hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 19:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,850 Commits 1,692 Branches 161 Tags
3e5c2ddeaf7ec757e1a708cb66fcd9db663ca581
Commit Graph

159 Commits

Author SHA1 Message Date
Nora Dimitrijević
495be51ae7 Ruby/WeakParams 2025-10-28 09:40:43 +01:00
Nora Dimitrijević
50f2540db1 Ruby/ManuallyCheckHttpVerb 2025-10-28 09:40:41 +01:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Jeroen Ketema
b3225cf7e3 Rubt: Fix typo in query message 2025-07-04 15:22:03 +02:00
Nora Dimitrijević
6f7e0d6bc8 Ruby: mass enable diff-informed data flow none() location overrides 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Adds `getASelected{Source,Sink}Location() { none() }` override to queries that select a dataflow source or sink as a location, but not both.
 2025-06-17 15:48:11 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Asger F
fcb8cac930 Ruby: resolve inserted TODOs 2025-01-23 11:48:46 +01:00
Asger F
1c136e3cd0 Ruby: rerun patch query after bugfix 2025-01-23 10:33:58 +01:00
Asger F
4dc632f742 Ruby: mass enable diff-informed data flow 2025-01-17 13:21:52 +01:00
am0o0
f06c3fddd9 fix qhelp, fix duplicate query id 2024-05-16 15:12:31 +02:00
Alex Ford
78dc6502f5 Merge branch 'main' into amammad-ruby-bombs 2024-05-16 13:53:31 +01:00
Harry Maclean
b86643fab2 Ruby: doc fixes 2024-02-26 12:57:21 +00:00
Harry Maclean
8a670fe9a2 Ruby: formatting 2024-02-26 12:26:04 +00:00
amammad
32f5667bb6 revert YAML.qll and yaml sinks to previous PR, make a separate experimental query only for yaml 2024-02-26 12:12:03 +00:00
Maiky
c2c4d9e4d1 ` change to <code> 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2024-01-27 14:08:55 +01:00
amammad
2097a001b9 apply code review suggestions, fix qldoc, add experimental additional taint steps that can improve performance 2023-11-22 10:01:51 +01:00
Maiky
35d390ad06 Add Insecure Randomness Query (CWE-338) 2023-10-21 17:23:41 +02:00
amammad
2e4e5ef480 fix a comment 2023-10-17 10:42:40 +02:00
Alex Ford
3dd042c38a Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt 2023-10-16 12:42:19 +01:00
amammad
609bb762fe fix a bug,modularize 2023-10-11 12:04:11 +02:00
amammad
90017712a6 Merge remote-tracking branch 'origin/main' into amammad-ruby-bombs 2023-10-11 10:45:16 +02:00
Alex Ford
9d421ffa8d Ruby: configsig rb/improper-ldap-auth 2023-09-21 12:24:15 +01:00
Maiky
f08eb3cdf4 Doc change 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:51:53 +02:00
Maiky
15b965bb3b rename verifies() to verifiesSignature() 2023-09-15 11:45:19 +02:00
Maiky
c43d0866f6 Update ruby/ql/src/experimental/cwe-347/EmptyJWTSecret.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:42:43 +02:00
Maiky
d4f6111621 Naming change 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-09-15 11:40:51 +02:00
amammad
d44c9d3e74 stash 2023-09-08 05:51:21 +10:00
Alex Ford
5b013dd5d2 Merge branch 'main' into rb/dataflow-query-refactor 2023-09-07 14:57:38 +01:00
Alex Ford
13300a2e2f Ruby: un-private PathGraph imports 2023-09-07 14:24:46 +01:00
amammad
4191b07b1f Merge branch 'github:main' into amammad-ruby-bombs 2023-09-06 20:17:49 +10:00
Alex Ford
f24102e0e7 Ruby: configsig rb/weak-params 2023-09-03 17:20:06 +01:00
Alex Ford
6c06def5d7 Ruby: configsig rb/manually-checking-http-verb 2023-09-03 17:20:06 +01:00
Alex Ford
39af2d2870 Ruby: configsig rb/user-controlled-file-decompression 2023-09-03 17:20:06 +01:00
Alex Ford
b6d12f8b1c Ruby: configsig rb/zip-slip 2023-09-03 17:20:05 +01:00
Alex Ford
ebf2a2e1f5 Ruby: configsig rb/unicode-bypass-validation 2023-09-03 17:20:05 +01:00
Alex Ford
77f3a70376 Ruby: renames for rb/xpath-injection 2023-09-03 17:20:05 +01:00
Alex Ford
3e23a6e021 Ruby: configsig rb/server-side-template-injection 2023-09-03 17:20:05 +01:00
Alex Ford
eb34bbbfd2 Ruby: renames for rb/ldap-injection 2023-09-03 17:20:04 +01:00
Alex Ford
2536f1a0cd Ruby: configsig rb/user-controlled-bypass 2023-09-03 17:20:04 +01:00
Brandon Stewart
56f0387613 Merge branch 'main' into add-cwe-208 2023-08-29 13:09:59 -04:00
Maiky
17565cde75 Add JWT Security Queries 2023-08-25 21:28:53 +02:00
Maiky
ffd618d6cc Revert "Add "" and nil as sources" 
This reverts commit 664c1eba72.
 2023-08-25 15:23:55 +02:00
Maiky
664c1eba72 Add "" and nil as sources 2023-08-22 18:10:33 +02:00
Brandon Stewart
01577dac32 format document 2023-08-10 13:59:47 +00:00
Brandon Stewart
b899b648e5 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-10 09:21:16 -04:00
Brandon Stewart
7882cf0bf0 Update ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-10 09:21:02 -04:00
Brandon Stewart
74567041a7 remove pathgraph 2023-08-09 19:51:07 +00:00
Brandon Stewart
cca4c35cf8 add pathgraph 2023-08-09 19:23:21 +00:00
Brandon Stewart
7f07422a5d Merge branch 'main' into add-cwe-208 2023-08-09 14:52:51 -04:00
Brandon Stewart
07d5beca34 run format document 2023-08-09 18:51:55 +00:00