codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	a9e1e72196	Merge branch 'main' into shared-http-client-request	2022-09-06 10:52:27 +02:00
Edoardo Pirovano	8f332714f4	Merge pull request #10260 from github/edoardo/3.7-mergeback Merge `rc/3.7` into `main`	2022-09-01 15:44:17 +01:00
Nick Rolfe	898689f550	Merge pull request #9896 from github/nickrolfe/hardcoded_code Ruby: port js/hardcoded-data-interpreted-as-code	2022-08-26 13:49:25 +01:00
github-actions[bot]	3b4ad3c4f1	Post-release preparation for codeql-cli-2.10.4	2022-08-26 09:32:11 +00:00
github-actions[bot]	0f63bc077f	Release preparation for version 2.10.4	2022-08-25 12:52:26 +00:00
Nick Rolfe	acf5b11139	Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code	2022-08-25 11:44:55 +01:00
erik-krogh	1c0f2251e2	Merge branch 'main' into msgConsis	2022-08-24 14:38:57 +02:00
erik-krogh	f7846a598e	add change-notes	2022-08-23 07:54:01 +02:00
erik-krogh	df9a9f4a56	update rb/stored-css to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	9b257bfa9e	update rb/reflected-xss to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	778879908e	update rb/code-injection to match python	2022-08-22 21:41:46 +02:00
erik-krogh	034d197e01	update {java/rb}/xxe to match python/javascript	2022-08-22 21:41:46 +02:00
erik-krogh	3553f3d9b8	update {rb/py/js/go}/path-injection to match java/csharp	2022-08-22 21:41:45 +02:00
erik-krogh	b471a401cc	update {rb/js/java}/unused-parameter to match python	2022-08-22 21:41:45 +02:00
erik-krogh	e89e0eb7fb	make some acronyms camelCase	2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen	61bf2154cd	Merge branch 'main' into shared-http-client-request	2022-08-22 12:05:37 +02:00
Rasmus Wriedt Larsen	10968bf115	Ruby: Fix alert-msg logic for `RequestWithoutValidation.ql` This really surprised me, but as shown on the results, it does actually make a difference in the alert-message.	2022-08-19 15:50:09 +02:00
Rasmus Wriedt Larsen	47c9c5bddd	Ruby: Update `RequestWithoutValidation.ql` to match Python version No library modeling currently has support for the new disablesCertificateValidation/2, so only the alert text has changed (removed an import from Python so the queries would ACTUALLY match)	2022-08-18 14:32:41 +02:00
Tom Hvitved	08a5b5dc73	Merge pull request #10089 from hvitved/ruby/local-source-nodes Ruby: Reduce size of `isLocalSourceNode`	2022-08-18 12:02:35 +02:00
Harry Maclean	70ec70940a	Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization	2022-08-18 10:02:39 +12:00
Tom Hvitved	ed2ec1acc0	Ruby: Reduce size of `isLocalSourceNode`	2022-08-17 17:19:30 +02:00
Alex Ford	d4d6657cb7	Merge pull request #10008 from alexrford/rb/log-injection Ruby: Add `rb/log-injection` query	2022-08-17 15:01:22 +01:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Harry Maclean	f2384a6a8f	Ruby: Share more code with JS	2022-08-17 16:03:49 +12:00
Harry Maclean	025e34d8e1	Ruby: Simplify imports	2022-08-17 16:03:48 +12:00
Harry Maclean	ab6287aebd	Ruby: Fix import	2022-08-17 16:03:48 +12:00
Harry Maclean	3fba4a5fa7	Ruby: Add change note for new query	2022-08-17 16:02:48 +12:00
Harry Maclean	c234bd94d1	Ruby: IncompleteMultiCharacterSanitization Query This query is similar to IncompleteSanitization but for multi-character sequences.	2022-08-17 16:02:48 +12:00
Alex Ford	d02ad51d74	Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 Post-release preparation for codeql-cli-2.10.3	2022-08-16 12:04:07 +01:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
github-actions[bot]	21d0c78376	Post-release preparation for codeql-cli-2.10.3	2022-08-11 23:20:39 +00:00
github-actions[bot]	57c4f9145b	Release preparation for version 2.10.3	2022-08-11 11:12:15 +00:00
Alex Ford	7a61f59b1e	Ruby: add change note for new rb/log-injeciton query	2022-08-10 16:17:55 +01:00
Alex Ford	00e290e1f1	Ruby: document rb/log-injection	2022-08-10 16:17:18 +01:00
Alex Ford	c31995764b	Ruby: add rb/log-inection query	2022-08-10 16:16:54 +01:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00
Erik Krogh Kristensen	0abbd50ca1	apply changes based on docs review	2022-08-09 13:51:40 +02:00
github-actions[bot]	e8747d3176	Post-release preparation for codeql-cli-2.10.2	2022-07-28 20:00:09 +00:00
github-actions[bot]	212786ed91	Release preparation for version 2.10.2	2022-07-28 13:38:35 +00:00
Nick Rolfe	6356b20928	Ruby: port js/hardcoded-data-interpreted-as-code	2022-07-26 16:05:22 +01:00
Harry Maclean	cb3ebeedf9	Merge pull request #9696 from thiggy1342/experimental-strong-params RB: Experimental strong params query	2022-07-25 12:08:55 +12:00
thiggy1342	0c0ba925a7	this one should have no tag	2022-07-22 18:44:03 +00:00
thiggy1342	f39ca1aad2	correct cwe tagged	2022-07-22 18:36:25 +00:00
thiggy1342	c2710fb038	Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-22 13:52:00 -04:00
thiggy1342	2c095cf166	Update ruby/ql/src/change-notes/2022-07-21-weak-params.md Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-22 13:51:38 -04:00
thiggy1342	1842bde879	add change note	2022-07-21 22:13:53 +00:00
thiggy1342	c1a6ca5f94	add change note	2022-07-21 22:11:14 +00:00
thiggy1342	486a394a7f	Update ruby/ql/src/experimental/weak-params/WeakParams.ql Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-21 17:26:09 -04:00
thiggy1342	cc958dc171	Update ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql Co-authored-by: Harry Maclean <hmac@github.com>	2022-07-21 17:19:33 -04:00

... 13 14 15 16 17 ...

1012 Commits