hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 18:50:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,968 Commits 1,676 Branches 157 Tags
aedd073dad5c8ac1401f611cd6cc37cb730af558
Commit Graph

86 Commits

Author SHA1 Message Date
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Alex Ford
dbb55ff2b4 Ruby: fix xpathinjection deprecation warnings 2023-07-14 12:45:27 +01:00
Maiky
119a32fe0e fix naming error 2023-07-12 23:54:58 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Maiky
e5fe5403b7 Apply requested changes 2023-06-14 22:55:14 +02:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Sim4n6
09c97ce0da Added one more example to the qhelp 2023-05-25 09:41:22 +01:00
Sim4n6
0a0a6dde40 Replaced CGI.escapeHTML() with the html_escape() 2023-05-20 17:59:39 +01:00
Sim4n6
f5ff50880c Updated qhelp for the use of html_escape() 2023-05-20 17:58:24 +01:00
Sim4n6
e345d7dca4 Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:54:03 +01:00
Sim4n6
7cd1fd4bbf CWE-179 and CWE-180 are included in metadata 2023-05-20 12:51:45 +01:00
Sim4n6
c9c7179a0b Deleted the ugly flowchart. 2023-05-20 12:49:46 +01:00
Sim4n6
c3c65ca712 Qhelp formatting 2023-05-20 12:48:26 +01:00
Sim4n6
8dcf139b45 Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-05-20 12:46:54 +01:00
Maiky
071a77cedc Ruby : XPath Injection Query (CWE-643) 2023-05-11 15:29:54 +02:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
Maiky
64cf3adfd4 Update examples 2023-04-13 17:29:14 +02:00
Alex Ford
76ed56d2b6 Ruby: typo 2023-03-17 11:40:59 +00:00
Alex Ford
ee6288173f Ruby: remove extra opening p tag 2023-03-17 11:38:49 +00:00
Alex Ford
60f313863a Merge branch 'main' into maikypedia/ruby-ssti 2023-03-17 11:31:49 +00:00
Tom Hvitved
1d0b3d4112 Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node 2023-03-16 11:28:24 +01:00
Maiky
5a9a90d00b Move query to experimental 2023-03-08 11:50:04 +01:00
gregxsunday
34b441c3cc move query to experimental folder 2023-02-23 12:12:04 +00:00
turbo
4ec401a3f6 Tag all security queries in supported languages' experimental directories with an experimental tag 2022-12-14 17:15:50 +01:00
Asger F
b4b34cc994 Ruby: port part of ActionController model 2022-10-31 13:33:41 +01:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Harry Maclean
cb3ebeedf9 Merge pull request #9696 from thiggy1342/experimental-strong-params 
RB: Experimental strong params query
 2022-07-25 12:08:55 +12:00
thiggy1342
0c0ba925a7 this one should have no tag 2022-07-22 18:44:03 +00:00
thiggy1342
f39ca1aad2 correct cwe tagged 2022-07-22 18:36:25 +00:00
thiggy1342
486a394a7f Update ruby/ql/src/experimental/weak-params/WeakParams.ql 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-21 17:26:09 -04:00
thiggy1342
cc958dc171 Update ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-21 17:19:33 -04:00
thiggy1342
9586259706 style tweak for checking multiple method names 2022-07-19 00:29:30 +00:00
thiggy1342
304203ad2f fix path problem output 2022-07-19 00:25:50 +00:00
thiggy1342
3dd61cadf4 formatting query 2022-07-14 00:19:36 +00:00
thiggy1342
ee79834cc8 formatting in qhelp 2022-07-14 00:15:39 +00:00
thiggy1342
ae634367c9 add qhelp file 2022-07-14 00:11:52 +00:00
thiggy1342
2cc703387b use taint config for data flow 2022-07-14 00:11:52 +00:00
thiggy1342
7129002573 tweak tests more 2022-07-13 00:33:58 +00:00
thiggy1342
7facc63699 remove predicate 2022-07-12 22:59:48 +00:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
6ea1aad5fc more style fixes 2022-06-23 22:57:51 -04:00
thiggy1342
ce2edd4b28 style tweaks 2022-06-24 02:46:48 +00:00
thiggy1342
ca074e2275 add qhelp file 2022-06-24 02:19:06 +00:00