Alex Ford
c44a68613a
Ruby: add a test case for ActiveRecord dynamic finder methods
2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498
Ruby: trim some SQLi related comments from ActiveRecord.rb
2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a
Ruby: rename ActiveRecord.rb test case file
2022-06-16 11:29:56 +01:00
Anders Schack-Mulligen
6518a01ded
Dataflow: Sync.
2022-06-16 11:25:28 +02:00
Rasmus Wriedt Larsen
24750dcc17
Ruby: Sync comment for self API graph label
2022-06-16 11:03:07 +02:00
Rasmus Wriedt Larsen
2ad4921a76
Ruby: Apply suggestions from code review
...
Co-authored-by: Asger F <asgerf@github.com >
2022-06-16 11:01:14 +02:00
thiggy1342
ef9442d377
Merge branch 'main' into experimental-archive-api
2022-06-15 21:46:23 -04:00
thiggy1342
056fa71f3e
add change notes
2022-06-16 01:04:50 +00:00
thiggy1342
b078430faf
add Zip::File.new query to tests
2022-06-16 00:51:50 +00:00
Harry Maclean
311296469d
Minor improvements to ImproperMemoizationQuery
2022-06-16 12:44:33 +12:00
Harry Maclean
ff0422c12d
Ruby: Add rb/improper-memoization change note
2022-06-16 12:44:33 +12:00
Harry Maclean
1ac604f769
Ruby: Private import in ImproperMemoizationQuery
2022-06-16 12:44:33 +12:00
Harry Maclean
457a84006c
Ruby: Narrow memo method candidates earlier
2022-06-16 12:44:33 +12:00
Harry Maclean
ef6f0e5b30
Ruby: Add Improper Memoization query
...
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
2022-06-16 12:44:33 +12:00
thiggy1342
e317392336
add Zip::File.new to framework
2022-06-16 00:22:15 +00:00
thiggy1342
0281dbd532
remove Zip::Entry.extract from query
2022-06-16 00:04:31 +00:00
Harry Maclean
7c5a83833b
Merge pull request #8737 from hmac/hmac/posix-spawn
...
Ruby: Model the posix-spawn gem
2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681
Merge pull request #9030 from hmac/hmac/activesupport
...
Ruby: Model various bits of ActiveSupport
2022-06-16 00:49:38 +01:00
Alex Ford
34065f9e93
Ruby: recognize ActiveRecord find_by_x methods
2022-06-15 14:33:09 +01:00
github-actions[bot]
1ed70d51d7
Post-release preparation for codeql-cli-2.9.4
2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49
Release preparation for version 2.9.4
2022-06-15 08:22:38 +00:00
thiggy1342
0fce620536
Merge branch 'main' into experimental-decompression-api
2022-06-14 21:54:08 -04:00
thiggy1342
ae86e0daea
spelling fix
2022-06-15 01:51:40 +00:00
thiggy1342
1bdaf529d9
fix qlformat errors
2022-06-15 01:49:48 +00:00
thiggy1342
df226ee610
remove standalone archive api query
2022-06-15 01:39:47 +00:00
thiggy1342
0832e299f2
move archive api path traversal tests to cwe-022
2022-06-15 01:39:47 +00:00
thiggy1342
a0f1c86031
add framework test
2022-06-15 01:39:47 +00:00
thiggy1342
098101f471
add RubyZip::File.open to frameworks
2022-06-15 01:39:47 +00:00
thiggy1342
af6fbd439c
Merge branch 'main' into experimental-archive-api
2022-06-14 20:09:02 -04:00
Arthur Baars
b20d9c266f
Merge branch 'main' into dependabot/cargo/ruby/crossbeam-utils-0.8.8
2022-06-14 12:34:29 +02:00
Arthur Baars
6f63d9ab99
Merge pull request #9539 from github/dependabot/cargo/ruby/regex-1.5.5
...
Bump regex from 1.5.4 to 1.5.5 in /ruby
2022-06-14 12:33:30 +02:00
Arthur Baars
72aad0f38f
Fix URL in readme
2022-06-14 10:49:45 +02:00
thiggy1342
6bef71ea2c
tweaks to tests
2022-06-14 02:17:12 +00:00
thiggy1342
7bdec98e6f
draft tests
2022-06-14 02:13:15 +00:00
thiggy1342
c012c235c6
rough draft of check request verb query
2022-06-14 01:45:02 +00:00
dependabot[bot]
91d1adea9e
Bump crossbeam-utils from 0.8.5 to 0.8.8 in /ruby
...
Bumps [crossbeam-utils](https://github.com/crossbeam-rs/crossbeam ) from 0.8.5 to 0.8.8.
- [Release notes](https://github.com/crossbeam-rs/crossbeam/releases )
- [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md )
- [Commits](https://github.com/crossbeam-rs/crossbeam/compare/crossbeam-utils-0.8.5...crossbeam-utils-0.8.8 )
---
updated-dependencies:
- dependency-name: crossbeam-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-06-14 00:43:21 +00:00
dependabot[bot]
80e47dec31
Bump regex from 1.5.4 to 1.5.5 in /ruby
...
Bumps [regex](https://github.com/rust-lang/regex ) from 1.5.4 to 1.5.5.
- [Release notes](https://github.com/rust-lang/regex/releases )
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/regex/compare/1.5.4...1.5.5 )
---
updated-dependencies:
- dependency-name: regex
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-06-14 00:38:02 +00:00
Alex Ford
8d195e3188
Merge pull request #9157 from alexrford/crypto-op-block-mode
...
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
2022-06-13 21:32:36 +02:00
Calum Grant
28c0906886
Update ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll
...
Co-authored-by: Nick Rolfe <nickrolfe@github.com >
2022-06-13 09:41:41 +01:00
thiggy1342
038e6363a9
update severity
2022-06-11 00:09:50 +00:00
thiggy1342
c7e67eb2e2
expand test coverage for sanitizers
2022-06-10 21:30:41 +00:00
Rasmus Wriedt Larsen
bb0435aba6
Merge branch 'main' into ruby-mad-argument-self
2022-06-08 14:19:29 +02:00
thiggy1342
62291124ff
remove constraint for Zip::File.open
2022-06-06 21:20:44 +00:00
thiggy1342
3c62271dba
fix casing of Api
2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8
add archive api file open query and test
2022-06-06 21:09:57 +00:00
thiggy1342
c5db11ee2e
use select placeholder correctly
2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07
Fix test syntax for sanitizer tests
2022-06-04 16:33:18 +00:00
thiggy1342
5ada3b76ed
Merge branch 'main' into experimental-decompression-api
2022-06-03 16:45:53 -04:00
thiggy1342
54fd7809fe
tweak metadata
2022-06-03 18:22:50 +00:00
thiggy1342
c5dc8779d1
Increased query robustness and test coverage
2022-06-03 18:05:56 +00:00
