hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,887 Commits 1,673 Branches 157 Tags
9108982b07b69774fbc87e899b41cbcebe8d9bd5
Commit Graph

3664 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
Alex Ford
27ee72c265 Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string 2023-07-17 14:11:25 +01:00
Alex Ford
06aefe01b8 Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-17 14:08:44 +01:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Alex Ford
bdf1aa0807 Merge pull request #13746 from asgerf/rb/fix-rack-todo 
Ruby: Use API graphs asCallable() instead of Proc.new workaround
 2023-07-14 16:29:00 +01:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Asger F
2962727f0f Ruby: Use API graphs asCallable() instead of Proc.new workaround 2023-07-14 13:50:07 +02:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Alex Ford
c0009379d1 qlformat 2023-07-14 12:04:03 +01:00
Asger F
31bed36231 Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda 
Ruby: Improve support for explicit proc-creation
 2023-07-14 13:02:44 +02:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00
Asger F
18762db0fb Ruby: factor out isProcCreationCall 2023-07-13 11:53:16 +02:00
Asger F
8d2dba18c0 Ruby: change note 2023-07-13 11:53:16 +02:00
Asger F
f232669ea5 Ruby: support Proc.new alongside 'proc' and 'lambda' 2023-07-13 11:53:16 +02:00
Asger F
194fe85442 Ruby: Use asCallable() to generate epsilon edges 2023-07-13 11:53:16 +02:00
Asger F
452fbe7e8f Ruby: add test showing lack of lambda handling 2023-07-13 11:53:16 +02:00
Anders Schack-Mulligen
91de43f918 C#/Java/Ruby: Remove superfluous module members. 2023-07-13 11:38:35 +02:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Maiky
119a32fe0e fix naming error 2023-07-12 23:54:58 +02:00
Maiky
db0f38fe06 Update XpathInjectionQuery.qll 2023-07-12 23:46:47 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
94638c9997 Ruby: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
8a7081753d Ruby: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Asger F
d88f557dbe Merge pull request #13683 from asgerf/rb/api-graph-noobject 
Ruby: exclude Object class from API graph
 2023-07-10 12:51:15 +02:00
Mathias Vorreiter Pedersen
44f23bfa59 Merge pull request #13690 from github/post-release-prep/codeql-cli-2.14.0 
Post-release preparation for codeql-cli-2.14.0
 2023-07-07 23:39:38 +01:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
Asger F
b14cac6b28 Merge pull request #12689 from asgerf/rb/perf-diagnostics 
Ruby: performance diagnostics query
 2023-07-07 14:25:56 +02:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Asger F
d8604ff390 Ruby: exclude Object class from API graph 2023-07-07 09:49:21 +02:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen
b2a60bf3d1 Merge pull request #13642 from erik-krogh/san-script 
JS/RB: Fix FP in incomplete-multi-character-sanitization
 2023-07-06 15:38:39 +02:00
Mathias Vorreiter Pedersen
83d0dec0fb DataFlow: Sync identical files. 2023-07-06 14:00:00 +01:00
Asger F
59c72836d3 Ruby: fix typo 2023-07-06 14:57:24 +02:00
Asger F
db58d32f7a Ruby: Add a query ID 2023-07-06 14:57:24 +02:00
Asger F
d123e5ba63 Ruby: add performance diagnostic query 2023-07-06 14:57:24 +02:00
Maiky
25814f76b9 Apply suggested changes 2023-07-06 02:20:42 +02:00
Alex Ford
08784d24b4 Ruby: rack - add tests for env['QUERY_STRING'] 2023-07-05 15:49:00 +01:00
Alex Ford
ec2c9f20f6 Ruby: rack - env['QUERY_STRING'] changenote 2023-07-05 15:46:56 +01:00
Alex Ford
2b0b2855e1 Ruby: rack - Rack::Response changenote 2023-07-05 15:15:34 +01:00
Alex Ford
df62cf8a5a qlformat 2023-07-05 12:19:57 +01:00
Alex Ford
082f26bcb1 Ruby: update TaintStep.ql output 2023-07-05 12:19:55 +01:00
Alex Ford
9a263e12ec Ruby: rack - add some qldoc 2023-07-05 12:18:52 +01:00
Alex Ford
bf25b07c17 Ruby: rack - request input tests 2023-07-05 12:18:52 +01:00
Alex Ford
175d524146 Ruby: rack - add Rack#Utils.parse_query summary 2023-07-05 12:18:52 +01:00
Alex Ford
cc6f6418f5 Ruby: rack - start modelling request inputs 2023-07-05 12:18:52 +01:00