hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 01:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,754 Commits 1,679 Branches 158 Tags
6485dcc0fccedfcd3a8228713d0883a5d170a98a
Commit Graph

2644 Commits

Author SHA1 Message Date
Tom Hvitved
85782ff1d4 Ruby: Exclude calls with arguments from OrmFieldAsSource 2024-03-07 17:34:01 +01:00
Harry Maclean
350dab4621 Merge pull request #15722 from hmac/mad-sinks 2024-03-06 08:18:19 +00:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Joe Farebrother
7027b7fe82 Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting. 2024-03-05 16:34:48 +00:00
Joe Farebrother
31687afd5d Fix performance 2024-03-04 09:47:12 +00:00
Joe Farebrother
5a1c0f60e6 Fix qldoc typo 2024-03-01 15:12:16 +00:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Joe Farebrother
a08b292099 Add models for Typhoeus::Request 2024-03-01 14:23:24 +00:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Joe Farebrother
0b7b7ea1b8 Add test cases and improve controller model 2024-03-01 09:57:24 +00:00
Joe Farebrother
ef0a1d2873 Implement models for translation methods 2024-03-01 09:52:53 +00:00
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00
Joe Farebrother
3ab6f222d0 Merge pull request #15718 from joefarebrother/ruby-arel-sqlliteral 
Ruby: Model Arel::Nodes::SqlLiteral.new
 2024-02-27 12:43:47 +00:00
Joe Farebrother
cb733dcf85 Simplify model defenition 2024-02-26 14:59:03 +00:00
Harry Maclean
f7b8e8af41 Ruby: Include request forgery sinks from MaD 2024-02-26 11:34:11 +00:00
Joe Farebrother
2257df5c6f Model Arel::Nodes::SqlLiteral.new 2024-02-26 10:09:33 +00:00
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Tom Hvitved
94113521d1 Merge pull request #15689 from hvitved/ruby/no-field-branch-limit-summarized-callable 
Ruby: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-02-23 10:47:22 +01:00
Harry Maclean
fbc689227d Merge pull request #15604 from p-/p--rails-more-request-sources 
Ruby: add additional sources on the request object of Rails
 2024-02-22 16:35:59 +00:00
Joe Farebrother
67e8f17c4c Merge pull request #15619 from joefarebrother/ruby-activerecord-connection 
Ruby: Add additional sql sinks for ActiveRecord connection methods
 2024-02-22 14:02:31 +00:00
Joe Farebrother
1f409b0456 Merge pull request #15671 from joefarebrother/ruby-activerecord-extra-args 
Ruby: Consider additional arguments to certain `ActiveRecord` methods as sql injection sinks.
 2024-02-22 14:01:56 +00:00
Joe Farebrother
92bdd637a3 Address reveiw comment - add create nd remove select_insert 2024-02-22 09:55:46 +00:00
Tom Hvitved
ebee35b385 Ruby: No fieldFlowBranchLimit for SummarizedCallables 2024-02-22 10:27:25 +01:00
Tom Hvitved
23869fc8e6 Ruby: Fix bug in allowParameterReturnInSelf 2024-02-22 09:43:52 +01:00
Joe Farebrother
10da4d14d9 Add addtional arguments as sinks to certain methods 2024-02-20 16:35:29 +00:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Peter Stöckli
2f7b946c9f Ruby: add sources on request object of Rails 2024-02-13 15:52:18 +01:00
Harry Maclean
6cc5c09769 Ruby: Simplify ErbOutputDirective 2024-02-13 08:38:16 +00:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Harry Maclean
3a90d78c36 Ruby: Fix Rails view file regex 
This picks up non-nested template files correctly.
 2024-02-09 09:41:43 +00:00
Harry Maclean
f792b58421 Ruby: Recognise more ActiveRecord connections 2024-02-05 16:45:59 +00:00
Jim Ockers
e477909200 Merge branch 'main' into ockers/certification_not_certificate 2024-02-02 15:39:29 -08:00
Harry Maclean
06334eee2e Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness 
Ruby: Add Insecure Randomness Query
 2024-01-31 17:16:32 +00:00
James Ockers
eb5e0123d6 exclude certification from maybeCertificate() regexes 2024-01-30 13:16:18 -08:00
Tom Hvitved
d2d017dd64 Ruby: Model flow through ViewComponent render methods 2024-01-30 20:30:58 +01:00
Harry Maclean
557b49cfc5 Ruby: Add basic modeling for ViewComponent 2024-01-30 20:30:58 +01:00
Tom Hvitved
2d95ac9d5f Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework 2024-01-30 20:27:43 +01:00
Peter Stöckli
1947dee46a Merge branch 'main' into p--oj-ox-unsafe-deser 2024-01-30 15:33:39 +01:00
Peter Stöckli
9596aebee3 Format: getValue now on one line 2024-01-30 15:22:16 +01:00
Peter Stöckli
3c8bc96ab5 replace occurence of AssignExprCfgNode for Oj as well 2024-01-30 15:17:37 +01:00
Peter Stöckli
e87effc18c Apply suggestions from code review 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2024-01-30 15:14:35 +01:00
Tom Hvitved
503d2f7b95 Ruby: Rework mayBenefitFromCallContext 2024-01-30 09:57:29 +01:00
Harry Maclean
75b13da4e4 Ruby: Block flow from LHS of && expressions 
The only values that can flow from the LHS of an && expression are
`false` and `nil`, neither of which seem relevant for any of our
queries.
 2024-01-30 08:53:32 +00:00
maikypedia
d7314a1689 File format 2024-01-27 14:07:36 +01:00