hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,131 Commits 1,741 Branches 165 Tags
1eccb8ea930e73c8ddb4f1b797e68f112eeb91a2
Commit Graph

296 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Josh Soref
2648cb0322 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Asger F
d28b9af8bd Merge pull request #10791 from asgerf/rb/rails-render-file 
Ruby: treat render 'file:' argument as a file system access
 2022-10-12 21:18:32 +02:00
Asger F
7bfb3497eb Ruby: change note 2022-10-12 14:29:34 +02:00
Jeroen Ketema
d389a183f0 Merge pull request #10743 from jsoref/spelling 
Spelling
 2022-10-12 12:48:22 +02:00
erik-krogh
cadb948d57 add change-note 2022-10-11 13:26:03 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
Josh Soref
b5bed9cbf5 spelling: explicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Alex Ford
139d3868e5 Merge branch 'main' into rb/sensitive-get-query 2022-10-09 12:26:44 +01:00
erik-krogh
cbeefd418b add change-note 2022-10-07 13:47:32 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Alex Ford
d64f8c73be Merge branch 'main' into rb/sensitive-get-query 2022-10-05 12:59:35 +01:00
Nick Rolfe
8ca1e1b2d1 Ruby: add changenote for XXE improvements 2022-09-27 16:11:41 +01:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Nick Rolfe
ee34ac5394 Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml 
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
 2022-09-22 10:59:49 +01:00
Nick Rolfe
2edbc16829 Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink 2022-09-21 13:01:21 +01:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Alex Ford
f84035a65c Ruby: add rb/sensitive-get-query query 2022-09-10 17:43:15 +01:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Nick Rolfe
acf5b11139 Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code 2022-08-25 11:44:55 +01:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
Harry Maclean
3fba4a5fa7 Ruby: Add change note for new query 2022-08-17 16:02:48 +12:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Alex Ford
7a61f59b1e Ruby: add change note for new rb/log-injeciton query 2022-08-10 16:17:55 +01:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Nick Rolfe
6356b20928 Ruby: port js/hardcoded-data-interpreted-as-code 2022-07-26 16:05:22 +01:00
Harry Maclean
cb3ebeedf9 Merge pull request #9696 from thiggy1342/experimental-strong-params 
RB: Experimental strong params query
 2022-07-25 12:08:55 +12:00
thiggy1342
c2710fb038 Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-22 13:52:00 -04:00
thiggy1342
2c095cf166 Update ruby/ql/src/change-notes/2022-07-21-weak-params.md 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-22 13:51:38 -04:00
thiggy1342
1842bde879 add change note 2022-07-21 22:13:53 +00:00
thiggy1342
c1a6ca5f94 add change note 2022-07-21 22:11:14 +00:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Asger F
d94010c244 Grammar: report -> reports 2022-06-23 14:17:52 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Harry Maclean
ff0422c12d Ruby: Add rb/improper-memoization change note 2022-06-16 12:44:33 +12:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Alex Ford
9e483ac4e0 Fix change note formatting 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 14:25:44 +01:00