hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

4944 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
thiggy1342
e838b83f5f attempt to introduce dataflow tracking 2022-06-23 02:21:47 +00:00
Rasmus Wriedt Larsen
876ba71d9b Python/JS/Ruby: Add change-note 2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00
thiggy1342
995f365568 just check string literal 2022-06-22 02:17:01 +00:00
thiggy1342
c767f241ad narrow query scope 2022-06-22 02:12:23 +00:00
thiggy1342
f6c4b5c44b Merge branch 'experimental-manually-check-request-verb' of https://github.com/thiggy1342/codeql into experimental-manually-check-request-verb 2022-06-21 21:27:39 +00:00
thiggy1342
990747cd22 Limit findings to just those called in Controllers 2022-06-21 21:27:18 +00:00
thiggy1342
53729f99c5 restrict findings to just controller classes 2022-06-21 20:28:29 +00:00
thiggy1342
83b720d730 first draft of weak params query 2022-06-21 19:28:53 +00:00
Brandon Stewart
a2e2dcdfd5 Make ActiveRecordInstanceMethodCall Public 2022-06-21 14:44:52 -04:00
Anders Schack-Mulligen
f8f9b7d3b4 Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Asger F
a1af9c3d7d Ruby: update predicate docs 2022-06-21 12:44:16 +02:00
Asger F
d15b90e21a Ruby: Add deprecation 2022-06-21 12:44:16 +02:00
Asger F
9838e2e101 Ruby: Rename getAValueReachingRhs -> getAValueReachingSink 2022-06-21 12:44:16 +02:00
Asger F
7c877c7861 Ruby: Rename getARhs -> asSink 2022-06-21 12:44:16 +02:00
Asger F
2f8086bb57 Ruby: Rename getAUse -> getAValueReachableFromSource 2022-06-21 12:44:16 +02:00
Asger F
573c5c5efe Ruby: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:16 +02:00
Asger F
f2403e2610 Ruby: port API graph doc comment 2022-06-21 12:44:16 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
736372ffd6 Ruby: Remove test. 2022-06-21 11:18:36 +02:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
thiggy1342
c5bf1b8aab update test expectation 2022-06-20 17:27:33 +00:00
thiggy1342
973013ff9c Merge branch 'main' into experimental-decompression-api 2022-06-20 11:37:38 -04:00
thiggy1342
7932d3e4ab Update ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 11:05:56 -04:00
thiggy1342
db46a1d807 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 11:05:16 -04:00
Arthur Baars
c5d3df087d Update tree-sitter-embeded-template 2022-06-20 17:04:27 +02:00
Michael Nebel
649757c27f Java/Ruby: Sync files. 2022-06-20 16:20:01 +02:00
thiggy1342
633ddf46fb fix comments 2022-06-20 13:53:56 +00:00
thiggy1342
b4c893d857 Update ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:50:12 -04:00
thiggy1342
9c9ac919b7 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:49:52 -04:00
thiggy1342
3949e04797 Update ruby/ql/src/experimental/decompression-api/DecompressionApi.ql 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:49:11 -04:00
thiggy1342
2f505c527b Merge branch 'main' into experimental-decompression-api 2022-06-20 09:48:21 -04:00
Anders Schack-Mulligen
1b13790a36 Ruby: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
thiggy1342
0456870136 Merge branch 'main' into experimental-manually-check-request-verb 2022-06-18 15:21:53 -04:00
thiggy1342
ecb2114b7b replace duplicate post with put 2022-06-18 19:21:17 +00:00
thiggy1342
8b36191023 drop precision to low for now 2022-06-18 18:38:58 +00:00
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
thiggy1342
8aa2602d9e trying to hone in on eq comparison and include? 2022-06-18 03:09:04 +00:00
thiggy1342
78f5186e6a remove barrierguards import 2022-06-18 00:43:01 +00:00