Harry Maclean
6eeb711988
Ruby: Add AdditionalJumpStep class
2023-02-21 19:26:36 +13:00
Arthur Baars
f71c3301b3
Ruby: address review comment
2023-02-20 14:32:24 +01:00
Arthur Baars
6fd836d3a9
Ruby: improve wording of error messages
2023-02-20 14:32:02 +01:00
Alex Ford
774030a8db
Merge pull request #12083 from pwntester/ruby_twirp_support
...
[Ruby] Add support for Twirp framework
2023-02-20 13:16:52 +00:00
Michael Nebel
813ffa440c
Java: Consider ai-generated flow summaries to as generated summaries in dataflow.
2023-02-20 12:11:48 +01:00
Tom Hvitved
658cc33bb8
Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line
...
Util: Use end line instead of start line for actual results
2023-02-20 11:41:02 +01:00
Tom Hvitved
879eff41ea
Merge branch 'main' into util/inline-expect-test-use-end-line
2023-02-20 10:03:38 +01:00
Harry Maclean
4e07fd3eb1
Ruby: Model ApplicationController.renderer
2023-02-19 13:37:27 +13:00
gregxsunday
fe97d2a05d
fix file formatting
2023-02-17 14:01:28 +00:00
Grzegorz Niedziela
9d8c117c61
added QLDocs for ZipSlip module
2023-02-17 12:57:35 +00:00
Grzegorz Niedziela
815b5a0312
add changelog file
2023-02-17 12:50:10 +00:00
Grzegorz Niedziela
c03ba2cc13
fix docs references
2023-02-17 12:50:01 +00:00
Grzegorz Niedziela
652c7ff1ed
Push Sanitizer definition to ZipSlipCustomization.qll
2023-02-17 12:49:31 +00:00
Grzegorz Niedziela
8bbbb95a87
Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll
2023-02-17 12:49:04 +00:00
Tom Hvitved
e9bce9f8cd
Ruby: Update test expectations
2023-02-17 13:22:28 +01:00
Arthur Baars
51f34eb3e9
Ruby: diagnostics: add support for markdown messages
2023-02-17 12:01:41 +01:00
github-actions[bot]
8eb8daa4d4
Post-release preparation for codeql-cli-2.12.3
2023-02-16 17:23:25 +00:00
Arthur Baars
006ee5aad9
Ruby: improve encoding related messages
2023-02-16 13:12:55 +01:00
github-actions[bot]
b0315119c6
Release preparation for version 2.12.3
2023-02-16 11:49:06 +00:00
gregxsunday
d1aaa9ad86
Add ZipSlip/TarSlip query for ruby
2023-02-16 11:24:15 +00:00
Alex Ford
74782bf6a2
Merge branch 'main' into ruby_twirp_support
2023-02-15 17:15:08 +00:00
Alex Ford
1556b1a728
Merge branch 'main' into js-use-shared-cryptography
2023-02-15 17:13:53 +00:00
Alex Ford
801ed1ce7c
Ruby: add Twirp.expected
2023-02-15 17:05:33 +00:00
Alex Ford
43af306d60
dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()
2023-02-15 16:55:18 +00:00
Alex Ford
d4d0b91085
dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate
2023-02-15 16:23:46 +00:00
Alex Ford
c7aaad9ed0
JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby
2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen
c72dbc49fc
Merge pull request #12165 from RasmusWL/crypto-updates
...
Python/Ruby/JS Crypto: Add a few algorithms + block modes
2023-02-15 14:35:40 +01:00
erik-krogh
17f7ba2a8f
rewrite the taint-step for join() to a flowsummary
2023-02-15 12:34:59 +01:00
erik-krogh
d2bd70dc33
Merge branch 'main' into more-shell-taint
2023-02-15 11:35:58 +01:00
Harry Maclean
fb14920281
Merge pull request #12056 from hmac/test-refactor
2023-02-15 17:34:25 +13:00
Alvaro Muñoz
4644a88b89
address code review comments
2023-02-14 14:27:17 +01:00
Tom Hvitved
2113c3c3d9
Ruby: Remove NumberUtils.qll
2023-02-13 15:59:50 +01:00
Rasmus Wriedt Larsen
39e50f745d
Ruby: Fix .expected for CryptoAlgorithms
2023-02-13 14:21:12 +01:00
Anders Schack-Mulligen
e877b161d8
Merge pull request #12124 from hvitved/dataflow/stage1-dispatch
...
Data flow: Call context virtual dispatch pruning in stage 1
2023-02-13 13:13:43 +01:00
Arthur Baars
457a2bb2a2
Merge pull request #12093 from aibaars/oneline-match
...
Ruby: add support for one-line pattern matches
2023-02-13 12:38:28 +01:00
Erik Krogh Kristensen
2f404df17c
Merge pull request #10782 from erik-krogh/rbPoly
...
Ruby: add library input as a source for `rb/polynomial-redos`
2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen
26d5fb2412
Merge pull request #11824 from erik-krogh/secondMissAnchor
...
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
2023-02-13 11:26:05 +01:00
erik-krogh
634087b417
Merge branch 'main' into rbPoly
2023-02-13 10:46:00 +01:00
Rasmus Wriedt Larsen
5235964b07
sync files
2023-02-13 10:44:12 +01:00
Tom Hvitved
0b8173e2e7
Ruby: Add another data flow test
2023-02-13 09:50:50 +01:00
Tom Hvitved
f7a5a33474
Address review comment
2023-02-13 09:01:15 +01:00
Arthur Baars
ecbd768df4
Ruby: reduce number of diagnostic messages with the status_page flag
...
For now we only report real parse errors and character encoding errors. Warnings about
unexpected or missing nodes in the AST are not reported. These are typically side effects
of earlier parse errors.
2023-02-10 18:53:46 +01:00
Arthur Baars
679f02c274
Address comments
2023-02-10 18:08:30 +01:00
Arthur Baars
07947e6528
Address comments
2023-02-09 12:02:14 +01:00
dependabot[bot]
bd98ae0dcc
build(deps): bump serde_json from 1.0.91 to 1.0.93 in /ruby
...
Bumps [serde_json](https://github.com/serde-rs/json ) from 1.0.91 to 1.0.93.
- [Release notes](https://github.com/serde-rs/json/releases )
- [Commits](https://github.com/serde-rs/json/compare/v1.0.91...v1.0.93 )
---
updated-dependencies:
- dependency-name: serde_json
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-09 08:13:18 +00:00
Erik Krogh Kristensen
3ebac65167
apply change-note suggestions from doc review
...
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com >
2023-02-08 14:55:54 +01:00
Arthur Baars
78ad9d67b4
Address comments
2023-02-08 13:40:46 +01:00
erik-krogh
eb564760be
improve qhelp based on doc review
2023-02-08 11:00:54 +01:00
Mathias Vorreiter Pedersen
334c41c3e1
Merge pull request #12122 from github/post-release-prep/codeql-cli-2.12.2
...
Post-release preparation for codeql-cli-2.12.2
2023-02-07 16:17:57 +00:00
Tom Hvitved
8e8897b08b
Data flow: Sync files
2023-02-07 15:15:04 +01:00
