hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,672 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

3878 Commits

Author SHA1 Message Date
Tom Hvitved
c0e600c515 Merge pull request #12672 from hvitved/ruby/implicit-array-reads-at-sinks 
Ruby: Allow for implicit array reads at all sinks during taint tracking
 2023-09-14 15:39:37 +02:00
Tom Hvitved
61bfc4ec09 Merge pull request #14204 from hvitved/ruby/simplify-viable-callable 
Ruby: Simplify `viableSourceCallableNonInit`
 2023-09-14 15:36:47 +02:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Alex Ford
79c305c1a1 Merge pull request #14124 from alexrford/rb/dataflow-query-refactor 
Ruby: Use the new dataflow API for checked in queries
 2023-09-13 14:24:47 +01:00
Tom Hvitved
f15cbb9316 Ruby: Simplify viableSourceCallableNonInit 2023-09-13 14:25:28 +02:00
Tom Hvitved
f3a78efe03 Ruby: Fix semantic merge conflict 2023-09-13 14:04:20 +02:00
Alex Ford
b5ec99cb2f Ruby: fix missing qldoc 2023-09-13 12:28:19 +01:00
Tom Hvitved
7400b4741e Merge pull request #14108 from hvitved/dataflow/more-consistency-checks 
Data flow: Add `ArgumentNode` consistency checks
 2023-09-13 11:30:51 +02:00
Tom Hvitved
88d2e2590f Ruby: Rename LambdaSelfParameterNode to LambdaSelfReferenceNode 2023-09-13 08:52:22 +02:00
Tom Hvitved
b470c36c82 Ruby: Implement multipleArgumentCallExclude 2023-09-12 20:05:11 +02:00
Tom Hvitved
c13a8e41ad Data flow: Add more consistency checks 2023-09-12 20:05:05 +02:00
Alex Ford
5b013dd5d2 Merge branch 'main' into rb/dataflow-query-refactor 2023-09-07 14:57:38 +01:00
Alex Ford
947fa0de62 Ruby: fix qldoc warnings 2023-09-07 14:57:04 +01:00
Alex Ford
4a01de13ef Ruby: avoid toString in query warning 2023-09-07 14:54:50 +01:00
Alex Ford
0aee7f6ac6 Ruby: qlformat 2023-09-07 14:47:02 +01:00
Alex Ford
13300a2e2f Ruby: un-private PathGraph imports 2023-09-07 14:24:46 +01:00
Alex Ford
a893911dba Ruby: Use a newtype instead of DataFlow::FlowState for insecure-download 2023-09-07 14:22:18 +01:00
Alex Ford
75fdde543f Ruby: Use a newtype instead of DataFlow::FlowState for hardcoded-data 2023-09-07 14:13:26 +01:00
Alex Ford
0d7d5a35c9 Ruby: Use a newtype instead of DataFlow::FlowState for code-injection 2023-09-07 13:39:10 +01:00
Alex Ford
dfc3b33910 Ruby: Use a newtype instead of DataFlow::FlowState for unicode-bypass-validation 2023-09-07 12:09:47 +01:00
Tom Hvitved
a06a9ffa29 Address review comments 2023-09-06 11:01:54 +02:00
Tom Hvitved
6de315d086 Add change note 2023-09-06 11:01:54 +02:00
Tom Hvitved
48e2dcfa35 Ruby: Reimplement flow through captured variables using field flow 2023-09-06 11:00:55 +02:00
Tom Hvitved
5d1c399371 Ruby: Add more data-flow tests for captured variables 2023-09-06 10:34:34 +02:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00
Tom Hvitved
4a1163b38c Merge pull request #14109 from hvitved/ruby/hide-desugared-assignments-in-dataflow 2023-09-04 19:59:33 +02:00
Alex Ford
11e5565344 Merge branch 'main' into add-cwe-208 2023-09-04 12:45:49 +01:00
Alex Ford
98851736d6 Revert "Ruby: configsig rb/tainted-format-string" 
This reverts commit f5860cb4818dc3c07eeb6731e75bf5df203dd48f.
 2023-09-03 17:20:06 +01:00
Alex Ford
bf6837cca0 Revert "Ruby: configsig rb/http-to-file-access" 
This reverts commit e77ba1589663905c952cdb643ab66885760b27bd.
 2023-09-03 17:20:06 +01:00
Alex Ford
e399eac2b3 Ruby: changenote for using new dataflow api 2023-09-03 17:20:06 +01:00
Alex Ford
73ed5696f3 Ruby: configsig rb/xxe 2023-09-03 17:20:06 +01:00
Alex Ford
956207b7d9 Ruby: configsig rb/meta/tainted-nodes 2023-09-03 17:20:06 +01:00
Alex Ford
f24102e0e7 Ruby: configsig rb/weak-params 2023-09-03 17:20:06 +01:00
Alex Ford
6c06def5d7 Ruby: configsig rb/manually-checking-http-verb 2023-09-03 17:20:06 +01:00
Alex Ford
39af2d2870 Ruby: configsig rb/user-controlled-file-decompression 2023-09-03 17:20:06 +01:00
Alex Ford
cdc788b162 Ruby: configsig rb/hardcoded-credentials 2023-09-03 17:20:06 +01:00
Alex Ford
4d1684e37b Ruby: configsig rb/overly-permissive-file 2023-09-03 17:20:06 +01:00
Alex Ford
b6d12f8b1c Ruby: configsig rb/zip-slip 2023-09-03 17:20:05 +01:00
Alex Ford
ebf2a2e1f5 Ruby: configsig rb/unicode-bypass-validation 2023-09-03 17:20:05 +01:00
Alex Ford
7445fc43f9 Ruby: configsig rb/regexp-injection 2023-09-03 17:20:05 +01:00
Alex Ford
494b7b3fdf Ruby: configsig rb/polynomial-redos 2023-09-03 17:20:05 +01:00
Alex Ford
04d3d04317 Ruby: configsig rb/regex/badly-anchored-regexp 2023-09-03 17:20:05 +01:00
Alex Ford
77f3a70376 Ruby: renames for rb/xpath-injection 2023-09-03 17:20:05 +01:00
Alex Ford
42cd58695d Ruby: configsig rb/url-redirection 2023-09-03 17:20:05 +01:00
Alex Ford
f79796a644 Ruby: configsig rb/shell-command-constructed-from-input 2023-09-03 17:20:05 +01:00
Alex Ford
f03f670312 Ruby: configsig rb/html-constructed-from-input 2023-09-03 17:20:05 +01:00
Alex Ford
8ad6c72ba2 Ruby: configsig rb/unsafe-deserialization 2023-09-03 17:20:05 +01:00
Alex Ford
461bc0d359 Ruby: configsig rb/unsafe-code-construction 2023-09-03 17:20:05 +01:00
Alex Ford
3e23a6e021 Ruby: configsig rb/server-side-template-injection 2023-09-03 17:20:05 +01:00