hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,126 Commits 1,740 Branches 165 Tags
652d2a7a727bbfa8d53aa1664ab4f1a135d36917
Commit Graph

319 Commits

Author SHA1 Message Date
Dave Bartolomeo
9c03a02965 Update lock file for hotfix 2021-08-26 19:13:48 -04:00
Dave Bartolomeo
11ad664bfb Updated pack versions and lock files 2021-08-26 18:50:04 -04:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Arthur Baars
17fc6ab72c Refactor into separate library and query packs 2021-08-26 18:40:06 -04:00
Alex Ford
ee6c809281 Merge pull request #262 from github/action-view-1 
Start modelling ActionView
 2021-08-26 15:22:55 +01:00
Alex Ford
9571e7bccc drop ViewComponent parts from the ActionView library 2021-08-26 14:45:47 +01:00
Alex Ford
4a4b2445dc Clean up how we map between Rails actions and default associated template files 2021-08-26 04:57:15 +01:00
Nick Rolfe
bc06817611 Add ERB comment as regression test for parsing bug 2021-08-25 12:43:33 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
e403fc77d3 tests 2021-08-24 17:21:22 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Tom Hvitved
394c27a279 CFG: Allow erb top-level scopes 2021-08-17 10:46:15 +02:00
Tom Hvitved
c0049bf161 Merge pull request #229 from github/hvitved/api-graphs/remove-mk-module 
API graphs: Remove `MkModule`
 2021-08-09 13:10:17 +02:00
Tom Hvitved
ae837d9f7a API graphs: Remove restriction on top-level constants 2021-08-09 12:59:36 +02:00
Arthur Baars
e8f6cb65b8 Merge pull request #245 from github/aibaars/tweaks 
Move UseDetect.ql to experimental for now
 2021-08-04 16:05:06 +02:00
Arthur Baars
23f423ad66 Merge pull request #242 from github/regex_parsing_fixes 
Regex parsing fixes
 2021-08-04 16:04:54 +02:00
Arthur Baars
9ca0e81953 Move UseDetect to experimental for now 2021-08-04 15:52:48 +02:00
Tom Hvitved
8451286754 API graphs: Remove MkModule 2021-08-04 10:28:30 +02:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Arthur Baars
866ff7b1f6 Replace Generated module with Ruby 2021-07-27 18:43:44 +02:00
Tom Hvitved
42c06bfde4 Merge pull request #226 from github/hvitved/const-flow 
Data flow through constants
 2021-07-14 13:21:07 +02:00
Tom Hvitved
9463927409 Address review comments 2021-07-14 11:05:55 +02:00
Nick Rolfe
1fe5162b67 Stabilise node ordering for regexp parsing test 2021-07-13 16:18:21 +01:00
Tom Hvitved
23447e6d58 Reduce size of lookupMethodOrConst 2021-07-02 14:02:26 +02:00
Tom Hvitved
bf696df788 Data flow through constants 2021-07-02 14:02:26 +02:00
Tom Hvitved
3b6e5881c8 Update constants.rb test 2021-07-02 14:02:26 +02:00
Arthur Baars
5afd3c7846 Merge pull request #213 from github/aibaars/api-graphs2 
First version of ApiGraphs
 2021-07-02 13:58:00 +02:00
Tom Hvitved
330b33638e Address review comments 2021-07-02 10:41:10 +02:00
Tom Hvitved
52529d590b Model private methods and "main objects" 2021-07-02 10:41:06 +02:00
Tom Hvitved
9de4ed4d4d Add tests for private methods 2021-07-02 10:39:49 +02:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00
Alex Ford
3f76075fe6 improve some rails framework tests 2021-06-29 13:56:28 +01:00
Alex Ford
31cbf818ab fix rb/sql-injection FPs due to not accounting for overridden ActiveRecord methods 2021-06-29 13:54:15 +01:00
Nick Rolfe
ba7021086b Merge remote-tracking branch 'origin/main' into regex 2021-06-25 15:00:26 +01:00
Nick Rolfe
bee94757dd Add query test for ReDoS.ql, ported from JS 2021-06-25 12:51:35 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Arthur Baars
efde1f86d9 Fix test case 2021-06-25 10:59:10 +02:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Alex Ford
b27891b14e update ActiveRecord test output 2021-06-24 18:12:26 +01:00
Alex Ford
9883a9b606 update SqlInjection tests 2021-06-24 18:12:26 +01:00
Alex Ford
d62f4f5bd4 Address review comments 2021-06-24 18:12:26 +01:00
Alex Ford
7415503772 update ActiveRecord test output 2021-06-24 18:12:25 +01:00
Alex Ford
12e4c9ee90 update SqlInjection tests 2021-06-24 18:12:25 +01:00
Alex Ford
5386c776b3 Implement rb/sql-injection 2021-06-24 18:12:25 +01:00
Alex Ford
6e5665da8c Make ActiveRecord model flag more potentially dangerous SQL executions 2021-06-24 18:12:25 +01:00