hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
61,009 Commits 1,740 Branches 165 Tags
3b78477406d9808ebddcd412db22b93a0ad902ab
Commit Graph

731 Commits

Author SHA1 Message Date
github-actions[bot]
432c21d4fb Post-release preparation for codeql-cli-2.14.2 2023-08-09 18:45:18 +00:00
Brandon Stewart
26401fec70 address PR comments 2023-08-09 18:44:42 +00:00
Brandon Stewart
93dd9d0aa4 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-08 12:54:54 -04:00
github-actions[bot]
79c90fa36a Release preparation for version 2.14.2 2023-08-07 18:08:52 +00:00
Maiky
c54561e775 Merge branch 'main' into maikypedia/ldap-improper-auth 2023-08-03 16:49:30 +02:00
Tom Hvitved
525ed65b0b Rename getNode to getAstNode 2023-08-03 10:56:50 +02:00
Alex Ford
f437a6f729 Merge branch 'main' into maikypedia/ldap-injection 2023-07-31 16:00:41 +01:00
Alex Ford
2240e4bffb Ruby: fix changenote date format 2023-07-31 14:56:53 +01:00
Brandon Stewart
f241498cab correct additional pascalcase issue 2023-07-26 17:55:56 +00:00
Brandon Stewart
1a83554b0c correct typo 2023-07-26 17:54:42 +00:00
Brandon Stewart
346a2f269e Update UnsafeHmacComparison.ql 2023-07-26 13:48:42 -04:00
Brandon Stewart
42adbe0cd4 address linter 2023-07-26 17:43:34 +00:00
Brandon Stewart
adddc58b61 address linter 2023-07-26 17:38:06 +00:00
Brandon Stewart
494e7d9a3f add unsafe HMAC comparison query and qlhelp file 2023-07-26 17:28:22 +00:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Alex Ford
a524735236 Merge branch 'main' into maikypedia/ldap-injection 2023-07-14 12:05:17 +01:00
Erik Krogh Kristensen
4f1c12e9dc apply suggestion from review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2023-07-13 14:49:25 +02:00
erik-krogh
1fe66232c6 suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements 2023-07-13 14:28:11 +02:00
Asger F
8d2dba18c0 Ruby: change note 2023-07-13 11:53:16 +02:00
Maiky
119a32fe0e fix naming error 2023-07-12 23:54:58 +02:00
Maiky
c255f8717d Change hasFlowPath to flowPath 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-07-11 19:20:54 +02:00
Mathias Vorreiter Pedersen
44f23bfa59 Merge pull request #13690 from github/post-release-prep/codeql-cli-2.14.0 
Post-release preparation for codeql-cli-2.14.0
 2023-07-07 23:39:38 +01:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Asger F
b14cac6b28 Merge pull request #12689 from asgerf/rb/perf-diagnostics 
Ruby: performance diagnostics query
 2023-07-07 14:25:56 +02:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Asger F
59c72836d3 Ruby: fix typo 2023-07-06 14:57:24 +02:00
Asger F
db58d32f7a Ruby: Add a query ID 2023-07-06 14:57:24 +02:00
Asger F
d123e5ba63 Ruby: add performance diagnostic query 2023-07-06 14:57:24 +02:00
Maiky
a3c58c66e9 Using DataFlow::ConfigSig instead of TaintTracking::Configuration 2023-07-06 03:14:49 +02:00
Erik Krogh Kristensen
8676516cb9 recursively -> repeatedly 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-03 13:17:13 +02:00
erik-krogh
3e2b8124c9 apply suggestions from review 2023-07-03 10:03:45 +02:00
erik-krogh
bea4162736 delete multi-char note from the incomplete-sanitization qhelp 2023-07-03 09:10:54 +02:00
erik-krogh
a60478ba8a write qhelp for js/incomplete-multi-character-sanitization 2023-07-03 09:07:13 +02:00
github-actions[bot]
668aaa2dc8 Post-release preparation for codeql-cli-2.13.5 2023-06-30 08:51:48 +00:00
github-actions[bot]
9d7987f822 Release preparation for version 2.13.5 2023-06-29 09:26:18 +00:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
Tony Torralba
c97868f774 Add change notes 2023-06-16 09:01:02 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Maiky
e5fe5403b7 Apply requested changes 2023-06-14 22:55:14 +02:00