codeql

mirror of https://github.com/github/codeql.git synced 2026-01-21 18:34:46 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	35a3aa0a09	Ruby: Add empty provenance column to expected files.	2024-02-09 11:32:08 +01:00
Koen Vlaswinkel	87eb1ab103	Ruby: Include ReturnValue and exclude self for constructors	2024-02-08 13:40:10 +01:00
Koen Vlaswinkel	49dbad96f9	Switch from details string to DataFlow::Node	2024-02-05 16:33:01 +01:00
Koen Vlaswinkel	f83d2a7d55	Ruby: Avoid using toString where possible	2024-02-02 14:18:21 +01:00
Koen Vlaswinkel	8853acb4dd	Ruby: Add query for access paths in model editor	2024-02-01 16:20:00 +01:00
Koen Vlaswinkel	ce4d8d6b51	Merge pull request #15490 from github/koesie10/ruby-model-constructor-on-new Ruby: Model constructors in endpoint query on new instead of initialize	2024-02-01 09:31:49 +01:00
Harry Maclean	06334eee2e	Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness Ruby: Add Insecure Randomness Query	2024-01-31 17:16:32 +00:00
Koen Vlaswinkel	c1aaf5a574	Ruby: Model constructors in endpoint query on new	2024-01-31 13:54:48 +01:00
Arthur Baars	4591560692	Merge pull request #14544 from p-/p--oj-ox-unsafe-deser Ruby: additional unsafe deserialization sinks for ox and one for oj	2024-01-30 19:28:32 +01:00
Peter Stöckli	1947dee46a	Merge branch 'main' into p--oj-ox-unsafe-deser	2024-01-30 15:33:39 +01:00
Sid Shankar	b1d7a635f5	Renames diagnostic query files and tests This commit renames the files relating to the diagnostic query that produces information on the number of files extracted. The files have been renamed from "SuccessfullExtractedFiles." to "ExtractedFiles.". All related tests and test files have been renamed too. The `@tags` and `@id` attributes of the queries have been left untouched, consistent with the `@tags` and `@id` for similar queries in other languages.	2024-01-29 20:19:20 +00:00
Sid Shankar	b26fef816a	Rb: Report any extracted file as successfully extracted	2024-01-08 22:21:30 +00:00
Harry Maclean	ece196cb25	Ruby: Update model editor tests	2023-12-08 14:52:51 +00:00
Harry Maclean	1dc0a063b0	Merge pull request #14679 from hmac/hmac-model-editor-ruby Ruby: Experimental model editor support	2023-12-08 11:03:38 +00:00
Harry Maclean	d630773575	Merge pull request #14627 from alexrford/rb/update_all_sink Ruby: refine `ActiveRecord` `update_all` as an SQL sink	2023-12-04 13:02:14 +00:00
Harry Maclean	bd575db254	Ruby: Add test for FrameworkModeEndpoints query	2023-11-27 14:18:18 +00:00
Alex Ford	8db23dc775	Ruby: refine ActiveRecord update_all as an SQL sink	2023-10-30 09:47:16 +00:00
Alex Ford	013e7aae97	Ruby: test whitespace changes	2023-10-30 09:32:44 +00:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	f42bd28ca9	Port changes to Ruby.	2023-10-26 15:06:45 +01:00
Maiky	35d390ad06	Add Insecure Randomness Query (CWE-338)	2023-10-21 17:23:41 +02:00
Peter Stöckli	09cf76a880	Ruby: additional unsafe deserialization sinks for ox, oj	2023-10-19 14:04:48 +02:00
Alex Ford	22850b28df	Ruby: update alert message test output	2023-10-16 13:08:49 +01:00
Alex Ford	3dd042c38a	Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt	2023-10-16 12:42:19 +01:00
Harry Maclean	1297acf5b1	Merge pull request #14216 from hmac/hmac-graphql-enum Ruby: Restrict GraphQL remote flow sources	2023-10-13 11:31:50 +01:00
Harry Maclean	5411123b8a	Ruby: Fix GraphQL test	2023-09-14 14:14:26 +01:00
Tom Hvitved	e258324960	Ruby: Allow for implicit array reads at all sinks during taint tracking	2023-09-14 09:40:05 +02:00
Alex Ford	79c305c1a1	Merge pull request #14124 from alexrford/rb/dataflow-query-refactor Ruby: Use the new dataflow API for checked in queries	2023-09-13 14:24:47 +01:00
Alex Ford	5b013dd5d2	Merge branch 'main' into rb/dataflow-query-refactor	2023-09-07 14:57:38 +01:00
Tom Hvitved	48e2dcfa35	Ruby: Reimplement flow through captured variables using field flow	2023-09-06 11:00:55 +02:00
Alex Ford	cdc788b162	Ruby: configsig rb/hardcoded-credentials	2023-09-03 17:20:06 +01:00
Alex Ford	b6d12f8b1c	Ruby: configsig rb/zip-slip	2023-09-03 17:20:05 +01:00
Alex Ford	42cd58695d	Ruby: configsig rb/url-redirection	2023-09-03 17:20:05 +01:00
Alex Ford	593d9a48d4	Ruby: configsig rb/reflected-xss	2023-09-03 17:20:05 +01:00
Alex Ford	a8ad0d8ff5	Ruby: renames for rb/insecure-download	2023-09-03 17:20:04 +01:00
Tom Hvitved	7e77c77d92	Ruby: Update expected test output	2023-08-30 13:33:48 +02:00
Alex Ford	9957e2683b	Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth Ruby: Add Improper LDAP Authentication query (CWE-287)	2023-08-25 20:52:34 +01:00
Maiky	17565cde75	Add JWT Security Queries	2023-08-25 21:28:53 +02:00
Maiky	ffd618d6cc	Revert "Add `""` and `nil` as sources" This reverts commit `664c1eba72`.	2023-08-25 15:23:55 +02:00
Harry Maclean	d18ca3f5d7	Ruby: Fix bug in excon model If a codebase included a definition for `Excon.new`, we matched connection nodes to unrelated request nodes.	2023-08-23 12:55:36 +01:00
Maiky	664c1eba72	Add `""` and `nil` as sources	2023-08-22 18:10:33 +02:00
erik-krogh	92db7b047c	escape unicode chars in the output for the ReDoS queries	2023-08-08 00:15:54 +02:00
Maiky	6f1b406b3a	typo Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-08-03 17:08:10 +02:00
Maiky	0237f37842	typo Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-08-03 17:07:58 +02:00
Maiky	c54561e775	Merge branch 'main' into maikypedia/ldap-improper-auth	2023-08-03 16:49:30 +02:00
Alex Ford	af854749d7	Ruby: update Ldapinjection test output	2023-07-31 16:08:15 +01:00
Alex Ford	f437a6f729	Merge branch 'main' into maikypedia/ldap-injection	2023-07-31 16:00:41 +01:00
Maiky	2d88ac1846	Suggested Changes	2023-07-27 23:40:52 +02:00
Anders Schack-Mulligen	ae24d68b5d	C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output.	2023-07-19 11:41:15 +02:00
Alex Ford	d89c10dd85	Merge pull request #13130 from maikypedia/maikypedia/xpath-injection Ruby : XPath Injection Query (CWE-643)	2023-07-14 14:10:09 +01:00

1 2 3 4 5 ...

467 Commits