hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-13 02:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,431 Commits 1,712 Branches 162 Tags
7c2612a6a10ef208abfdcf78e43f171e034303ae
Commit Graph

410 Commits

Author SHA1 Message Date
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
yoff
a50167812d ruby: adjust precision of rb/useless-assignment-to-local 
from `medium` to `high`
 2025-05-12 23:26:21 +02:00
Tamas Vajk
e9e6d68a6e Use code-quality-selectors in Ruby suite 2025-04-29 16:23:33 +02:00
Nick Rolfe
69bc12dd4f Fix spelling/wording in qhelp for rb/uninitialized-local-variable 2025-04-28 14:41:21 +01:00
yoff
b988be8ff6 ruby: improve help file 
This has improved autofixes
I hope it also helps humans
 2025-04-11 21:29:01 +02:00
yoff
6a76a40cf4 ruby: adjust change notes 2025-04-11 16:18:03 +02:00
yoff
2477233508 ruby: only report on method calls 
Interviewing a Ruby developer, I learned that
dealing with nil is common practice.
So alerts are mostly useful, if we can point to a place where this has gone wrong.
 2025-04-11 15:01:57 +02:00
yoff
b641d5f177 ruby: fix FP 2025-04-11 13:22:42 +02:00
yoff
4167e96058 ruby: more complete impleemntation of isInBooleanContext 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-04-11 11:00:22 +02:00
yoff
f675a143d6 ruby: remove redundant cases 
The CFG handles the negation
 2025-04-11 10:48:41 +02:00
yoff
8555e8c8c8 ruby: add change notes 2025-04-11 03:07:19 +02:00
yoff
53c88da91b ruby: refine query for uninitialised local variables 
- there are places where uninitialised reads are intentional
- there are also some places where they are impossible
 2025-04-11 03:07:19 +02:00
Tom Hvitved
35f9157e42 Ruby: Fix bad join in DeadStoreOfLocal.ql 2025-04-09 09:28:55 +02:00
yoff
6a8484f843 ruby: adjust precision of rb/useless-assignment-to-local to medium 2025-04-07 13:28:05 +02:00
yoff
385598d46d ruby: remove some FPs from rb/useless-assignment-to-local 2025-04-07 13:28:05 +02:00
yoff
e5fc1b0b00 ruby: add qhelp to rb/useless-assignment-to-local 2025-04-07 13:27:27 +02:00
yoff
921104306a ruby: clean up logic and add test 
use the CFG more than the AST
 2025-02-07 23:43:27 +01:00
yoff
9d810130e1 ruby: simplify and document 2025-02-07 16:33:28 +01:00
yoff
b3eaac0ab7 ruby: remove superflous logic 2025-02-07 14:03:57 +01:00
yoff
d7ffc3fc77 Ruby: remove test code filtering 2025-02-06 18:10:06 +01:00
yoff
74155a0214 ruby: start adding comments 
I apuse here, because the code may be simplified
 2025-02-06 18:09:38 +01:00
yoff
51a2d8c72f ruby: rename query 2025-02-06 17:07:12 +01:00
yoff
d9d0d3c18b ruby: add code block 2025-02-06 16:59:23 +01:00
yoff
8aa195d838 ruby: remove comment (we can create issues) 2025-02-06 16:59:08 +01:00
yoff
7af8fa75e6 Apply suggestions from code review 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2025-02-06 15:45:28 +01:00
Rasmus Lerchedahl Petersen
5feb401607 ruby: Add query for hoisting Rails ActiveRecord calls 
This does not take assicoations into account.
It uses ActiveRecordModelFinderCall to identify relevant calls.
This class has therefor been made public.
 2025-02-05 16:47:48 +01:00
Asger F
fcb8cac930 Ruby: resolve inserted TODOs 2025-01-23 11:48:46 +01:00
Asger F
1c136e3cd0 Ruby: rerun patch query after bugfix 2025-01-23 10:33:58 +01:00
Asger F
4dc632f742 Ruby: mass enable diff-informed data flow 2025-01-17 13:21:52 +01:00
Asger F
f9c0ba3826 Ruby: use DeduplicatePathGraph in CodeInjection query 2024-12-11 11:48:15 +01:00
Geoffrey White
86cc2dc5a1 Ruby: Add rb/diagnostics/extraction-warnings so that we don't miss anything we had before. 2024-10-03 17:40:17 +01:00
Geoffrey White
1ea94faccf Ruby: Make similar changes to differentiate extraction errors and warnings, and mostly restore original behaviour. 2024-10-03 17:39:56 +01:00
Joe Farebrother
d08713f66c Merge branch 'main' into patch-7 2024-08-12 15:12:33 +01:00
Jonathan Leitschuh
1728e5dfd5 Align Ruby NonConstantKernelOpen.ql Severity 
Align severity with other command injection vulnerabilities:

 - 4a448f445e/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql (L8)
- 4a448f445e/go/ql/src/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql (L7)
- 4a448f445e/javascript/ql/src/Security/CWE-078/CommandInjection.ql (L7)
 2024-06-21 10:27:47 -04:00
Alex Ford
f017821062 Ruby: rb/weak-sensitive-data-hashing qhelp 2024-06-17 15:29:53 +01:00
Alex Ford
d4203d9286 Ruby: minimal port of py/weak-sensitive-data-hashing 2024-06-17 15:27:00 +01:00
Harry Maclean
c00d0d302d Ruby: fix wording in rb/request-without-cert-validation 2024-05-01 17:25:58 +01:00
Erik Krogh Kristensen
7e839792da Merge pull request #16330 from erik-krogh/del-deps-apr-2024 
All: delete outdated deprecations
 2024-04-30 10:43:39 +02:00
Harry Maclean
8b23f6db10 Ruby: Add URI.open example to rb/kernel-open qhelp 2024-04-27 09:53:54 +01:00
erik-krogh
baa31e1469 delete outdated deprecations 2024-04-25 22:19:28 +02:00
Joe Farebrother
5cebcadc56 Merge pull request #15987 from joefarebrother/ruby-mass-reassignment 
Ruby: Add query for insecure mass assignment
 2024-04-12 10:18:41 +01:00
Erik Krogh Kristensen
c00e2075a4 Merge pull request #16111 from erik-krogh/rb-url 
RB: Improve QHelp for `rb/url-redirect`, and fix an FP.
 2024-04-11 13:03:35 +02:00
erik-krogh
4ae25c2d34 don't mention arrays in the qhelp for rb/shell-command-constructed-from-input, because there are no array 2024-04-10 14:26:00 +02:00
erik-krogh
59c72b683c update the url-redirect QHelp 2024-04-08 12:00:27 +02:00
Erik Krogh Kristensen
0cfac605bd Merge pull request #16100 from erik-krogh/fix-js-rb-typo 
RB: fix language specifier typo in qhelp for rb/multi-char-san
 2024-04-04 15:42:45 +02:00
erik-krogh
ec32bdce63 fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines 2024-04-03 09:19:18 +02:00
erik-krogh
572d3ba542 fix language specifier typo in qhelp for rb/multi-char-san 2024-04-02 19:40:46 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Joe Farebrother
fb19288981 Address review comments - Fix docs typo and add a reference 2024-03-25 15:46:45 +00:00
Joe Farebrother
a6ee19ca2d Fix query id 2024-03-22 14:36:47 +00:00