Nick Rolfe
|
8a94cabdbf
|
Merge pull request #11250 from github/nickrolfe/stack-trace-exposure
Ruby: add stack-trace exposure query
|
2022-11-28 10:45:59 +00:00 |
|
github-actions[bot]
|
e105c13e77
|
Release preparation for version 2.11.4
|
2022-11-17 16:40:45 +00:00 |
|
Nick Rolfe
|
c660ea100b
|
Ruby: add changenote for rb/stack-trace-exposure
|
2022-11-14 12:26:40 +00:00 |
|
Nick Rolfe
|
0337ccb93a
|
Ruby: add change notes for Arel.sql / SqlConstruction changes
|
2022-11-10 14:11:14 +00:00 |
|
Erik Krogh Kristensen
|
c82410fd16
|
Merge pull request #10680 from erik-krogh/unsafeRbCmd
RB: add an unsafe-shell-command-construction query
|
2022-11-08 09:22:33 +01:00 |
|
Erik Krogh Kristensen
|
3f871a08e2
|
apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
|
2022-11-07 16:29:10 +01:00 |
|
github-actions[bot]
|
508327235a
|
Release preparation for version 2.11.3
|
2022-11-04 20:16:23 +00:00 |
|
Arthur Baars
|
98f4c29913
|
Ruby: weak crypto: do not report weak hash algorithms
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
|
2022-11-04 15:58:50 +01:00 |
|
Arthur Baars
|
45c9a0d0b1
|
Apply suggestions from code review
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
|
2022-10-20 15:22:29 +02:00 |
|
github-actions[bot]
|
9a0848bbc4
|
Release preparation for version 2.11.2
|
2022-10-20 11:05:19 +00:00 |
|
erik-krogh
|
7797211118
|
Merge branch 'main' into unsafeRbCmd
|
2022-10-20 10:34:17 +02:00 |
|
Harry Maclean
|
eddb8493d8
|
Apply suggestions from code review
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
|
2022-10-17 09:34:44 +13:00 |
|
Harry Maclean
|
545222d1e9
|
Ruby: Add change note
|
2022-10-17 08:17:37 +13:00 |
|
Alex Ford
|
3baad89e57
|
Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query
|
2022-10-14 10:50:09 +01:00 |
|
Erik Krogh Kristensen
|
332bc35ff1
|
Merge pull request #10708 from erik-krogh/kernelSink
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
|
2022-10-14 09:13:26 +02:00 |
|
Josh Soref
|
2648cb0322
|
spelling: injection
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-13 10:56:41 -04:00 |
|
Asger F
|
d28b9af8bd
|
Merge pull request #10791 from asgerf/rb/rails-render-file
Ruby: treat render 'file:' argument as a file system access
|
2022-10-12 21:18:32 +02:00 |
|
Asger F
|
7bfb3497eb
|
Ruby: change note
|
2022-10-12 14:29:34 +02:00 |
|
Jeroen Ketema
|
d389a183f0
|
Merge pull request #10743 from jsoref/spelling
Spelling
|
2022-10-12 12:48:22 +02:00 |
|
erik-krogh
|
cadb948d57
|
add change-note
|
2022-10-11 13:26:03 +02:00 |
|
erik-krogh
|
9a9d2a6fe1
|
Merge branch 'main' into rb-last-msg
|
2022-10-11 10:43:39 +02:00 |
|
erik-krogh
|
de3b15ebe9
|
add a query flagging uses of Kernel.open that are not with a constant string
|
2022-10-11 09:23:29 +02:00 |
|
Josh Soref
|
b5bed9cbf5
|
spelling: explicitly
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
2022-10-11 00:23:36 -04:00 |
|
Alex Ford
|
139d3868e5
|
Merge branch 'main' into rb/sensitive-get-query
|
2022-10-09 12:26:44 +01:00 |
|
erik-krogh
|
cbeefd418b
|
add change-note
|
