codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Author	SHA1	Message	Date
Alex Ford	36a1b18f5b	Ruby: revert SensitiveDataHeuristics changes	2022-10-14 09:19:41 +01:00
Alex Ford	cda7d84633	Ruby: update rb/sensitive-get-query tests	2022-10-13 22:41:34 +01:00
Alex Ford	3d478a3951	Ruby: clarify qhelp	2022-10-13 22:39:54 +01:00
Alex Ford	9fbd293944	Ruby: avoid making notSensitiveRegexp always flag instance/class variables as not sensitive	2022-10-13 22:38:42 +01:00
Alex Ford	15cab6eed5	Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-13 21:43:59 +01:00
Alex Ford	43fec9dfc8	Revert "Ruby: switch rb/sensitive-get-query back to using local flow" This reverts commit `fa58c51810`.	2022-10-09 13:06:13 +01:00
Alex Ford	139d3868e5	Merge branch 'main' into rb/sensitive-get-query	2022-10-09 12:26:44 +01:00
Dave Bartolomeo	5ee7986649	Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 Post-release preparation for codeql-cli-2.11.1	2022-10-07 14:23:31 -04:00
github-actions[bot]	b8ef9e0ddc	Post-release preparation for codeql-cli-2.11.1	2022-10-07 15:59:45 +00:00
Nick Rolfe	a6674a5313	Ruby: fix uses of deprecated class name	2022-10-07 13:17:05 +01:00
Tom Hvitved	b065d2d3ab	Merge pull request #10705 from hvitved/ruby/singleton-overrides Ruby: Take overrides into account for singleton methods defined on modules	2022-10-07 13:33:59 +02:00
Harry Maclean	75cb0efecb	Merge pull request #10538 from hmac/hmac/actioncontroller-parameters Ruby: Model flow through ActionController::Parameters	2022-10-07 22:21:40 +13:00
Tom Hvitved	69fc59930f	Ruby: Add ql doc to `lookupSingletonMethod`	2022-10-07 10:55:30 +02:00
github-actions[bot]	a02dcdc5e1	Release preparation for version 2.11.1	2022-10-07 02:20:28 +00:00
Henry Mercer	7a7d164b07	Merge pull request #10698 from github/henrymercer/successfully-extracted-files-tag Tag successfully extracted files queries	2022-10-06 13:21:52 +01:00
Tom Hvitved	48bdf13c89	Ruby: Take overrides into account for singleton methods defined on modules	2022-10-06 11:56:26 +02:00
Tom Hvitved	7608276397	Ruby: Add more call graph tests	2022-10-06 10:38:02 +02:00
Tom Hvitved	0e6735b804	Merge pull request #10691 from hvitved/dataflow/conjunctive-clears Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`	2022-10-06 09:03:30 +02:00
Henry Mercer	d80d39504f	Tag successfully extracted files queries Tag the successfully extracted files queries with `successfully-extracted-files` to make them easier to identify programmatically in a language-independent way. This follows the prior art for lines of code queries, which are tagged `lines-of-code`.	2022-10-05 19:19:43 +01:00
Asger F	387e57546b	Merge pull request #10650 from asgerf/rb/summarize-more Ruby: more type-tracking steps	2022-10-05 19:16:56 +02:00
Alex Ford	fa58c51810	Ruby: switch rb/sensitive-get-query back to using local flow	2022-10-05 15:58:05 +01:00
Tom Hvitved	0beea9fd1a	Fix typos	2022-10-05 15:54:52 +02:00
Asger F	decd4c93c7	Ruby: update type tracking test	2022-10-05 15:15:52 +02:00
Asger F	c9c36985b2	Ruby: address review comments	2022-10-05 14:59:37 +02:00
Alex Ford	71670a4f75	Ruby: add RequestInputAccess#getKind predicate	2022-10-05 13:38:31 +01:00
Alex Ford	dea53d86c9	Ruby: remove some redundant imports of DataFlow	2022-10-05 13:22:19 +01:00
Alex Ford	f01670f663	Ruby: add a note to a test case	2022-10-05 13:06:49 +01:00
Alex Ford	d64f8c73be	Merge branch 'main' into rb/sensitive-get-query	2022-10-05 12:59:35 +01:00
Alex Ford	084efe062a	Ruby: limit rb/sensitive-get-query to data from query params	2022-10-05 12:57:57 +01:00
Alex Ford	977e8a8a6f	Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged)	2022-10-05 12:57:07 +01:00
Arthur Baars	6509c19aad	Merge pull request #10692 from aibaars/fix-splats Ruby: fix CFG and toString for anonymous '' and '*'	2022-10-05 13:25:29 +02:00
Alex Ford	880fb2b14a	Ruby: split out rb/sensitive-get-query using query/customizations pattern	2022-10-05 11:59:40 +01:00
Tom Hvitved	3f0f16afc4	Ruby: Update flow summary for `Hash#except`	2022-10-05 12:58:29 +02:00
Tom Hvitved	e51c20bfc7	Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`	2022-10-05 12:58:29 +02:00
Arthur Baars	a080f498be	Ruby: fix CFG and toString for anonymous '' and '*'	2022-10-05 11:50:37 +02:00
Tom Hvitved	9d23742ed6	Ruby: Add test that illustrates issue with conjunctive `WithoutContent`s	2022-10-05 11:26:23 +02:00
Asger F	f664a77a02	Ruby: ensure Hash flow works again	2022-10-05 11:07:55 +02:00
Arthur Baars	4ff85d5275	Ruby: add test case	2022-10-05 10:57:53 +02:00
Nick Rolfe	525fe12671	Merge pull request #10585 from github/nickrolfe/libxml-xxe Ruby: detect uses of LibXML with entity substitution enabled by default	2022-10-05 09:51:39 +01:00
Asger F	7cf969f9c8	Ruby: remove mention of PairValueContent	2022-10-05 10:32:09 +02:00
Asger F	6f74a52542	Merge branch 'main' into rb/summarize-more	2022-10-05 09:55:23 +02:00
Asger F	8b7ec20573	Merge branch 'main' into rb/summarize-more	2022-10-05 09:43:52 +02:00
Tom Hvitved	1496c4f0e2	Merge pull request #10686 from hvitved/ruby/remove-value-pair-content Ruby: Remove `PairValueContent`	2022-10-05 09:41:14 +02:00
Asger F	93e8434e08	Ruby: fix content restriction in type trackers	2022-10-05 09:36:42 +02:00
Asger F	f5f351e26c	Ruby: make flowsToLoadStoreStep private	2022-10-05 09:35:11 +02:00
Asger F	a9a99c5b18	Ruby: nomagic on unary hasAdjacentTypeCheckedReads	2022-10-05 09:34:36 +02:00
Asger F	4c19d2d71e	Ruby: make getAStaticHashCall private again	2022-10-05 09:32:56 +02:00
Arthur Baars	c1c16e44ee	Merge pull request #10559 from aibaars/cve-2019-3881 Ruby: some improvements	2022-10-04 21:24:14 +02:00
Tom Hvitved	aae9a58ca3	Ruby: Remove `ValuePairContent`	2022-10-04 20:10:51 +02:00
Nick Rolfe	d69a658e06	Merge pull request #10673 from github/nickrolfe/no_abstract Ruby: remove public abstract classes for Action{View,Controller}	2022-10-04 17:49:59 +01:00

1 2 3 4 5 ...

2095 Commits