hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

1685 Commits

Author SHA1 Message Date
Asger F
9838e2e101 Ruby: Rename getAValueReachingRhs -> getAValueReachingSink 2022-06-21 12:44:16 +02:00
Asger F
7c877c7861 Ruby: Rename getARhs -> asSink 2022-06-21 12:44:16 +02:00
Asger F
2f8086bb57 Ruby: Rename getAUse -> getAValueReachableFromSource 2022-06-21 12:44:16 +02:00
Asger F
573c5c5efe Ruby: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:16 +02:00
Asger F
f2403e2610 Ruby: port API graph doc comment 2022-06-21 12:44:16 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Arthur Baars
c5d3df087d Update tree-sitter-embeded-template 2022-06-20 17:04:27 +02:00
Michael Nebel
649757c27f Java/Ruby: Sync files. 2022-06-20 16:20:01 +02:00
Anders Schack-Mulligen
1b13790a36 Ruby: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
Alex Ford
5923eb4962 Merge pull request #9566 from alexrford/ruby/activerecord-findby-dynamic 
Ruby: recognize ActiveRecord `find_by_x` methods
 2022-06-17 09:39:46 +01:00
Harry Maclean
230192df3b Merge pull request #9267 from hmac/hmac/improper-memoization 
Ruby: Add Improper Memoization query
 2022-06-17 16:31:55 +12:00
Arthur Baars
e95194ce67 Merge pull request #9477 from thiggy1342/experimental-archive-api 
RB: Adding experimental query for detecting path traversal in Archive libraries
 2022-06-16 17:45:18 +02:00
Rasmus Wriedt Larsen
45af148f05 Merge pull request #9215 from RasmusWL/ruby-mad-argument-self 
Ruby: Fixes for `Argument[any,any-named]` in MaD
 2022-06-16 17:38:32 +02:00
Anders Schack-Mulligen
6518a01ded Dataflow: Sync. 2022-06-16 11:25:28 +02:00
Rasmus Wriedt Larsen
24750dcc17 Ruby: Sync comment for self API graph label 2022-06-16 11:03:07 +02:00
Rasmus Wriedt Larsen
2ad4921a76 Ruby: Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2022-06-16 11:01:14 +02:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
056fa71f3e add change notes 2022-06-16 01:04:50 +00:00
Harry Maclean
311296469d Minor improvements to ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
1ac604f769 Ruby: Private import in ImproperMemoizationQuery 2022-06-16 12:44:33 +12:00
Harry Maclean
457a84006c Ruby: Narrow memo method candidates earlier 2022-06-16 12:44:33 +12:00
Harry Maclean
ef6f0e5b30 Ruby: Add Improper Memoization query 
This query finds cases where a method memoizes its result but fails to
include one or more of its parameters in the memoization key (or doesn't
use memoization keys at all). This can lead to the method returning
incorrect results when subsequently called with different arguments.
 2022-06-16 12:44:33 +12:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
Alex Ford
34065f9e93 Ruby: recognize ActiveRecord find_by_x methods 2022-06-15 14:33:09 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
thiggy1342
ae86e0daea spelling fix 2022-06-15 01:51:40 +00:00
thiggy1342
1bdaf529d9 fix qlformat errors 2022-06-15 01:49:48 +00:00
thiggy1342
098101f471 add RubyZip::File.open to frameworks 2022-06-15 01:39:47 +00:00
Arthur Baars
72aad0f38f Fix URL in readme 2022-06-14 10:49:45 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Calum Grant
28c0906886 Update ruby/ql/lib/codeql/ruby/frameworks/stdlib/Logger.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-06-13 09:41:41 +01:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
Erik Krogh Kristensen
536d226a6b fix bad CP in the charPred for CipherOperation 2022-06-01 23:36:11 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen
e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Rasmus Wriedt Larsen
7a6646dcaf Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00