codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
erik-krogh	9a9d2a6fe1	Merge branch 'main' into rb-last-msg	2022-10-11 10:43:39 +02:00
erik-krogh	de3b15ebe9	add a query flagging uses of Kernel.open that are not with a constant string	2022-10-11 09:23:29 +02:00
Josh Soref	b5bed9cbf5	spelling: explicitly Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	cbea5ec40c	spelling: executables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
erik-krogh	38c17c5d0c	Merge branch 'main' into rbMeta	2022-10-10 12:22:56 +02:00
Alex Ford	43fec9dfc8	Revert "Ruby: switch rb/sensitive-get-query back to using local flow" This reverts commit `fa58c51810`.	2022-10-09 13:06:13 +01:00
Alex Ford	139d3868e5	Merge branch 'main' into rb/sensitive-get-query	2022-10-09 12:26:44 +01:00
github-actions[bot]	b8ef9e0ddc	Post-release preparation for codeql-cli-2.11.1	2022-10-07 15:59:45 +00:00
erik-krogh	cbeefd418b	add change-note	2022-10-07 13:47:32 +02:00
erik-krogh	5d9c68c962	remove the taint-steps meta query	2022-10-07 13:21:24 +02:00
erik-krogh	a0725fba71	fix some more style-guide violations in the alert-messages	2022-10-07 12:01:03 +02:00
github-actions[bot]	a02dcdc5e1	Release preparation for version 2.11.1	2022-10-07 02:20:28 +00:00
erik-krogh	c1fae91a1f	have rb/meta/taint-steps print only one for each file, to limit the size of the output	2022-10-06 15:19:11 +02:00
erik-krogh	169965cfb9	make rb/meta/taint-steps into a @kind problem query	2022-10-06 13:28:10 +02:00
erik-krogh	db056aae1b	add some more meta queries for Ruby evaluations	2022-10-06 10:14:28 +02:00
Henry Mercer	d80d39504f	Tag successfully extracted files queries Tag the successfully extracted files queries with `successfully-extracted-files` to make them easier to identify programmatically in a language-independent way. This follows the prior art for lines of code queries, which are tagged `lines-of-code`.	2022-10-05 19:19:43 +01:00
Alex Ford	fa58c51810	Ruby: switch rb/sensitive-get-query back to using local flow	2022-10-05 15:58:05 +01:00
Alex Ford	dea53d86c9	Ruby: remove some redundant imports of DataFlow	2022-10-05 13:22:19 +01:00
Alex Ford	d64f8c73be	Merge branch 'main' into rb/sensitive-get-query	2022-10-05 12:59:35 +01:00
Alex Ford	880fb2b14a	Ruby: split out rb/sensitive-get-query using query/customizations pattern	2022-10-05 11:59:40 +01:00
Nick Rolfe	525fe12671	Merge pull request #10585 from github/nickrolfe/libxml-xxe Ruby: detect uses of LibXML with entity substitution enabled by default	2022-10-05 09:51:39 +01:00
Alex Ford	703829c647	Ruby: use taint tracking for rb/sensitive-get-query	2022-10-04 15:04:41 +01:00
Erik Krogh Kristensen	5ba7c13ecd	fix alert-message by adding the link Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-04 13:50:25 +02:00
erik-krogh	d370b2a51e	simplify the where clause of `rb/kernel-open`	2022-10-04 13:49:50 +02:00
Arthur Baars	ae7e6ef701	Ruby: update dependencies	2022-10-04 13:44:22 +02:00
erik-krogh	bf74481f65	add a link to the source in the alert-message for `rb/kernel-open`	2022-10-04 13:41:50 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from `internal/Module.qll` and make sure they are cached	2022-09-30 14:56:55 +02:00
Nick Rolfe	8ca1e1b2d1	Ruby: add changenote for XXE improvements	2022-09-27 16:11:41 +01:00
github-actions[bot]	6cef0af5df	Post-release preparation for codeql-cli-2.11.0	2022-09-23 21:01:40 +00:00
github-actions[bot]	f5cf8cffa3	Release preparation for version 2.11.0	2022-09-22 20:14:12 +00:00
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Nick Rolfe	ee34ac5394	Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-22 10:59:49 +01:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Nick Rolfe	2edbc16829	Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-21 13:01:21 +01:00
Tom Hvitved	a9f2e5272f	Merge pull request #10376 from hvitved/ruby/no-ast-by-default Ruby: Do not expose AST layer through `ruby.qll`	2022-09-21 13:15:30 +02:00
Erik Krogh Kristensen	7e17a919ae	Merge pull request #10304 from erik-krogh/rb-followMsg RB: make the alert messages of taint-tracking queries more consistent	2022-09-20 22:58:31 +02:00
Andrew Eisenberg	58e4861b45	Merge branch 'main' into rc/3.7	2022-09-20 12:43:20 -07:00
Alex Ford	7720d85c98	Ruby: use camelcase verion of Http module	2022-09-20 08:58:35 +01:00
Alex Ford	be1ac17a60	Merge branch 'main' into rb/sensitive-get-query	2022-09-19 20:57:20 +01:00
Alex Ford	08c8db8937	Ruby: stop rb/sensitive-get-query from considering ID type data as sensitive	2022-09-16 15:40:13 +01:00
Alex Ford	79ad7d293f	Ruby: make SensitiveExpr a dataflow node rather than an Expr	2022-09-16 15:39:16 +01:00
github-actions[bot]	67ce442674	Post-release preparation for codeql-cli-2.10.5	2022-09-16 14:23:44 +00:00
Tom Hvitved	007ab2b7ce	Ruby: Do not expose AST layer through `ruby.qll`	2022-09-13 19:59:56 +02:00
erik-krogh	063c76b6d1	apply suggestions from review	2022-09-13 10:52:23 +02:00
Alex Ford	0da367f6e5	Ruby: address QL4QL alerts for rb/sensitive-get-query	2022-09-12 08:56:17 +01:00
Alex Ford	f84035a65c	Ruby: add `rb/sensitive-get-query` query	2022-09-10 17:43:15 +01:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
github-actions[bot]	a9d80a5a48	Release preparation for version 2.10.5	2022-09-08 11:35:54 +00:00
erik-krogh	79a048968e	make the alert messages of taint-tracking queries more consistent	2022-09-07 12:22:50 +02:00

... 12 13 14 15 16 ...

1012 Commits