2022-10-07 13:47:32 +02:00 |
|
github-actions[bot]
|
a02dcdc5e1
|
Release preparation for version 2.11.1
|
2022-10-07 02:20:28 +00:00 |
|
Alex Ford
|
d64f8c73be
|
Merge branch 'main' into rb/sensitive-get-query
|
2022-10-05 12:59:35 +01:00 |
|
Nick Rolfe
|
8ca1e1b2d1
|
Ruby: add changenote for XXE improvements
|
2022-09-27 16:11:41 +01:00 |
|
github-actions[bot]
|
f5cf8cffa3
|
Release preparation for version 2.11.0
|
2022-09-22 20:14:12 +00:00 |
|
Nick Rolfe
|
ee34ac5394
|
Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
|
2022-09-22 10:59:49 +01:00 |
|
Nick Rolfe
|
2edbc16829
|
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
|
2022-09-21 13:01:21 +01:00 |
|
Andrew Eisenberg
|
58e4861b45
|
Merge branch 'main' into rc/3.7
|
2022-09-20 12:43:20 -07:00 |
|
Alex Ford
|
f84035a65c
|
Ruby: add rb/sensitive-get-query query
|
2022-09-10 17:43:15 +01:00 |
|
github-actions[bot]
|
a9d80a5a48
|
Release preparation for version 2.10.5
|
2022-09-08 11:35:54 +00:00 |
|
Edoardo Pirovano
|
8f332714f4
|
Merge pull request #10260 from github/edoardo/3.7-mergeback
Merge `rc/3.7` into `main`
|
2022-09-01 15:44:17 +01:00 |
|
Nick Rolfe
|
898689f550
|
Merge pull request #9896 from github/nickrolfe/hardcoded_code
Ruby: port js/hardcoded-data-interpreted-as-code
|
2022-08-26 13:49:25 +01:00 |
|
github-actions[bot]
|
0f63bc077f
|
Release preparation for version 2.10.4
|
2022-08-25 12:52:26 +00:00 |
|
Nick Rolfe
|
acf5b11139
|
Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code
|
2022-08-25 11:44:55 +01:00 |
|
erik-krogh
|
f7846a598e
|
add change-notes
|
2022-08-23 07:54:01 +02:00 |
|
Harry Maclean
|
70ec70940a
|
Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization
|
2022-08-18 10:02:39 +12:00 |
|
Alex Ford
|
d4d6657cb7
|
Merge pull request #10008 from alexrford/rb/log-injection
Ruby: Add `rb/log-injection` query
|
2022-08-17 15:01:22 +01:00 |
|
Harry Maclean
|
3fba4a5fa7
|
Ruby: Add change note for new query
|
2022-08-17 16:02:48 +12:00 |
|
Alex Ford
|
d02ad51d74
|
Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3
Post-release preparation for codeql-cli-2.10.3
|
2022-08-16 12:04:07 +01:00 |
|
Erik Krogh Kristensen
|
0adb588fe8
|
Merge pull request #9712 from erik-krogh/badRange
JS/RB/PY/Java: add suspicious range query
|
2022-08-15 13:55:44 +02:00 |
|
github-actions[bot]
|
57c4f9145b
|
Release preparation for version 2.10.3
|
2022-08-11 11:12:15 +00:00 |
|
Alex Ford
|
7a61f59b1e
|
Ruby: add change note for new rb/log-injeciton query
|
2022-08-10 16:17:55 +01:00 |
|
github-actions[bot]
|
212786ed91
|
Release preparation for version 2.10.2
|
2022-07-28 13:38:35 +00:00 |
|
Nick Rolfe
|
6356b20928
|
Ruby: port js/hardcoded-data-interpreted-as-code
|
2022-07-26 16:05:22 +01:00 |
|
Harry Maclean
|
cb3ebeedf9
|
Merge pull request #9696 from thiggy1342/experimental-strong-params
RB: Experimental strong params query
|
2022-07-25 12:08:55 +12:00 |
|
thiggy1342
|
c2710fb038
|
Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
Co-authored-by: Harry Maclean <hmac@github.com>
|
2022-07-22 13:52:00 -04:00 |
|