codeql

mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00

Author	SHA1	Message	Date
github-actions[bot]	59da2cdf69	Release preparation for version 2.7.4	2021-12-14 21:35:09 +00:00
Rasmus Wriedt Larsen	1e45fa9ed4	JS/Py/Ruby: Add more CWEs to bad-tag-filter queries CWE-185: Incorrect Regular Expression The software specifies a regular expression in a way that causes data to be improperly matched or compared. https://cwe.mitre.org/data/definitions/185.html CWE-186: Overly Restrictive Regular Expression > A regular expression is overly restrictive, which prevents dangerous values from being detected. > > (...) [this CWE] is about a regular expression that does not match all > values that are intended. (...) https://cwe.mitre.org/data/definitions/186.html From my understanding, CWE-625: Permissive Regular Expression, is not applicable. (since this is about accepting a regex match where there should not be a match).	2021-12-13 10:23:24 +01:00
Nick Rolfe	a4da528812	Ruby: query to find user-controlled bypass of sensitive actions	2021-12-10 11:41:09 +00:00
github-actions[bot]	87b968f337	Post-release preparation 2.7.3	2021-12-02 00:46:55 +00:00
github-actions[bot]	337ce65fe5	Release preparation for version 2.7.3	2021-11-30 20:39:35 +00:00
Dave Bartolomeo	9f6c0991cf	Catch up with recent change notes	2021-11-29 16:41:18 -05:00
Dave Bartolomeo	5ed9029143	Move change notes to correct directories	2021-11-29 16:31:11 -05:00
Dave Bartolomeo	75fb47c76f	Ruby change notes	2021-11-29 16:17:19 -05:00
Dave Bartolomeo	d0dac03bad	Manually bump versions	2021-11-29 14:21:08 -05:00
Dave Bartolomeo	2dfcd1dd9c	Add `groups` property Also removed versions from test packs	2021-11-29 14:15:53 -05:00
Rasmus Wriedt Larsen	2a5e0a3b77	Merge pull request #7145 from RasmusWL/remove-owasp-tags Python/Ruby: Remove owasp tags	2021-11-24 13:56:48 +01:00
Nick Rolfe	1a90b388a9	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-23 15:42:05 +00:00
Alex Ford	055641e684	Merge pull request #7062 from github/ruby/rails-csrf Ruby: Add `rb/csrf-protection-disabled` query	2021-11-23 13:46:42 +00:00
Nick Rolfe	5b11cfe006	Ruby: fix up import path	2021-11-22 17:10:46 +00:00
Nick Rolfe	752b126862	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-22 17:05:27 +00:00
Harry Maclean	6f22867af9	Merge pull request #7015 from github/hmac/ssrf Ruby: Add Server-Side Request Forgery query	2021-11-22 12:41:39 +00:00
Erik Krogh Kristensen	9f08acab7e	Merge pull request #7170 from erik-krogh/qldocStyle Ruby: use A/An/The to start qlDoc for classes	2021-11-19 17:34:35 +01:00
Erik Krogh Kristensen	75586b0cf6	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-19 13:23:01 +01:00
Harry Maclean	8fc7e4be43	Ruby: Increase precision of SSRF query	2021-11-19 11:28:09 +00:00
Harry Maclean	e87a4531d8	Remove redundant imports	2021-11-19 11:28:08 +00:00
Harry Maclean	ac20eafecc	Add qhelp for Ruby SSRF	2021-11-19 11:28:08 +00:00
Harry Maclean	2bba31eb02	Update metadata of Ruby SSRF query	2021-11-19 11:28:08 +00:00
Harry Maclean	dc464879a2	Add a query for server-side request forgery	2021-11-19 11:28:08 +00:00
Erik Krogh Kristensen	af55f172ae	use A/An/The to start qlDoc for classes	2021-11-18 15:42:45 +01:00
Erik Krogh Kristensen	011fc20963	use matches instead of regexpMatch	2021-11-18 15:41:25 +01:00
Erik Krogh Kristensen	1cca377e7d	Merge pull request #6561 from erik-krogh/htmlReg JS/Py/Ruby: add a bad-tag-filter query	2021-11-18 09:39:13 +01:00
Rasmus Wriedt Larsen	98e6fc8a88	Python/Ruby: Remove owasp tags These are no longer correct, since the A1 category changed from 2017 to 2021, see https://owasp.org/Top10/#whats-changed-in-the-top-10-for-2021 Since only a very few queries had these tags, I think we're much better off having them removed.	2021-11-16 12:03:50 +01:00
Tom Hvitved	d1a09b62d3	Address review comments	2021-11-12 16:31:00 +01:00
Tom Hvitved	3471e757f2	Ruby: Fix performance problem in `Definitions.ql`	2021-11-12 14:35:16 +01:00
Erik Krogh Kristensen	b639a8d183	update ruby example Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-11 14:04:38 +01:00
Alex Ford	37775407a9	ruby: drop a redundant bit of documentation	2021-11-09 14:07:00 +00:00
Alex Ford	c65d1d9a50	ruby: CSRFProtectionDisabled.qhelp fixes Co-authored-by: Harry Maclean <hmac@github.com>	2021-11-09 14:05:41 +00:00
Alex Ford	2581efc18a	ruby: downgrade rb/hardcoded-credentials precision from high to medium	2021-11-08 12:32:38 +00:00
Alex Ford	d324f9397c	qhelp for rb/csrf-protection-disabled	2021-11-04 19:56:56 +00:00
Alex Ford	fad7e9489b	Add a query to detect instances of CSRF protection being disabled	2021-11-04 19:56:55 +00:00
Erik Krogh Kristensen	02f500b9c2	Merge branch 'main' into htmlReg	2021-11-04 12:58:42 +01:00
Nick Rolfe	dd17271ec8	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-03 11:55:42 +00:00
Nick Rolfe	898f5ec596	Ruby: use the `rb/` prefix in all query ids	2021-11-02 11:42:02 +00:00
MalikIdreesHasa	e44e982065	Fixed a typo.	2021-10-31 15:11:39 +00:00
Nick Rolfe	bd92403b42	Ruby: fix qhelp	2021-10-28 10:42:56 +01:00
Nick Rolfe	11154a9409	Ruby: add regex injection query	2021-10-27 15:58:12 +01:00
Erik Krogh Kristensen	97264b5dda	add the bad tag filter query to ruby	2021-10-26 15:25:12 +02:00
Erik Krogh Kristensen	2ddf445caf	move ruby files to match file structure from js/py	2021-10-26 14:54:12 +02:00
Nick Rolfe	3851a27fc1	Merge pull request #358 from github/external-control-file-path Add rb/path-injection query	2021-10-22 15:38:39 +01:00
Arthur Baars	4f72d0853a	Merge pull request #375 from github/rc/3.3 Merge rc/3.3 into main	2021-10-21 18:16:57 +02:00
Nick Rolfe	86da3c2db3	Add rb/path-injection query	2021-10-20 12:31:16 +01:00
shati-patel	83a1260769	Move queries.xml to `src`	2021-10-18 11:18:00 +01:00
Arthur Baars	ceecb23118	Merge remote-tracking branch 'rc/3.3' into 'main'	2021-10-15 15:21:48 +02:00
Arthur Baars	976daddd36	Move files to ruby subfolder	2021-10-15 11:47:28 +02:00

... 10 11 12 13 14

699 Commits