hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,254 Commits 1,671 Branches 157 Tags
7d7af193dc9331ed1875866114da3a0c6c7fadb5
Commit Graph

4663 Commits

Author SHA1 Message Date
Owen Mansel-Chan
7d7af193dc Fix small mistake in Ruby query help 2025-11-19 14:36:26 +00:00
Owen Mansel-Chan
2cfafe53ca Fix failing ruby crypto test that lists all algorithms 2025-11-19 14:36:26 +00:00
github-actions[bot]
5ee45af3aa Post-release preparation for codeql-cli-2.23.6 2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce Release preparation for version 2.23.6 2025-11-17 16:38:07 +00:00
Napalys Klicius
d122534398 Merge pull request #20671 from github/napalys/adjust_query_severity 
Adjust query severity ratings
 2025-11-11 12:37:31 +01:00
github-actions[bot]
4014df9a6e Post-release preparation for codeql-cli-2.23.4 2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
Nora Dimitrijević
6ede0a7950 Ruby/WeakFilePermissions 2025-10-28 09:40:46 +01:00
Nora Dimitrijević
495be51ae7 Ruby/WeakParams 2025-10-28 09:40:43 +01:00
Nora Dimitrijević
50f2540db1 Ruby/ManuallyCheckHttpVerb 2025-10-28 09:40:41 +01:00
Nora Dimitrijević
6519bd9909 Ruby/PolynomialReDoSQuery 
ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
 2025-10-28 09:40:38 +01:00
Chris Smowton
2e0e9e0834 Merge pull request #20550 from github/smowton/admin/document-rails-5-csrf 
Ruby: Update CSRF protection notes in documentation
 2025-10-27 12:19:16 +00:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
Henry Mercer
9507ec0853 Fix "be be" typos 2025-10-14 11:09:43 +01:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
2f22acdd06 Remove hashing example when not covered by query 2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1 Remove erroneous comma 2025-10-08 14:08:36 +01:00
Owen Mansel-Chan
90db349f4b State that ruby broken crypto algo doesn't deal with hashing 2025-10-08 14:05:00 +01:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Tom Hvitved
1a4cfba93a Merge pull request #20427 from felickz/ruby-framework-grape 
Ruby: Add support for Grape Framework
 2025-09-25 16:12:34 +02:00
Chad Bentz
46d330cb21 Merge branch 'ruby-framework-grape' of github.com:felickz/codeql into ruby-framework-grape 2025-09-23 10:40:46 -04:00
Chad Bentz
37e0c30842 Add expected output for VariablesConsistency test case 2025-09-23 10:40:30 -04:00
Chad Bentz
7a9a259c03 Merge branch 'main' into ruby-framework-grape 2025-09-22 19:29:36 -04:00
Chad Bentz
89fd9694ce codeql query format 2025-09-22 19:25:05 -04:00
Chad Bentz
6e56c549b2 Refactor Grape method call classes to simplify handling of API instance calls for headers, request, route_param, and cookies 2025-09-22 19:21:23 -04:00
Chad Bentz
0665c39a07 Refactor GrapeHelperMethod constructor to reuse getHelperSelf to traverse dataflow instead of AST 
- add tests to check for nested helpers
 2025-09-22 19:08:34 -04:00
Chad Bentz
ecd0ce65fe Refactor GrapeHeadersBlockCall and GrapeCookiesBlockCall to simplify method call checks 2025-09-22 12:52:30 -04:00
Chad Bentz
b837c56bec Refactor RootApi and GrapeApiClass constructors for improved readability; add getHelperSelf method to retrieve self parameter in helpers block. 2025-09-22 10:13:33 -04:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Chad Bentz
1bf6101967 Remove redundant exclusion of base Grape::API module from GrapeApiClass 
- should not impact extracted application code
 2025-09-21 20:52:28 -04:00
Chad Bentz
50bf9ae756 Refactor RootApi class to use getAnImmediateDescendent for clarity 2025-09-21 20:44:46 -04:00
Chad Bentz
f4bbbc346f Refactor Grape framework to be encapsulated properly in Module 2025-09-19 19:06:50 -04:00
Chad Bentz
89e9ee43c0 Convert from GrapeHelperMethodTaintStep extends AdditionalTaintStep to a simplified GrapeHelperMethodTarget extends AdditionalCallTarget 2025-09-19 18:28:45 -04:00
Anders Schack-Mulligen
d93b2edc0d Ruby: Accept test changes. 2025-09-18 08:13:43 +02:00
Chad Bentz
141b470002 Merge branch 'main' into ruby-framework-grape 2025-09-17 12:12:13 -04:00
github-actions[bot]
4e8343664f Post-release preparation for codeql-cli-2.23.1 2025-09-17 10:13:40 +00:00
Chad Bentz
c5e3be2c4c Grape - detect params calls inside helper methods 
- added unit tests for flow using inline format
- removed grape from Arel tests (temporary)
 2025-09-16 17:09:18 -04:00
github-actions[bot]
02a1b1efcb Release preparation for version 2.23.1 2025-09-16 14:14:42 +00:00
Chad Bentz
ffd32efba2 codeql query format 2025-09-16 09:08:07 -04:00
Chad Bentz
0d0ce32ef2 Merge branch 'ruby-framework-grape' of github.com:felickz/codeql into ruby-framework-grape 2025-09-15 22:11:38 -04:00
Chad Bentz
fc98cd8d08 Fix naming standards 2025-09-15 22:11:33 -04:00
Chad Bentz
19cb187436 Update ruby/ql/lib/codeql/ruby/frameworks/Grape.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-15 22:03:27 -04:00