hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,811 Commits 1,673 Branches 157 Tags
42e1735f2a5a059bcacbf495147cd4890d48ee99
Commit Graph

345 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
7d282c3d75 fix casing in alert-message 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-11 11:12:59 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
erik-krogh
38c17c5d0c Merge branch 'main' into rbMeta 2022-10-10 12:22:56 +02:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
erik-krogh
cbeefd418b add change-note 2022-10-07 13:47:32 +02:00
erik-krogh
5d9c68c962 remove the taint-steps meta query 2022-10-07 13:21:24 +02:00
erik-krogh
a0725fba71 fix some more style-guide violations in the alert-messages 2022-10-07 12:01:03 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
erik-krogh
c1fae91a1f have rb/meta/taint-steps print only one for each file, to limit the size of the output 2022-10-06 15:19:11 +02:00
erik-krogh
169965cfb9 make rb/meta/taint-steps into a @kind problem query 2022-10-06 13:28:10 +02:00
erik-krogh
db056aae1b add some more meta queries for Ruby evaluations 2022-10-06 10:14:28 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Nick Rolfe
525fe12671 Merge pull request #10585 from github/nickrolfe/libxml-xxe 
Ruby: detect uses of LibXML with entity substitution enabled by default
 2022-10-05 09:51:39 +01:00
Erik Krogh Kristensen
5ba7c13ecd fix alert-message by adding the link 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e simplify the where clause of rb/kernel-open 2022-10-04 13:49:50 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00
Tom Hvitved
299339f817 Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached 2022-09-30 14:56:55 +02:00
Nick Rolfe
8ca1e1b2d1 Ruby: add changenote for XXE improvements 2022-09-27 16:11:41 +01:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Nick Rolfe
ee34ac5394 Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml 
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
 2022-09-22 10:59:49 +01:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Nick Rolfe
2edbc16829 Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink 2022-09-21 13:01:21 +01:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Erik Krogh Kristensen
7e17a919ae Merge pull request #10304 from erik-krogh/rb-followMsg 
RB: make the alert messages of taint-tracking queries more consistent
 2022-09-20 22:58:31 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
erik-krogh
79a048968e make the alert messages of taint-tracking queries more consistent 2022-09-07 12:22:50 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Nick Rolfe
acf5b11139 Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code 2022-08-25 11:44:55 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
erik-krogh
f7846a598e add change-notes 2022-08-23 07:54:01 +02:00
erik-krogh
df9a9f4a56 update rb/stored-css to match javascript 2022-08-22 21:41:47 +02:00
erik-krogh
9b257bfa9e update rb/reflected-xss to match javascript 2022-08-22 21:41:47 +02:00
erik-krogh
778879908e update rb/code-injection to match python 2022-08-22 21:41:46 +02:00
erik-krogh
034d197e01 update {java/rb}/xxe to match python/javascript 2022-08-22 21:41:46 +02:00
erik-krogh
3553f3d9b8 update {rb/py/js/go}/path-injection to match java/csharp 2022-08-22 21:41:45 +02:00
erik-krogh
b471a401cc update {rb/js/java}/unused-parameter to match python 2022-08-22 21:41:45 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen
61bf2154cd Merge branch 'main' into shared-http-client-request 2022-08-22 12:05:37 +02:00
Rasmus Wriedt Larsen
10968bf115 Ruby: Fix alert-msg logic for RequestWithoutValidation.ql 
This really surprised me, but as shown on the results, it does actually
make a difference in the alert-message.
 2022-08-19 15:50:09 +02:00