hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
52,272 Commits 1,741 Branches 165 Tags
4ba1740c459059992c04effaeacfd42aecd00a80
Commit Graph

11 Commits

Author SHA1 Message Date
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00
Harry Maclean
2d95b6a049 Ruby: Add count_by_sql as SQL sink 2023-03-13 08:40:32 +13:00
Harry Maclean
c97dccf0de Ruby: Add reorder as a SQL sink 
In recent versions of Rails this method doesn't seem to be vulnerable,
but it may be in previous versions. There's a slight FP risk here, but
I think it is small.
 2023-03-13 08:38:17 +13:00
Nick Rolfe
5a15558355 Ruby: treat an Arel.sql call as a SqlConstruction 2022-11-10 14:11:14 +00:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Tom Hvitved
400802c5ce Ruby: Add flow summaries for Array/Enumerable methods 2021-12-22 15:56:20 +01:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00