codeql

mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00

Author	SHA1	Message	Date
Tom Hvitved	317303cdad	Strengthen the type of `SetterMethodCall`	2021-09-27 14:05:28 +02:00
Arthur Baars	2a4747b27e	Merge pull request #313 from github/hmac-remove-unicode-char Remove unicode character from doc string	2021-09-27 12:57:21 +02:00
Harry Maclean	3e100bc2a9	Remove unicode character from doc string We require that all source code is in ASCII.	2021-09-27 11:40:04 +01:00
Harry Maclean	74982cb3aa	Merge pull request #307 from github/hmac-outgoing-http-2 Model some more HTTP clients	2021-09-24 12:30:48 +01:00
Tom Hvitved	141f5f7605	Merge pull request #308 from github/hvitved/operation-method-call Make `{Unary,Binary}Operation` a sub class of `MethodCall`	2021-09-24 12:51:07 +02:00
Tom Hvitved	30d2df53c6	Include `MethodCall.getAChild` in `{Unary,Binary}Operation.getAChild`	2021-09-24 12:08:54 +02:00
Tom Hvitved	edfdfb1fa4	Make `{Unary,Binary}Operation` a sub class of `MethodCall`	2021-09-23 19:13:55 +02:00
Harry Maclean	88885a222e	Model the RestClient HTTP client	2021-09-23 16:32:15 +01:00
Harry Maclean	4cf520c2df	Model the Faraday HTTP client	2021-09-23 16:32:15 +01:00
Harry Maclean	ee51298633	Model the Excon HTTP client	2021-09-23 16:32:15 +01:00
Tom Hvitved	ca2ff9a863	Merge pull request #305 from github/hvitved/desugar/array-literals Desugar array literals to `::Array.[]`	2021-09-23 17:30:34 +02:00
Arthur Baars	40f0112e8a	Merge pull request #297 from github/aibaars/alert-suppression Alert suppression and file classifier query	2021-09-23 15:37:19 +02:00
Harry Maclean	4f9518a9c6	Merge pull request #293 from github/hmac-code-injection Add query for Code Injection	2021-09-23 13:50:48 +01:00
Tom Hvitved	f347505542	Merge pull request #277 from github/hvitved/flow-summaries Add support for flow summaries	2021-09-23 14:31:52 +02:00
Harry Maclean	41608ef47b	Address review comments	2021-09-23 12:26:54 +01:00
Tom Hvitved	68d41f9f12	Address review comments	2021-09-23 12:39:47 +02:00
Harry Maclean	83705c5787	Merge pull request #306 from github/hmac-outgoing-http Model outgoing HTTP requests as remote flow sources	2021-09-23 09:34:44 +01:00
Harry Maclean	5826f2c279	Move Net::HTTP modelling into http_clients module This seems a more convenient place to keep all the HTTP client modelling.	2021-09-23 09:04:20 +01:00
Harry Maclean	b658bacab3	Simplify Net::HTTP modelling	2021-09-23 09:04:01 +01:00
Harry Maclean	3000587849	Add Net::HTTP request modelling	2021-09-23 09:04:01 +01:00
Harry Maclean	2bdea01c8a	Add HTTP::Client concept	2021-09-23 09:04:01 +01:00
Alex Ford	21e31a47d9	Merge pull request #283 from github/file-system-sources Start modelling some file system access concepts	2021-09-22 16:45:13 +01:00
Alex Ford	b769aa67c2	test for IO.open as a way of creating an IO instance	2021-09-22 16:29:10 +01:00
Alex Ford	0092c0279b	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-09-22 14:28:15 +01:00
Tom Hvitved	e670fdbb82	Move two predicates in `FlowSummaryImplSpecific.qll`	2021-09-22 14:12:46 +02:00
Tom Hvitved	a37737d065	Replace `string kind` with `boolean preservesValue`	2021-09-22 09:28:55 +02:00
Tom Hvitved	888183f26d	Desugar array literals to `::Array.[]`	2021-09-21 21:27:29 +02:00
Alex Ford	70c2be8ca3	Files library tests	2021-09-21 19:08:03 +01:00
Alex Ford	05a04f4835	Files.qll library implementation	2021-09-21 19:07:55 +01:00
Alex Ford	6315621b16	use instanceof extensions for some filesystem concepts	2021-09-21 19:02:11 +01:00
Alex Ford	d1f2258d45	revamp weak file permissions query	2021-09-21 19:02:11 +01:00
Alex Ford	25300cb2b4	start modelling some file access concepts	2021-09-21 19:02:11 +01:00
Nick Rolfe	dd31473dff	Merge pull request #301 from github/fix_source_archive Fix filenames in source archives	2021-09-21 11:37:02 +01:00
Tom Hvitved	cdc359527a	Resolve semantic conflicts after rebase	2021-09-21 11:14:11 +02:00
Tom Hvitved	564c76c41f	Address review comments	2021-09-21 11:04:53 +02:00
Tom Hvitved	08dc6d79ef	Add support for flow summaries	2021-09-21 11:04:53 +02:00
Nick Rolfe	143256e673	Fix filenames in source archives	2021-09-20 22:17:45 +01:00
Nick Rolfe	c183e05c49	Merge pull request #300 from github/fix_tests Fix tests	2021-09-20 16:19:40 +01:00
Nick Rolfe	d27f8a6d24	Add empty subpaths section to expected test output	2021-09-20 15:56:58 +01:00
Tom Hvitved	8aaabe8b1e	Merge pull request #299 from github/hvitved/actions-reuse Add two 'composite' actions for reusing logic	2021-09-20 15:55:28 +02:00
Nick Rolfe	6f7d4fef70	Merge pull request #287 from github/unsafe-deserialization rb/unsafe-deserialization query	2021-09-20 14:23:30 +01:00
Nick Rolfe	8af12a164a	Merge pull request #298 from github/trap_extension Fix trap extension for source files without extensions	2021-09-20 14:23:01 +01:00
Tom Hvitved	e201dae672	Add two 'composite' actions for reusing logic	2021-09-20 14:52:02 +02:00
Nick Rolfe	c30c7b380d	Replace `if let` with `match`.	2021-09-20 12:22:55 +01:00
Nick Rolfe	0936c4cd7b	Fix trap extension for source files without extensions We were writing files with names like `Gemfile..trap.gz`. Now fixed to `Gemfile.trap.gz`.	2021-09-20 12:11:00 +01:00
Tom Hvitved	4bfbf62e13	Merge pull request #296 from github/hvitved/empty-location Extract a special empty location	2021-09-20 13:05:27 +02:00
Tom Hvitved	1393dc9eb4	Update extractor/src/main.rs Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-09-20 12:50:24 +02:00
Harry Maclean	95e50cedad	Add query for Code Injection This query finds cases where user input flows to an argument to `eval` or `send`, which can execute arbitrary Ruby code.	2021-09-20 11:35:45 +01:00
Harry Maclean	916b844557	Merge pull request #280 from github/hmac-cli-injection Add CLI Injection query	2021-09-20 08:54:01 +01:00
Tom Hvitved	b2d0c60a02	Replace `hasLocationInfo` with `getLocation` in `API::Node`	2021-09-20 09:52:26 +02:00

1 2 3 4 5 ...

1303 Commits