hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
erik-krogh
642a134035 add tests for the fixes in the qhelp, and fix an FP that appeared 2024-04-08 12:00:27 +02:00
Tom Hvitved
ce3b359813 Ruby: Fix CFG for nodes that may raise 2024-04-04 13:27:29 +02:00
Tom Hvitved
c2d771b334 Ruby: Reduce alerts produced by MassAssignment.ql 2024-04-03 19:58:51 +02:00
Tom Hvitved
3c96bf6b22 Fix bad join 2024-04-03 19:41:37 +02:00
Tom Hvitved
2d4cf55c87 Merge pull request #15985 from hvitved/ruby/phi-barrier-guards 
Ruby: Extend barrier guards to handle phi inputs
 2024-04-03 15:22:39 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen
332c1e3b8a Merge pull request #16026 from erik-krogh/htmlSafeSan 
RB: Add barrier guard for `.html_safe?` to the XSS queries
 2024-04-02 07:54:19 +02:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Joe Farebrother
592acb94d2 Add missing .s to qldoc 2024-03-22 15:28:34 +00:00
Joe Farebrother
b74145349b Add test cases 2024-03-22 14:07:11 +00:00
Joe Farebrother
507a6102a2 Reorganise into Custimizations file + add some more sinks on ActiveRecord methods 2024-03-22 14:07:04 +00:00
Joe Farebrother
0f45a53adc Add mass assignment query 2024-03-22 14:04:52 +00:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Tom Hvitved
8f56edea80 Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table 
Tree-sitter: Split up `ast_node_info` table into two tables
 2024-03-20 20:38:18 +01:00
erik-krogh
db3bf0e482 use the sanitizers from ReflectedXSS in unsafe-html-construction 2024-03-20 10:11:07 +01:00
Tom Hvitved
90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Harry Maclean
219cd4e415 Merge pull request #14426 from hmac/hmac-ar-scopes 
Ruby: Track flow into ActiveRecord scopes
 2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e Ruby: Fix Hash#keys flow summary 2024-03-19 13:47:45 +00:00
Harry Maclean
22ddf2129b Ruby: remove isString from TSymbol 2024-03-19 12:27:34 +00:00
Tom Hvitved
865026f22b Ruby: Add up/downgrade scripts (sigh) 2024-03-19 13:04:12 +01:00
Tom Hvitved
72ff494739 Ruby: Regenerate dbscheme and stats 2024-03-19 13:04:07 +01:00
Harry Maclean
dde148ee7e Ruby: add changenote 2024-03-19 08:40:30 +00:00
Harry Maclean
32b80f8cb1 Ruby: Add tests for hash flow 2024-03-19 08:38:14 +00:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Harry Maclean
187a68bf76 Ruby: Add flow summary for Hash#keys 2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a Ruby: Taint flow to second block param in map 
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
 2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4 Merge pull request #15907 from joefarebrother/ruby-uploaded-file 
Ruby: Model ActiveDispatch::Http::UploadedFile
 2024-03-18 14:02:33 +00:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
Joe Farebrother
8c5fff2d11 Update names and qldoc for params taint predicates 2024-03-15 14:43:29 +00:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919 Model additional string attributes 2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca Model UploadedFile original_filename and read 2024-03-14 22:25:35 +00:00
Tom Hvitved
4085c8ec8f Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit 
Ruby: Lower access path limit to 1 for `OrmTracking`
 2024-03-13 10:57:09 +01:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tom Hvitved
695e728ed5 Ruby: Lower access path limit to 1 for OrmTracking 2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Tom Hvitved
4291290277 Ruby: Implement new data flow interface 2024-03-11 20:56:38 +01:00
Joe Farebrother
9c51514bd9 Merge pull request #15857 from joefarebrother/ruby-activerecord-from 
Ruby: Model second argument of `ActiveRecord` `from`
 2024-03-11 16:49:52 +00:00