hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 17:04:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,059 Commits 1,679 Branches 158 Tags
5acfc224425b765f4e4a07f8252d2ebafe7df819
Commit Graph

385 Commits

Author SHA1 Message Date
Henry Mercer
dd264c6dfb Consistently mention language in metric names 
This improves consistency between the lines of code queries and the
number of successfully extracted files queries.
 2022-11-03 11:44:10 +00:00
Henry Mercer
c60d071239 Lowercase "lines" 2022-11-03 11:40:22 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
erik-krogh
e8dce25cc2 fix rb/code-injection 2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen
ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
 2022-10-24 18:59:36 +02:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Arthur Baars
45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
erik-krogh
3dd89bb7bf remove duplicate alerts due to multiple states reaching the same sink 2022-10-19 13:19:18 +02:00
Harry Maclean
eddb8493d8 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-10-17 09:34:44 +13:00
Harry Maclean
545222d1e9 Ruby: Add change note 2022-10-17 08:17:37 +13:00
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Alex Ford
3d478a3951 Ruby: clarify qhelp 2022-10-13 22:39:54 +01:00
Alex Ford
15cab6eed5 Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-13 21:43:59 +01:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
2648cb0322 spelling: injection 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Asger F
d28b9af8bd Merge pull request #10791 from asgerf/rb/rails-render-file 
Ruby: treat render 'file:' argument as a file system access
 2022-10-12 21:18:32 +02:00
Asger F
7bfb3497eb Ruby: change note 2022-10-12 14:29:34 +02:00
Jeroen Ketema
d389a183f0 Merge pull request #10743 from jsoref/spelling 
Spelling
 2022-10-12 12:48:22 +02:00
Erik Krogh Kristensen
7d282c3d75 fix casing in alert-message 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-11 11:12:59 +02:00
erik-krogh
9a9d2a6fe1 Merge branch 'main' into rb-last-msg 2022-10-11 10:43:39 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
Josh Soref
b5bed9cbf5 spelling: explicitly 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
cbea5ec40c spelling: executables 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:36 -04:00
Josh Soref
6db36616cd spelling: arbitrary 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-11 00:23:35 -04:00
erik-krogh
38c17c5d0c Merge branch 'main' into rbMeta 2022-10-10 12:22:56 +02:00
Alex Ford
43fec9dfc8 Revert "Ruby: switch rb/sensitive-get-query back to using local flow" 
This reverts commit fa58c51810.
 2022-10-09 13:06:13 +01:00
Alex Ford
139d3868e5 Merge branch 'main' into rb/sensitive-get-query 2022-10-09 12:26:44 +01:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
erik-krogh
cbeefd418b add change-note 2022-10-07 13:47:32 +02:00
erik-krogh
5d9c68c962 remove the taint-steps meta query 2022-10-07 13:21:24 +02:00
erik-krogh
a0725fba71 fix some more style-guide violations in the alert-messages 2022-10-07 12:01:03 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
erik-krogh
c1fae91a1f have rb/meta/taint-steps print only one for each file, to limit the size of the output 2022-10-06 15:19:11 +02:00
erik-krogh
169965cfb9 make rb/meta/taint-steps into a @kind problem query 2022-10-06 13:28:10 +02:00
erik-krogh
db056aae1b add some more meta queries for Ruby evaluations 2022-10-06 10:14:28 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Alex Ford
fa58c51810 Ruby: switch rb/sensitive-get-query back to using local flow 2022-10-05 15:58:05 +01:00
Alex Ford
dea53d86c9 Ruby: remove some redundant imports of DataFlow 2022-10-05 13:22:19 +01:00
Alex Ford
d64f8c73be Merge branch 'main' into rb/sensitive-get-query 2022-10-05 12:59:35 +01:00
Alex Ford
880fb2b14a Ruby: split out rb/sensitive-get-query using query/customizations pattern 2022-10-05 11:59:40 +01:00
Nick Rolfe
525fe12671 Merge pull request #10585 from github/nickrolfe/libxml-xxe 
Ruby: detect uses of LibXML with entity substitution enabled by default
 2022-10-05 09:51:39 +01:00
Alex Ford
703829c647 Ruby: use taint tracking for rb/sensitive-get-query 2022-10-04 15:04:41 +01:00
Erik Krogh Kristensen
5ba7c13ecd fix alert-message by adding the link 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e simplify the where clause of rb/kernel-open 2022-10-04 13:49:50 +02:00
Arthur Baars
ae7e6ef701 Ruby: update dependencies 2022-10-04 13:44:22 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00