codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Peter Stöckli	d8752a0b12	Add additional sinks to the `rb/kernel-open` query	2022-11-29 10:00:56 +01:00
Nick Rolfe	8a94cabdbf	Merge pull request #11250 from github/nickrolfe/stack-trace-exposure Ruby: add stack-trace exposure query	2022-11-28 10:45:59 +00:00
erik-krogh	f75b853ae4	add change-note	2022-11-25 11:08:14 +01:00
erik-krogh	f1668801d3	add a `rb/unsafe-code-construction` query rebase	2022-11-25 10:25:30 +01:00
Nick Rolfe	1c407a28cd	Apply suggestions from code review Co-authored-by: Harry Maclean <hmac@github.com>	2022-11-24 14:02:32 +00:00
erik-krogh	2ad28ab4db	add library inputs as a source to poly-redos	2022-11-22 13:05:34 +01:00
Edoardo Pirovano	6c33ddcd47	Merge pull request #11349 from github/edoardo/2.11.4-mergeback Merge `rc/3.8` into `main`	2022-11-21 18:08:27 +00:00
github-actions[bot]	5b14ebf22a	Post-release preparation for codeql-cli-2.11.4	2022-11-18 11:26:00 +00:00
github-actions[bot]	e105c13e77	Release preparation for version 2.11.4	2022-11-17 16:40:45 +00:00
erik-krogh	10fff4e2ef	Merge branch 'main' into rb-redosMod	2022-11-14 21:31:10 +01:00
Nick Rolfe	c660ea100b	Ruby: add changenote for rb/stack-trace-exposure	2022-11-14 12:26:40 +00:00
Nick Rolfe	b39e2ef71c	Ruby: add stacktrace exposure query	2022-11-14 12:26:40 +00:00
Nick Rolfe	0337ccb93a	Ruby: add change notes for Arel.sql / SqlConstruction changes	2022-11-10 14:11:14 +00:00
Nick Rolfe	4a98ef064e	Ruby: use the 'customizations' pattern for the SQL injection query	2022-11-10 11:51:47 +00:00
Asger F	859dc7beb7	Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 Ruby: expand DataFlow API	2022-11-09 15:06:03 +01:00
Erik Krogh Kristensen	c82410fd16	Merge pull request #10680 from erik-krogh/unsafeRbCmd RB: add an unsafe-shell-command-construction query	2022-11-08 09:22:33 +01:00
Erik Krogh Kristensen	3f871a08e2	apply suggestions from doc review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>	2022-11-07 16:29:10 +01:00
erik-krogh	40e4359173	port the Ruby regex/redos queries to use the shared pack	2022-11-07 14:34:18 +01:00
github-actions[bot]	fca754bddd	Post-release preparation for codeql-cli-2.11.3	2022-11-05 14:30:48 +00:00
github-actions[bot]	508327235a	Release preparation for version 2.11.3	2022-11-04 20:16:23 +00:00
Arthur Baars	98f4c29913	Ruby: weak crypto: do not report weak hash algorithms Weak hash algorithms such as MD5 and SHA1 are often used in non security sensitive contexts and reporting all uses is far too noisy.	2022-11-04 15:58:50 +01:00
Henry Mercer	dd264c6dfb	Consistently mention language in metric names This improves consistency between the lines of code queries and the number of successfully extracted files queries.	2022-11-03 11:44:10 +00:00
Henry Mercer	c60d071239	Lowercase "lines"	2022-11-03 11:40:22 +00:00
Dave Bartolomeo	9d5e5e3ee7	`${workspace}` all the things	2022-11-01 13:29:05 -04:00
Arthur Baars	aba87a139d	Merge pull request #10668 from aibaars/ruby-deps Ruby: update dependencies	2022-11-01 13:55:42 +01:00
erik-krogh	84a7fddd95	remove explicit versions in lock files, as the dependencies are all installed locally	2022-11-01 09:09:26 +01:00
Asger F	b4b34cc994	Ruby: port part of ActionController model	2022-10-31 13:33:41 +01:00
Asger F	436cc60138	Ruby: update some uses of getConstantValue()	2022-10-28 15:16:14 +02:00
erik-krogh	e8dce25cc2	fix rb/code-injection	2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen	ef5132b0ae	Merge pull request #10883 from erik-krogh/codeSink RB: don't flag code-injection for dynamic loading where an attacker only controls a substring	2022-10-24 18:59:36 +02:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Arthur Baars	45c9a0d0b1	Apply suggestions from code review Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-10-20 15:22:29 +02:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
erik-krogh	7797211118	Merge branch 'main' into unsafeRbCmd	2022-10-20 10:34:17 +02:00
erik-krogh	3dd89bb7bf	remove duplicate alerts due to multiple states reaching the same sink	2022-10-19 13:19:18 +02:00
Harry Maclean	eddb8493d8	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-10-17 09:34:44 +13:00
Harry Maclean	545222d1e9	Ruby: Add change note	2022-10-17 08:17:37 +13:00
Alex Ford	3baad89e57	Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query	2022-10-14 10:50:09 +01:00
Erik Krogh Kristensen	332bc35ff1	Merge pull request #10708 from erik-krogh/kernelSink RB: add a query flagging uses of `Kernel.open()` that are not with a constant string	2022-10-14 09:13:26 +02:00
Alex Ford	3d478a3951	Ruby: clarify qhelp	2022-10-13 22:39:54 +01:00
Alex Ford	15cab6eed5	Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-13 21:43:59 +01:00
Josh Soref	8078f91b28	spelling: mapping Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Josh Soref	2648cb0322	spelling: injection Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Asger F	d28b9af8bd	Merge pull request #10791 from asgerf/rb/rails-render-file Ruby: treat render 'file:' argument as a file system access	2022-10-12 21:18:32 +02:00
Asger F	7bfb3497eb	Ruby: change note	2022-10-12 14:29:34 +02:00
Jeroen Ketema	d389a183f0	Merge pull request #10743 from jsoref/spelling Spelling	2022-10-12 12:48:22 +02:00
erik-krogh	cadb948d57	add change-note	2022-10-11 13:26:03 +02:00
erik-krogh	d427e55507	add qhelp	2022-10-11 13:26:03 +02:00
erik-krogh	557dd10896	add a `rb/unsafe-shell-command-construction` query	2022-10-11 13:26:01 +02:00
Erik Krogh Kristensen	7d282c3d75	fix casing in alert-message Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-11 11:12:59 +02:00

... 11 12 13 14 15 ...

1012 Commits