hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1619 Commits

Author SHA1 Message Date
Maiky
8dca585207 Expected 2023-05-23 20:04:34 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Sim4n6
90c174de4e Updated the .expected file accordingly 2023-05-23 17:36:50 +01:00
Alex Ford
9f5c73cf63 Ruby: add a test case for instantiating ActionDispatch::Request directly 2023-05-23 15:18:32 +01:00
Alex Ford
1c9e4c0f0b Ruby: test for RequestInputAccess instances in ActionDispatch 2023-05-23 15:17:38 +01:00
erik-krogh
c7e21ee9ae add really long regex as a test-case 2023-05-23 09:56:06 +02:00
Sim4n6
f7f0564e36 added one more test 2023-05-20 18:00:27 +01:00
Sim4n6
d11cb9195c Use of CGI.escapeHTML() in test samples 2023-05-20 12:57:50 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
3cdb27725a Ruby: Add more call graph tests 2023-05-15 16:02:33 +02:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Kasper Svendsen
e6ca3fe272 Ruby: Enable implicit this warnings 2023-05-10 13:03:39 +02:00
Kasper Svendsen
6b8a7c2f6f Ruby: Make implicit this receivers explicit 2023-05-10 13:03:39 +02:00
Tom Hvitved
2f95af8ef2 Ruby: Remove self edges 2023-05-08 10:26:01 +02:00
Maiky
3960853af0 CWE-089 Add Sequel SQL Injection Sink 2023-05-07 23:56:56 +02:00
Maiky
6a3d995b35 Add Mysql2 as SQL Injection Sink 2023-05-06 12:25:25 +02:00
Mathias Vorreiter Pedersen
09ba9a74ce Merge pull request #12959 from MathiasVP/identity-consistency-check 
DataFlow: Add an "identity-step" consistency check
 2023-05-05 10:03:20 +01:00
Sim4n6
1247403d43 Updated expected results file 2023-05-04 08:56:45 +01:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Mathias Vorreiter Pedersen
924854c6dc Ruby: Accept consistency changes. 2023-05-03 20:32:33 +01:00
Alex Ford
e7213e92cf Merge remote-tracking branch 'origin/main' into rb/sqlite3 2023-05-03 15:18:07 +01:00
Alex Ford
6e6eee2dab Ruby: add test case for instance variable flow with sqlite3 2023-05-03 15:16:16 +01:00
Alex Ford
82c025020d Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti 2023-05-02 16:18:41 +01:00
Alex Ford
a571bc64ac ruby: regenerate TemplateInjection.expected 2023-05-02 16:14:20 +01:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
Maiky
5d15ec99c8 Change expected file to new 2023-05-02 09:26:41 +02:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen
90f84bb516 Ruby: Update expected output. 2023-04-26 13:08:16 +02:00
Asger F
f3b14e13b2 Merge pull request #12841 from asgerf/rb/api-graph-class-nodes 
Ruby: add API node representing a module/class object
 2023-04-21 10:59:51 +02:00
Alex Ford
9dc04f30ac Ruby: model sqlite3 2023-04-20 15:47:14 +01:00
Peter Stöckli
2f268b309b Ruby: improve non-constant-kernel-open, freeze called on constant 2023-04-18 11:24:01 +02:00
Peter Stöckli
0a6bb3f7ce Ruby: improve non-constant-kernel-open, no FP's on open without arguments 2023-04-18 10:10:36 +02:00
Asger F
8c0c335daf Ruby: update test output 2023-04-17 12:47:23 +02:00
Maiky
820db43945 Add ERB Template Injection Sink 2023-04-13 17:21:31 +02:00
Asger F
c699afd07f Ruby: instantiate NetHttpRequest even if body is not accessed 2023-03-31 12:56:09 +02:00
Asger F
504a0f8112 Ruby: Add test where response body is not referenced 2023-03-31 12:55:49 +02:00
Asger F
209aebad61 Ruby: Update HttpClients.ql not assume all predicates have results 2023-03-31 11:12:45 +02:00
Arthur Baars
cd53c77e23 Merge pull request #12670 from alexrford/mergeback-rc/3.9 
Merge `rc/3.9` back into `main`
 2023-03-28 10:49:08 +02:00
Asger F
32bab0b8b2 Merge pull request #12654 from asgerf/rb/always-resolve-toplevel-namespace 
RB: always resolve toplevel namespaces to their locally qualified name
 2023-03-28 09:54:59 +02:00
Tom Hvitved
e3799adbe0 Merge pull request #12612 from hvitved/ruby/print-ast-desugar-reorder 
Ruby: Order synthetic children in PrintAST based on their index instead of location
 2023-03-28 09:13:03 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Alex Ford
181e5d588d Merge remote-tracking branch 'origin/rc/3.9' into main 2023-03-27 12:16:03 +01:00
Tom Hvitved
f8c28bee6a Ruby: Order synthetic children in PrintAST based on their index instead of location 2023-03-27 11:38:30 +02:00
Alex Ford
24aa16c919 Ruby: update rb/sensitive-get-query test output 2023-03-27 09:44:55 +01:00
Arthur Baars
9a8e138684 Ruby: also change evaluation order for scoped constants 2023-03-24 16:57:55 +01:00
Arthur Baars
a819797508 Ruby: add test case of destructured assignment with contants 2023-03-24 16:57:39 +01:00
Arthur Baars
8b90d021fa Ruby: change evaluation order of destructured assignments 2023-03-24 16:57:25 +01:00
Asger F
179d0b36cf Ruby: make up qnames for top-level namespaces 2023-03-24 13:42:51 +01:00
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Asger F
1f70c59bbc Ruby: add test with deep unresolved classes 2023-03-23 13:36:14 +01:00