hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1619 Commits

Author SHA1 Message Date
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
thiggy1342
b171883cd0 Merge branch 'main' into experimental-decompression-api 2022-06-17 12:30:38 -04:00
Rasmus Wriedt Larsen
b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Alex Ford
5923eb4962 Merge pull request #9566 from alexrford/ruby/activerecord-findby-dynamic 
Ruby: recognize ActiveRecord `find_by_x` methods
 2022-06-17 09:39:46 +01:00
Harry Maclean
230192df3b Merge pull request #9267 from hmac/hmac/improper-memoization 
Ruby: Add Improper Memoization query
 2022-06-17 16:31:55 +12:00
thiggy1342
7c2b19baad tweaks and add Zip::File.open_buffer to query 2022-06-17 02:43:54 +00:00
thiggy1342
01cb408393 Merge branch 'main' into experimental-decompression-api 2022-06-16 17:23:55 -04:00
Arthur Baars
e95194ce67 Merge pull request #9477 from thiggy1342/experimental-archive-api 
RB: Adding experimental query for detecting path traversal in Archive libraries
 2022-06-16 17:45:18 +02:00
Rasmus Wriedt Larsen
45af148f05 Merge pull request #9215 from RasmusWL/ruby-mad-argument-self 
Ruby: Fixes for `Argument[any,any-named]` in MaD
 2022-06-16 17:38:32 +02:00
Alex Ford
c44a68613a Ruby: add a test case for ActiveRecord dynamic finder methods 2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498 Ruby: trim some SQLi related comments from ActiveRecord.rb 2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a Ruby: rename ActiveRecord.rb test case file 2022-06-16 11:29:56 +01:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
thiggy1342
0fce620536 Merge branch 'main' into experimental-decompression-api 2022-06-14 21:54:08 -04:00
thiggy1342
1bdaf529d9 fix qlformat errors 2022-06-15 01:49:48 +00:00
thiggy1342
df226ee610 remove standalone archive api query 2022-06-15 01:39:47 +00:00
thiggy1342
0832e299f2 move archive api path traversal tests to cwe-022 2022-06-15 01:39:47 +00:00
thiggy1342
a0f1c86031 add framework test 2022-06-15 01:39:47 +00:00
thiggy1342
af6fbd439c Merge branch 'main' into experimental-archive-api 2022-06-14 20:09:02 -04:00
thiggy1342
6bef71ea2c tweaks to tests 2022-06-14 02:17:12 +00:00
thiggy1342
7bdec98e6f draft tests 2022-06-14 02:13:15 +00:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
thiggy1342
c7e67eb2e2 expand test coverage for sanitizers 2022-06-10 21:30:41 +00:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
thiggy1342
62291124ff remove constraint for Zip::File.open 2022-06-06 21:20:44 +00:00
thiggy1342
3c62271dba fix casing of Api 2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8 add archive api file open query and test 2022-06-06 21:09:57 +00:00
thiggy1342
c5db11ee2e use select placeholder correctly 2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07 Fix test syntax for sanitizer tests 2022-06-04 16:33:18 +00:00
thiggy1342
c5dc8779d1 Increased query robustness and test coverage 2022-06-03 18:05:56 +00:00
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
thiggy1342
09f082081f Simple tests passing 2022-05-28 23:29:58 +00:00
thiggy1342
39baadbdd2 test ql packs must be in the security directory 2022-05-28 23:19:32 +00:00
Adam Thigpen
52ac93b82e adding skeleton for experimental unit tests 2022-05-28 15:14:42 -04:00
Alex Ford
5d4473bb2a Merge pull request #8845 from alexrford/ruby/rbi-lib 
Ruby: Add partial support for working with RBI (Ruby Interface) files
 2022-05-27 11:43:44 +01:00
Alex Ford
919555d168 Merge pull request #9341 from alexrford/ruby/activerecordinstance-public 
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
 2022-05-27 11:21:58 +01:00
Arthur Baars
e3ef258b0e Merge pull request #9287 from aibaars/instance-variable-flow-2 
Ruby: flow through getters/setters
 2022-05-27 10:49:20 +02:00
Alex Ford
4e0e4f9b5b Ruby: make ActiveRecordInstance public 2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f Ruby: fix some misidentification of ActiveRecordModelInstantiations 2022-05-26 17:54:01 +01:00
Harry Maclean
c80a06a6d8 Ruby: Simplify posix-spawn modeling 2022-05-26 14:29:04 +01:00
Harry Maclean
ee827604f7 Ruby: Model the posix-spawn gem 
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
 2022-05-26 14:16:08 +01:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00