20 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	632ad518f0	enable unicode parsing in the ruby ReDoS query	2021-08-02 07:13:41 +00:00
Nick Rolfe	d99b5510e5	Merge pull request #219 from github/regex ... Add regexp parser and exponential ReDoS query	2021-06-30 17:23:29 +01:00
Alex Ford	31cbf818ab	fix rb/sql-injection FPs due to not accounting for overridden ActiveRecord methods	2021-06-29 13:54:15 +01:00
Nick Rolfe	ba7021086b	Merge remote-tracking branch 'origin/main' into regex	2021-06-25 15:00:26 +01:00
Nick Rolfe	bee94757dd	Add query test for ReDoS.ql, ported from JS	2021-06-25 12:51:35 +01:00
Alex Ford	9883a9b606	update SqlInjection tests	2021-06-24 18:12:26 +01:00
Alex Ford	d62f4f5bd4	Address review comments	2021-06-24 18:12:26 +01:00
Alex Ford	12e4c9ee90	update SqlInjection tests	2021-06-24 18:12:25 +01:00
Alex Ford	5386c776b3	Implement rb/sql-injection	2021-06-24 18:12:25 +01:00
Alex Ford	f74dff560b	Merge pull request #187 from github/hardcoded-credentials ... Add rb/hardcoded-credentials query	2021-06-10 16:12:32 +01:00
Alex Ford	e26afe91b5	move rb/hardcoded-credential alert location to the source	2021-06-07 14:53:04 +01:00
Alex Ford	5d79a8cec0	account for keyword args in rb/hardcoded-credentials and simplify query	2021-06-07 14:49:49 +01:00
Alex Ford	8a3ffb6dca	add missing toString	2021-06-04 13:25:03 +01:00
Alex Ford	b2d36babc4	report rb/weak-file-permission alerts at source rather than sink and improve alert message	2021-06-04 13:10:18 +01:00
Alex Ford	fdd4f7f616	attempt to use typetracker in rb/hardcoded-credentials	2021-06-01 12:22:04 +01:00
Alex Ford	f1303e0ced	remove WIP files	2021-06-01 12:22:04 +01:00
Alex Ford	4fdd072603	WIP: HardcodedCredentials query	2021-06-01 12:22:04 +01:00
Alex Ford	2c8a4f833f	make rb/overly-permissive-file a proper path-problem	2021-04-29 19:11:39 +01:00
Alex Ford	0a6dc6f150	update WeakFilePermissions.expected	2021-04-28 16:31:07 +01:00
Alex Ford	e5862a942f	WIP rb/overly-permissive-file query	2021-04-27 21:22:17 +01:00