codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00

Author	SHA1	Message	Date
erik-krogh	4ae25c2d34	don't mention arrays in the qhelp for rb/shell-command-constructed-from-input, because there are no array	2024-04-10 14:26:00 +02:00
Joe Farebrother	976ca48317	Review suggestions - rename sink class and add barrier out	2024-04-10 10:17:19 +01:00
Tom Hvitved	6c9a0e4a9a	Merge pull request #16154 from hvitved/ruby/redundant-implicit-read Ruby: Remove two redundant `allowImplicitRead` predicates	2024-04-09 15:38:05 +02:00
Asger F	f5355cfa98	Dynamic: Sync ApiGraphModels.qll	2024-04-09 14:37:20 +02:00
Tom Hvitved	5f8eb7b138	Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`	2024-04-09 11:26:24 +02:00
Tom Hvitved	e6984aa865	Ruby: Remove two redundant `allowImplicitRead` predicates	2024-04-09 10:10:25 +02:00
erik-krogh	642a134035	add tests for the fixes in the qhelp, and fix an FP that appeared	2024-04-08 12:00:27 +02:00
erik-krogh	59c72b683c	update the url-redirect QHelp	2024-04-08 12:00:27 +02:00
Tom Hvitved	aa24c29395	Merge pull request #16122 from hvitved/ruby/cfg-may-raise-issue Ruby: Fix CFG for nodes that may raise	2024-04-08 11:20:49 +02:00
Erik Krogh Kristensen	0cfac605bd	Merge pull request #16100 from erik-krogh/fix-js-rb-typo RB: fix language specifier typo in qhelp for rb/multi-char-san	2024-04-04 15:42:45 +02:00
Tom Hvitved	ce3b359813	Ruby: Fix CFG for nodes that may raise	2024-04-04 13:27:29 +02:00
Tom Hvitved	6d2d9654b5	Ruby: Add CFG test	2024-04-04 13:27:29 +02:00
Tom Hvitved	c2d771b334	Ruby: Reduce alerts produced by `MassAssignment.ql`	2024-04-03 19:58:51 +02:00
Tom Hvitved	3c96bf6b22	Fix bad join	2024-04-03 19:41:37 +02:00
Erik Krogh Kristensen	35f61d9de4	Merge pull request #16107 from erik-krogh/fix-log-injection-typo RB: Tiny fixes to log-injection QHelp	2024-04-03 18:29:37 +02:00
Tom Hvitved	2d4cf55c87	Merge pull request #15985 from hvitved/ruby/phi-barrier-guards Ruby: Extend barrier guards to handle phi inputs	2024-04-03 15:22:39 +02:00
Tom Hvitved	7871fb8ce6	Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`	2024-04-03 15:19:34 +02:00
Tom Hvitved	137594cf36	Ruby: Add regression test	2024-04-03 15:19:34 +02:00
erik-krogh	ec32bdce63	fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines	2024-04-03 09:19:18 +02:00
erik-krogh	572d3ba542	fix language specifier typo in qhelp for rb/multi-char-san	2024-04-02 19:40:46 +02:00
Harry Maclean	409f46ef7b	Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled Ruby: Add a query for CSRF protection not enabled	2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen	332c1e3b8a	Merge pull request #16026 from erik-krogh/htmlSafeSan RB: Add barrier guard for `.html_safe?` to the XSS queries	2024-04-02 07:54:19 +02:00
github-actions[bot]	8e61c6625b	Post-release preparation for codeql-cli-2.17.0	2024-04-01 15:27:42 +00:00
github-actions[bot]	ec97d9a304	Release preparation for version 2.17.0	2024-04-01 13:46:57 +00:00
Henry Mercer	0646744928	Merge branch 'main' into henrymercer/merge-back-rc-3.13	2024-03-26 12:59:12 +00:00
github-actions[bot]	f67b5f9158	Post-release preparation for codeql-cli-2.16.6	2024-03-25 18:17:15 +00:00
github-actions[bot]	71ab804274	Release preparation for version 2.16.6	2024-03-25 16:58:08 +00:00
Joe Farebrother	fb19288981	Address review comments - Fix docs typo and add a reference	2024-03-25 15:46:45 +00:00
erik-krogh	051120e958	add qldoc for `ReflectedXssSanitizers`	2024-03-22 17:58:25 +01:00
erik-krogh	c60cec36d4	add calls to `.html_safe?` as a shared XSS sanitizer	2024-03-22 17:46:39 +01:00
Joe Farebrother	592acb94d2	Add missing .s to qldoc	2024-03-22 15:28:34 +00:00
Joe Farebrother	a6ee19ca2d	Fix query id	2024-03-22 14:36:47 +00:00
Joe Farebrother	01f712476b	Add change note and update severity	2024-03-22 14:07:11 +00:00
Joe Farebrother	b74145349b	Add test cases	2024-03-22 14:07:11 +00:00
Joe Farebrother	507a6102a2	Reorganise into Custimizations file + add some more sinks on ActiveRecord methods	2024-03-22 14:07:04 +00:00
Joe Farebrother	a8aac318d0	Add qhelp	2024-03-22 14:04:52 +00:00
Joe Farebrother	89838981b7	Add test cases	2024-03-22 14:04:52 +00:00
Joe Farebrother	0f45a53adc	Add mass assignment query	2024-03-22 14:04:52 +00:00
Arthur Baars	c219b1a3c7	Merge pull request #16013 from github/rc/3.13 Merge rc/3.13 into main	2024-03-21 16:04:58 +01:00
Henry Mercer	4e3a6e2140	Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry Show lines of code data in debug mode only	2024-03-21 12:20:09 +00:00
Henry Mercer	a76832f4e0	Mark LOC queries as `debug` instead	2024-03-20 21:18:55 +00:00
Tom Hvitved	8f56edea80	Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table Tree-sitter: Split up `ast_node_info` table into two tables	2024-03-20 20:38:18 +01:00
erik-krogh	db3bf0e482	use the sanitizers from ReflectedXSS in unsafe-html-construction	2024-03-20 10:11:07 +01:00
Tom Hvitved	90779f4413	Ruby: Extend barrier guards to handle phi inputs	2024-03-20 10:02:20 +01:00
Tom Hvitved	0f0acc0428	Ruby: Add barrier guard flow tests	2024-03-20 09:25:20 +01:00
Dave Bartolomeo	311ba8ea1b	Merge from `main` to resolve conflicts	2024-03-19 10:41:31 -04:00
Harry Maclean	219cd4e415	Merge pull request #14426 from hmac/hmac-ar-scopes Ruby: Track flow into ActiveRecord scopes	2024-03-19 14:19:14 +00:00
Harry Maclean	7e479e3c8e	Ruby: Fix Hash#keys flow summary	2024-03-19 13:47:45 +00:00
Harry Maclean	22ddf2129b	Ruby: remove isString from TSymbol	2024-03-19 12:27:34 +00:00
Tom Hvitved	865026f22b	Ruby: Add up/downgrade scripts (sigh)	2024-03-19 13:04:12 +01:00

... 7 8 9 10 11 ...

4731 Commits