hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 05:06:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,890 Commits 1,673 Branches 157 Tags
5259a6ecfceddfd86546600bd19722a26fb30efc
Commit Graph

580 Commits

Author SHA1 Message Date
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
Tony Torralba
c97868f774 Add change notes 2023-06-16 09:01:02 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Asger F
0d45074caa Merge pull request #13422 from asgerf/rb/map_filter 
Ruby: fix bug in filter_map summary
 2023-06-13 09:43:47 +02:00
Asger F
452af312ff Ruby: change note 2023-06-12 10:07:26 +02:00
Arthur Baars
7324d1705e Merge branch 'main' into amammad-ruby-YAMLunsafeLoad 2023-06-06 12:09:06 +02:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Harry Maclean
e70e3e52dc Ruby: fix typo in qhelp 2023-05-29 04:05:42 +00:00
Harry Maclean
ca1024e285 Ruby: Reword unsafe deserialization qhelp 2023-05-29 03:46:30 +00:00
Harry Maclean
e515981c81 Ruby: Remove unused examples 2023-05-27 12:01:00 +00:00
Harry Maclean
b8c3cba4ff Ruby: Consolidate unsafe deserialization queries 
Merge the experimental YAMLUnsafeDeserialization and
PlistUnsafeDeserialization queries into the generate
UnsafeDeserialization query in the default suite.

These queries look for some specific sinks that we now find in the
general query.

Also apply some small code and comment refactors.
 2023-05-27 01:20:04 +00:00
amammad
40e24b6b94 v4.1 fix file names in qhelp 2023-05-27 01:15:29 +00:00
amammad
335441ce04 v4: make variable names camelCase, some inhancement, remove some duplicates 2023-05-27 01:15:29 +00:00
amammad
b9296d3df8 v2.1 fix file names 2023-05-27 01:14:36 +00:00
amammad
4360a56b45 v2 add plist.parse_xml as a dangerous sink and enhancements on documents 2023-05-27 01:14:36 +00:00
amammad
0521ffe175 v1.4 correct dirs uppercase issue 2023-05-27 01:14:36 +00:00
amammad
0e343e5a12 v1.3 2023-05-27 01:14:36 +00:00
amammad
d96153a05e v1.2 change to PascalCase 2023-05-27 01:14:36 +00:00
amammad
e4b8a0e06d v1.1 2023-05-27 01:14:36 +00:00
amammad
486a5ac96f v1 2023-05-27 01:14:36 +00:00
Asger F
3831dc7785 Merge pull request #13288 from asgerf/rb/super-and-flow-through 
Ruby: two bug fixes
 2023-05-26 15:04:52 +02:00
Asger F
cfaa27ab5d Ruby: change note 2023-05-26 14:44:00 +02:00
yoff
af1f4c30fb Merge pull request #13299 from asgerf/rb/meta-query-summarised-callable-sites 
Ruby/Python: add meta-queries for calls to summarised callables
 2023-05-26 13:27:56 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
Sim4n6
09c97ce0da Added one more example to the qhelp 2023-05-25 09:41:22 +01:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Asger F
8bd6f6c450 Ruby: change note 2023-05-24 10:22:22 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
Sim4n6
0a0a6dde40 Replaced CGI.escapeHTML() with the html_escape() 2023-05-20 17:59:39 +01:00
Sim4n6
f5ff50880c Updated qhelp for the use of html_escape() 2023-05-20 17:58:24 +01:00
Sim4n6
e345d7dca4 Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:54:03 +01:00
Sim4n6
7cd1fd4bbf CWE-179 and CWE-180 are included in metadata 2023-05-20 12:51:45 +01:00
Sim4n6
c9c7179a0b Deleted the ugly flowchart. 2023-05-20 12:49:46 +01:00
Sim4n6
c3c65ca712 Qhelp formatting 2023-05-20 12:48:26 +01:00
Sim4n6
8dcf139b45 Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:46:54 +01:00
Sim4n6
69ca49f168 Deleted the UBV query change note. 2023-05-20 12:39:54 +01:00
erik-krogh
480e71fd69 avoid contractions 2023-05-17 08:42:45 +02:00
erik-krogh
83ca1495e0 trim the whitespace in the poly-redos examples 2023-05-15 16:47:24 +02:00
erik-krogh
d989359656 add another example to the qhelp in poly-redos, showing how to just limit the length of the input 2023-05-15 16:47:02 +02:00
Kasper Svendsen
e6ca3fe272 Ruby: Enable implicit this warnings 2023-05-10 13:03:39 +02:00
Kasper Svendsen
6b8a7c2f6f Ruby: Make implicit this receivers explicit 2023-05-10 13:03:39 +02:00