codeql

mirror of https://github.com/github/codeql.git synced 2026-01-22 10:52:58 +01:00

Author	SHA1	Message	Date
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Nick Rolfe	ee34ac5394	Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-22 10:59:49 +01:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Nick Rolfe	2edbc16829	Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-21 13:01:21 +01:00
Tom Hvitved	a9f2e5272f	Merge pull request #10376 from hvitved/ruby/no-ast-by-default Ruby: Do not expose AST layer through `ruby.qll`	2022-09-21 13:15:30 +02:00
Erik Krogh Kristensen	7e17a919ae	Merge pull request #10304 from erik-krogh/rb-followMsg RB: make the alert messages of taint-tracking queries more consistent	2022-09-20 22:58:31 +02:00
Andrew Eisenberg	58e4861b45	Merge branch 'main' into rc/3.7	2022-09-20 12:43:20 -07:00
github-actions[bot]	67ce442674	Post-release preparation for codeql-cli-2.10.5	2022-09-16 14:23:44 +00:00
Tom Hvitved	007ab2b7ce	Ruby: Do not expose AST layer through `ruby.qll`	2022-09-13 19:59:56 +02:00
erik-krogh	063c76b6d1	apply suggestions from review	2022-09-13 10:52:23 +02:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
github-actions[bot]	a9d80a5a48	Release preparation for version 2.10.5	2022-09-08 11:35:54 +00:00
erik-krogh	79a048968e	make the alert messages of taint-tracking queries more consistent	2022-09-07 12:22:50 +02:00
Rasmus Wriedt Larsen	a9e1e72196	Merge branch 'main' into shared-http-client-request	2022-09-06 10:52:27 +02:00
Edoardo Pirovano	8f332714f4	Merge pull request #10260 from github/edoardo/3.7-mergeback Merge `rc/3.7` into `main`	2022-09-01 15:44:17 +01:00
Nick Rolfe	898689f550	Merge pull request #9896 from github/nickrolfe/hardcoded_code Ruby: port js/hardcoded-data-interpreted-as-code	2022-08-26 13:49:25 +01:00
github-actions[bot]	3b4ad3c4f1	Post-release preparation for codeql-cli-2.10.4	2022-08-26 09:32:11 +00:00
github-actions[bot]	0f63bc077f	Release preparation for version 2.10.4	2022-08-25 12:52:26 +00:00
Nick Rolfe	acf5b11139	Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code	2022-08-25 11:44:55 +01:00
erik-krogh	1c0f2251e2	Merge branch 'main' into msgConsis	2022-08-24 14:38:57 +02:00
erik-krogh	f7846a598e	add change-notes	2022-08-23 07:54:01 +02:00
erik-krogh	df9a9f4a56	update rb/stored-css to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	9b257bfa9e	update rb/reflected-xss to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	778879908e	update rb/code-injection to match python	2022-08-22 21:41:46 +02:00
erik-krogh	034d197e01	update {java/rb}/xxe to match python/javascript	2022-08-22 21:41:46 +02:00
erik-krogh	3553f3d9b8	update {rb/py/js/go}/path-injection to match java/csharp	2022-08-22 21:41:45 +02:00
erik-krogh	b471a401cc	update {rb/js/java}/unused-parameter to match python	2022-08-22 21:41:45 +02:00
erik-krogh	e89e0eb7fb	make some acronyms camelCase	2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen	61bf2154cd	Merge branch 'main' into shared-http-client-request	2022-08-22 12:05:37 +02:00
Rasmus Wriedt Larsen	10968bf115	Ruby: Fix alert-msg logic for `RequestWithoutValidation.ql` This really surprised me, but as shown on the results, it does actually make a difference in the alert-message.	2022-08-19 15:50:09 +02:00
Rasmus Wriedt Larsen	47c9c5bddd	Ruby: Update `RequestWithoutValidation.ql` to match Python version No library modeling currently has support for the new disablesCertificateValidation/2, so only the alert text has changed (removed an import from Python so the queries would ACTUALLY match)	2022-08-18 14:32:41 +02:00
Tom Hvitved	08a5b5dc73	Merge pull request #10089 from hvitved/ruby/local-source-nodes Ruby: Reduce size of `isLocalSourceNode`	2022-08-18 12:02:35 +02:00
Harry Maclean	70ec70940a	Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization	2022-08-18 10:02:39 +12:00
Tom Hvitved	ed2ec1acc0	Ruby: Reduce size of `isLocalSourceNode`	2022-08-17 17:19:30 +02:00
Alex Ford	d4d6657cb7	Merge pull request #10008 from alexrford/rb/log-injection Ruby: Add `rb/log-injection` query	2022-08-17 15:01:22 +01:00
Harry Maclean	f1a546c4d6	Rename IncompleteMultiCharacterSanitization[Query]	2022-08-17 16:03:49 +12:00
Harry Maclean	f2384a6a8f	Ruby: Share more code with JS	2022-08-17 16:03:49 +12:00
Harry Maclean	025e34d8e1	Ruby: Simplify imports	2022-08-17 16:03:48 +12:00
Harry Maclean	ab6287aebd	Ruby: Fix import	2022-08-17 16:03:48 +12:00
Harry Maclean	3fba4a5fa7	Ruby: Add change note for new query	2022-08-17 16:02:48 +12:00
Harry Maclean	c234bd94d1	Ruby: IncompleteMultiCharacterSanitization Query This query is similar to IncompleteSanitization but for multi-character sequences.	2022-08-17 16:02:48 +12:00
Alex Ford	d02ad51d74	Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 Post-release preparation for codeql-cli-2.10.3	2022-08-16 12:04:07 +01:00
Erik Krogh Kristensen	f106e064fa	Merge pull request #9422 from erik-krogh/refacReDoS Refactorizations of the ReDoS libraries	2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen	0adb588fe8	Merge pull request #9712 from erik-krogh/badRange JS/RB/PY/Java: add suspicious range query	2022-08-15 13:55:44 +02:00
github-actions[bot]	21d0c78376	Post-release preparation for codeql-cli-2.10.3	2022-08-11 23:20:39 +00:00
github-actions[bot]	57c4f9145b	Release preparation for version 2.10.3	2022-08-11 11:12:15 +00:00
Alex Ford	7a61f59b1e	Ruby: add change note for new rb/log-injeciton query	2022-08-10 16:17:55 +01:00
Alex Ford	00e290e1f1	Ruby: document rb/log-injection	2022-08-10 16:17:18 +01:00
Alex Ford	c31995764b	Ruby: add rb/log-inection query	2022-08-10 16:16:54 +01:00
Erik Krogh Kristensen	49276b1f38	Merge branch 'main' into refacReDoS	2022-08-09 16:18:46 +02:00

1 2 3 4 5 ...

325 Commits