hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
Michael Nebel
915042a881 Minor cleanup and sync files. 2023-05-26 12:25:00 +02:00
Michael Nebel
58fcbc136c Ruby: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
Sim4n6
52dd247a81 Removed redundant cast 2023-05-25 11:55:13 +01:00
Sim4n6
7d68f6afc9 added ActiveSupport::Multibyte::Chars normalize() sink 2023-05-25 09:21:55 +01:00
Sim4n6
d772bb213a Added three more Unicode Normalization sinks 2023-05-25 03:10:00 +01:00
Maiky
40450a2792 typo 2023-05-24 17:02:48 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Tom Hvitved
13ada1e6ad Ruby: Remove canonical return nodes 2023-05-24 11:11:50 +02:00
Tom Hvitved
deee314370 Python/Ruby: Optimize join-order in TypeTracker::[small]step 2023-05-24 11:11:07 +02:00
Tom Hvitved
05f3934042 Merge pull request #13251 from hvitved/ruby/call-graph-self-param 
Ruby: Include both `self` parameters and SSA definitions in call graph construction
 2023-05-24 11:10:34 +02:00
Asger F
818753e922 Merge pull request #13265 from asgerf/rb/delete-name-clash 
Ruby: fix some name clashes between summarized callables
 2023-05-24 11:08:56 +02:00
Tom Hvitved
b486a4d52c Merge pull request #13255 from hvitved/ruby/ssa-param-capture-input 
Ruby: Include underlying SSA parameter definition in `localFlowSsaParamCaptureInput`
 2023-05-24 10:40:54 +02:00
Maiky
27c1e47ece Update ruby/ql/lib/change-notes/2023-05-06-pg.md 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-05-24 01:44:51 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Asger F
0592c8ba99 Ruby: avoid name clash for "assoc" summary 2023-05-23 17:34:19 +02:00
Asger F
50a7b21928 Ruby: fix a name clash for summaries called "delete" 2023-05-23 16:49:17 +02:00
Alex Ford
9ccfec0571 Ruby: move actiondispatch components to an internal subdirectory 2023-05-23 15:26:52 +01:00
Alex Ford
c2f5bacc47 Ruby: consider more calls to e.g. ActionDispatch::Request#params as remote input sources 2023-05-23 14:50:16 +01:00
Alex Ford
27729af088 Ruby: move ActionDispatch::Request logic out of ActionController.qll 2023-05-23 14:49:57 +01:00
Alex Ford
9b4914c3f6 Ruby: split ActionDispatch modelling into multiple component files 2023-05-23 14:48:45 +01:00
Tom Hvitved
eaa84cb819 Ruby: Include underlying SSA parameter definition in localFlowSsaParamCaptureInput 2023-05-23 13:56:29 +02:00
Tom Hvitved
349de77474 Ruby: Include both self parameters and SSA definitions in call graph construction 2023-05-23 12:28:06 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Arthur Baars
bec2b7fef9 QL/Ruby: update dbscheme stats 2023-05-22 19:37:58 +02:00
Arthur Baars
294cc930e6 Ruby: add upgrade/downgrade scripts 2023-05-22 19:37:51 +02:00
Arthur Baars
d2bc66e393 QL: switch to shared YAML extractor 2023-05-22 19:28:59 +02:00
Arthur Baars
9f83dd5c7a Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme' 2023-05-22 19:28:51 +02:00
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Sim4n6
97e8e0bd8e Add String Manipulation Method Calls & CGI.escapeHTML() support 2023-05-21 11:52:29 +01:00
Sim4n6
ad754f1385 use of all normalization forms without the ":" prefix 2023-05-20 17:59:08 +01:00
Sim4n6
957023ec44 nfd and nfkd are considered 2023-05-20 12:51:24 +01:00
Sim4n6
eb7e1de65b Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:43:05 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
9dede31c0d Merge pull request #13077 from hvitved/ruby/track-regexp-improvements 
Ruby: Improvements to `RegExpTracking`
 2023-05-15 16:02:00 +02:00
Maiky
3c00235375 Add SqlSanitization to Concepts and turn private 2023-05-15 15:56:52 +02:00
Maiky
f46620c455 Var only used in one side of disjunct 2023-05-15 15:09:44 +02:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Tom Hvitved
425ebba278 Address review comments 2023-05-10 14:04:41 +02:00
Kasper Svendsen
e6ca3fe272 Ruby: Enable implicit this warnings 2023-05-10 13:03:39 +02:00
Kasper Svendsen
6b8a7c2f6f Ruby: Make implicit this receivers explicit 2023-05-10 13:03:39 +02:00
Tom Hvitved
51087d090b Address review comments 2023-05-10 09:42:41 +02:00
Tom Hvitved
60b0f25a9a Ruby: Improvements to RegExpTracking 2023-05-10 09:35:59 +02:00
Calum Grant
3d713ed4a9 Merge pull request #13067 from hvitved/ruby/no-self-flow 
Ruby: Remove local identity flow steps
 2023-05-09 09:33:35 +01:00
Michael Nebel
4ac0396b67 Go/Python/Ruby/Swift: Sync files and make dummy implementation. 2023-05-08 16:18:59 +02:00