hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1619 Commits

Author SHA1 Message Date
Asger F
8cb4f230d8 Merge branch 'main' into rb/fix-spurious-singleton-calls 2022-10-14 15:52:38 +02:00
Asger F
1bd3d29409 Ruby: workaround issue with 'def self.method' in a block 2022-10-14 15:07:33 +02:00
Asger F
17a246b321 Ruby: more uninteresting test updates 2022-10-14 13:59:52 +02:00
erik-krogh
7c76645157 add model for the core OpenSSL::Digest module 2022-10-14 13:25:34 +02:00
erik-krogh
e2476949b9 add model for the core Digest module 2022-10-14 12:49:37 +02:00
Asger F
8228730634 Ruby: fix regression for methods in singleton classes 2022-10-14 11:57:35 +02:00
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Asger F
30f7380f74 Ruby: Add regression test for lost calls 2022-10-14 11:49:55 +02:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Asger F
a06cc30f05 Ruby: fix some more spurious call edges 2022-10-14 10:11:22 +02:00
Asger F
b1dadc224c Ruby: uninteresting test output update 2022-10-14 10:10:39 +02:00
Asger F
ae71828fc4 Ruby: add more tests for singleton up/down calls 2022-10-14 10:09:59 +02:00
Asger F
789f591de4 Ruby: add another spurious call edge test 2022-10-14 10:09:57 +02:00
Asger F
1476efbe2c Ruby: restrict to a use of 'self' in singleton methods 2022-10-14 10:09:11 +02:00
Asger F
329ab9156a Ruby: add test showing spurious call 2022-10-14 10:07:34 +02:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Harry Maclean
e6dc27a7b5 Add content_mime_type, fix env/filtered_env 2022-10-14 19:49:22 +13:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Alex Ford
594812640e Merge pull request #10746 from alexrford/ruby/activejob-deserialize 
Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink
 2022-10-13 15:36:45 +01:00
Erik Krogh Kristensen
3a1a94b8af Merge pull request #10798 from erik-krogh/matchCaseReg 
Rb: add case-when expressions as a sink to rb/polynomial-redos
 2022-10-13 13:55:42 +02:00
Alex Ford
a65850e922 Merge pull request #10784 from alexrford/ruby/pathname-existence 
Ruby: model `Pathname#existence` extension from `ActiveSupport`
 2022-10-13 11:38:22 +01:00
erik-krogh
3a3a5aa17c add case-in as a sink for polynomial-redos 2022-10-13 12:36:07 +02:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
Harry Maclean
ad464abde2 Ruby: Model more params accesses 2022-10-13 13:24:16 +13:00
erik-krogh
66b3fe3425 add case-when expressions as a sink to rb/polynomial-redos 2022-10-12 19:57:01 +02:00
Alex Ford
0536d4b540 Merge branch 'main' into ruby/activejob-deserialize 2022-10-12 15:04:12 +01:00
Asger F
83464d48a9 Merge pull request #10773 from asgerf/rb/bugfix-singleton-class-resolution 
Ruby: bugfix in type-tracking singleton class resolution
 2022-10-12 13:45:16 +02:00
Nick Rolfe
39107047bf Merge pull request #10735 from github/nickrolfe/actionmailer 
Ruby: add `ActionMailer#params` as a `RemoteFlowSource`
 2022-10-12 10:21:11 +01:00
Alex Ford
d3c8ce3f48 Ruby: ActiveSupport extends Pathname with an existence method that may return itself 2022-10-11 21:35:58 +01:00
Asger F
ed165c6194 Ruby: bugfix in self-resolution in type-tracking 2022-10-11 18:53:20 +02:00
Asger F
a64286b664 Ruby: add test for singleton class instance field 
incorrect test output
 2022-10-11 18:53:20 +02:00
Alex Ford
3d08a2954d Ruby: add rb/unsafe-deserialization sinks for const_get args 2022-10-11 15:45:51 +01:00
Alex Ford
a3f096a6bc Ruby: rb/unsafe-deserialization test realignment 2022-10-11 15:44:00 +01:00
Asger F
02656b16c3 Merge pull request #10685 from asgerf/rb/splat-and-local-field-step 
Ruby: summarize unary splat operators and add local field step
 2022-10-11 13:28:58 +02:00
erik-krogh
557dd10896 add a rb/unsafe-shell-command-construction query 2022-10-11 13:26:01 +02:00
erik-krogh
99b90789e5 add .shellescape as a sanitizer for rb/command-injection 2022-10-11 13:05:19 +02:00
erik-krogh
b16b3c0394 move cwe-078 tests into subfolders 2022-10-11 13:05:19 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
erik-krogh
186205bd4b add a test for explicit shell invocations using Kernel.open 2022-10-11 09:23:29 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Asger F
6daa1c432b Ruby: update test output 2022-10-11 09:03:51 +02:00
Asger F
d55925d8d4 Ruby: support splat type-tracking step 2022-10-11 09:03:51 +02:00
Nick Rolfe
d61f0559a0 Ruby: add ActionMailer#params as a RemoteFlowSource 2022-10-10 10:23:48 +01:00
Alex Ford
ee77404006 Ruby: Add ActiveJob::Serializers.deserialize as a code execution sink 2022-10-09 22:28:22 +01:00