]
fd385736e6 Post-release preparation for codeql-cli-2.17.6 2024-06-25 06:39:45 +00:00
github-actions[bot]
e32a587078 Release preparation for version 2.17.6 2024-06-24 14:33:10 +00:00
Anders Schack-Mulligen
8c23e21073 Dataflow: Cache compatibleTypes. 2024-06-24 13:35:48 +02:00
Jonathan Leitschuh
1728e5dfd5 Align Ruby NonConstantKernelOpen.ql Severity 
Align severity with other command injection vulnerabilities:

 - 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:27:47 -04:00
Tom Hvitved
a8758c0160 Ruby: Handle element references with blocks 2024-06-21 12:04:55 +02:00
Tom Hvitved
d7ce2be040 Ruby: Up/downgrade scripts 2024-06-21 12:04:53 +02:00
Tom Hvitved
21c9f33419 Ruby: Bump tree-sitter-ruby 2024-06-21 10:17:59 +02:00
Tom Hvitved
8ea4f85de3 Ruby: Rework Sinatra.FilterJumpStep 2024-06-21 08:57:59 +02:00
Tom Hvitved
95c764eff6 Fix Sinatra test to properly output pathgraph 2024-06-21 08:57:19 +02:00
Alex Ford
51f3f15e42 Ruby: remove outdated test comment 2024-06-18 17:51:49 +01:00
Alex Ford
d79a253c20 Ruby: remove unused import 2024-06-18 17:49:14 +01:00
Alex Ford
7380e29774 Ruby: changenote for rb/weak-sensitive-data-hashing 2024-06-18 17:48:51 +01:00
Alex Ford
d994959720 Ruby: add tests for rb/weak-sensitive-data-hashing 2024-06-18 17:47:32 +01:00
Alex Ford
81ec6861f9 Ruby: fix some SensitiveDataSource definitions 2024-06-18 17:46:52 +01:00
Alex Ford
f217de9623 Ruby: Move SensitiveDataSource logic into a private module 2024-06-18 16:58:30 +01:00
Alex Ford
6a46fb54c5 Ruby: Add SensitiveDataSource abstract class 2024-06-18 12:11:28 +01:00
Alex Ford
6c3d90e8a0 Merge pull request #16650 from alexrford/rb/routing-improvements 
Ruby: ActionDispatch - support `path => target` route format
 2024-06-18 11:17:05 +01:00
Joe Farebrother
eee7f5a896 Use a combined regex for performance 2024-06-17 22:21:33 +01:00
Alex Ford
f017821062 Ruby: rb/weak-sensitive-data-hashing qhelp 2024-06-17 15:29:53 +01:00
Alex Ford
d4203d9286 Ruby: minimal port of py/weak-sensitive-data-hashing 2024-06-17 15:27:00 +01:00
Joe Farebrother
90d6f2ece3 Factor out nameIndicatesRelevantSensitiveData 2024-06-12 15:11:47 +01:00
Tom Hvitved
605fe54a06 Ruby: Remove two Cartesian products 2024-06-12 15:11:43 +01:00
Joe Farebrother
5f08371f19 Add change note 2024-06-12 15:11:39 +01:00
Joe Farebrother
07f03be8cc Add unit tests 2024-06-12 15:11:35 +01:00
Joe Farebrother
b0c03f6d68 Allow implicit read steps on sinks 2024-06-12 15:11:32 +01:00
Joe Farebrother
8b51ee8fe8 Use additional sensitive data heuristics in CleartextSources 2024-06-12 15:11:27 +01:00
Arthur Baars
4ee80653e2 Merge pull request #16471 from Sim4n6/ruby-UBV 
Ruby: Add some method calls as a Source
 2024-06-12 12:42:08 +02:00
Mathias Vorreiter Pedersen
3351b9547d Merge branch 'rc/3.14' into rc-3.14-mergeback 2024-06-11 16:21:08 +01:00
github-actions[bot]
8a25081a0e Post-release preparation for codeql-cli-2.17.5 2024-06-10 15:33:08 +00:00
Cornelius Riemenschneider
092bc6445d Rust/bazel: Port to bzlmod. 
This gets rid of our last workspace dependency.
In particular, this change also gets rid of the checked-in extra
lock files that took forever to generate.
 2024-06-10 17:03:58 +02:00
github-actions[bot]
877bfa2468 Release preparation for version 2.17.5 2024-06-10 13:40:39 +00:00
Sim4n6
7c0ce6486b Rerun the test learn 2024-06-10 12:21:10 +01:00
Anders Schack-Mulligen
5d51b5b97b Ruby: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:47:48 +02:00
Tom Hvitved
eae6406629 Merge pull request #16687 from hvitved/ruby/bump-ts-grammar 
Ruby: Bump tree-sitter grammar
 2024-06-06 17:44:18 +02:00
Asger F
6e0f3df573 Merge pull request #14120 from asgerf/dynamic/typemodel-istypeused 
Dynamic: add TypeModel.isTypeUsed
 2024-06-06 15:31:16 +02:00
Tom Hvitved
523139259a Ruby: Update cargo-bazel-lock.json 2024-06-06 10:46:01 +02:00
Tom Hvitved
7122db0c45 Ruby: Bump tree-sitter grammar 2024-06-06 10:31:16 +02:00
Tom Hvitved
421c68a263 Merge pull request #16663 from hvitved/ruby/extraction-error-consistency 
Ruby: Add consistency query for extraction errors
 2024-06-06 10:29:56 +02:00
Sim4n6
dabc33bf66 simplify UnicodeBypassValidationQuery code 2024-06-05 22:45:49 +01:00
Sim4n6
7dcbbbac91 Refactor UnicodeBypassValidationQuery to remove unnecessary code 2024-06-05 13:05:34 +01:00
Tom Hvitved
e42de3de6f Ruby: Fix extraction errors 2024-06-04 14:54:02 +02:00
Tom Hvitved
ad99158838 Ruby: Fix/accept extraction errors 2024-06-04 12:55:44 +02:00
Tom Hvitved
858c7cead2 Ruby: Add consistency query for extraction errors 2024-06-04 12:55:42 +02:00
Cornelius Riemenschneider
63116d2779 Merge pull request #16656 from github/criemen/pkg-javascript 
Javascript: use `codeql_pack` for javascript extractor
 2024-06-04 11:58:45 +02:00