hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,801 Commits 1,692 Branches 160 Tags
3d942867856d794208fa0e0056cd24993fec6d9f
Commit Graph

269 Commits

Author SHA1 Message Date
erik-krogh
88de299e12 add join(" ") calls as a sink for rb/shell-command-constructed-from-input 2022-11-09 21:46:25 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
erik-krogh
f3741ff1e4 changes based on review 2022-11-03 09:41:05 +01:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Erik Krogh Kristensen
93fb2930c8 Merge pull request #10968 from erik-krogh/fixRbCode 
RB: fix rb/code-injection
 2022-10-28 09:14:14 +02:00
Rasmus Wriedt Larsen
adf109b624 Merge branch 'main' into inline-fail-tag 2022-10-27 13:42:32 +02:00
Rasmus Wriedt Larsen
6d43db43dd Ruby: Fix tag missing from getARelevantTag 2022-10-27 09:12:06 +02:00
thiggy1342
9c1fbfd330 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-25 13:09:17 -04:00
erik-krogh
e8dce25cc2 fix rb/code-injection 2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen
ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
 2022-10-24 18:59:36 +02:00
thiggy1342
952ad6ea46 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-24 09:52:24 -04:00
erik-krogh
85cd7f9121 add model for Dir.glob and other Dir methods 2022-10-24 12:05:26 +02:00
thiggy1342
244a3329e0 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-20 16:37:57 -04:00
thiggy1342
4c3e3e442a Add Faraday::Connection.new as sink for SSRF query 2022-10-20 20:32:08 +00:00
erik-krogh
7797211118 Merge branch 'main' into unsafeRbCmd 2022-10-20 10:34:17 +02:00
erik-krogh
3dd89bb7bf remove duplicate alerts due to multiple states reaching the same sink 2022-10-19 13:19:18 +02:00
erik-krogh
3e51f6fa8e use flow-states to remove FPs related to an attacker only controlling a substring in code-injection 2022-10-19 13:00:44 +02:00
erik-krogh
d77b31672d add failing test for safe-ish uses of Object.send 2022-10-19 11:27:08 +02:00
erik-krogh
cb33d5aeff add test for .send(..) in code-injection 2022-10-19 11:25:30 +02:00
erik-krogh
8a3e255e12 remove FPs in rb/stored-xss from spurious sources 2022-10-18 11:07:48 +02:00
erik-krogh
5a98f66bef simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink 2022-10-18 10:43:22 +02:00
Arthur Baars
f7ff2cdc0d Merge branch 'main' into actiondispatch-response 2022-10-17 13:22:17 +02:00
Erik Krogh Kristensen
122d188f1d Merge pull request #10832 from erik-krogh/passRb 
RB: add model for the `Digest` and `OpenSSL::Digest` modules
 2022-10-17 10:02:33 +02:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
8ae86cf443 Ruby: Consider header writes as XSS sinks 2022-10-17 08:17:37 +13:00
erik-krogh
7c76645157 add model for the core OpenSSL::Digest module 2022-10-14 13:25:34 +02:00
erik-krogh
e2476949b9 add model for the core Digest module 2022-10-14 12:49:37 +02:00
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Alex Ford
594812640e Merge pull request #10746 from alexrford/ruby/activejob-deserialize 
Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink
 2022-10-13 15:36:45 +01:00
erik-krogh
3a3a5aa17c add case-in as a sink for polynomial-redos 2022-10-13 12:36:07 +02:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
erik-krogh
66b3fe3425 add case-when expressions as a sink to rb/polynomial-redos 2022-10-12 19:57:01 +02:00
Alex Ford
0536d4b540 Merge branch 'main' into ruby/activejob-deserialize 2022-10-12 15:04:12 +01:00
Alex Ford
3d08a2954d Ruby: add rb/unsafe-deserialization sinks for const_get args 2022-10-11 15:45:51 +01:00
Alex Ford
a3f096a6bc Ruby: rb/unsafe-deserialization test realignment 2022-10-11 15:44:00 +01:00
erik-krogh
557dd10896 add a rb/unsafe-shell-command-construction query 2022-10-11 13:26:01 +02:00
erik-krogh
99b90789e5 add .shellescape as a sanitizer for rb/command-injection 2022-10-11 13:05:19 +02:00
erik-krogh
b16b3c0394 move cwe-078 tests into subfolders 2022-10-11 13:05:19 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
erik-krogh
186205bd4b add a test for explicit shell invocations using Kernel.open 2022-10-11 09:23:29 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Alex Ford
ee77404006 Ruby: Add ActiveJob::Serializers.deserialize as a code execution sink 2022-10-09 22:28:22 +01:00