hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,922 Commits 1,673 Branches 157 Tags
b4ed77343b77cdc16aea4e04af294883ebbefdb7
Commit Graph

4015 Commits

Author SHA1 Message Date
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919 Model additional string attributes 2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca Model UploadedFile original_filename and read 2024-03-14 22:25:35 +00:00
Tom Hvitved
4085c8ec8f Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit 
Ruby: Lower access path limit to 1 for `OrmTracking`
 2024-03-13 10:57:09 +01:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tom Hvitved
695e728ed5 Ruby: Lower access path limit to 1 for OrmTracking 2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Joe Farebrother
9c51514bd9 Merge pull request #15857 from joefarebrother/ruby-activerecord-from 
Ruby: Model second argument of `ActiveRecord` `from`
 2024-03-11 16:49:52 +00:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Joe Farebrother
dbd33d1cf0 Model Argument[1] of ActiveRecord from 2024-03-08 14:04:01 +00:00
Tom Hvitved
85782ff1d4 Ruby: Exclude calls with arguments from OrmFieldAsSource 2024-03-07 17:34:01 +01:00
Anders Schack-Mulligen
0dbe8c3d8a Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity 
Data flow: prune context-sensitivity relations
 2024-03-06 10:04:48 +01:00
Harry Maclean
350dab4621 Merge pull request #15722 from hmac/mad-sinks 2024-03-06 08:18:19 +00:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Joe Farebrother
7027b7fe82 Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting. 2024-03-05 16:34:48 +00:00
Harry Maclean
148241183a Ruby: update changenote 2024-03-05 10:20:25 +00:00
Harry Maclean
91cb2a37fd Ruby: Model Process.exec 2024-03-05 10:19:22 +00:00
Tom Hvitved
bd7b2c4cc6 Update expected output 2024-03-05 10:44:13 +01:00
Harry Maclean
179aaa1342 Ruby: model Open4.popen4ext 2024-03-05 09:35:18 +00:00
Joe Farebrother
31687afd5d Fix performance 2024-03-04 09:47:12 +00:00
Joe Farebrother
5a1c0f60e6 Fix qldoc typo 2024-03-01 15:12:16 +00:00
Peter Stöckli
4adc373dfe Ruby: more test cases for code injection via method 2024-03-01 16:01:07 +01:00
Joe Farebrother
4b1626c83a Add change note 2024-03-01 14:59:24 +00:00
Peter Stöckli
3418ec8a81 Ruby: Update method code injection sinks change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 15:54:58 +01:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Joe Farebrother
a08b292099 Add models for Typhoeus::Request 2024-03-01 14:23:24 +00:00
Peter Stöckli
e43c368222 Ruby: change note for methode code injection sinks 2024-03-01 15:20:32 +01:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Joe Farebrother
abdae2c437 Apply reveiw suggestion - update change note 
Co-authored-by: Harry Maclean <hmac@github.com>
 2024-03-01 09:57:28 +00:00
Joe Farebrother
bf2174ffce Add change note 2024-03-01 09:57:28 +00:00
Joe Farebrother
0b7b7ea1b8 Add test cases and improve controller model 2024-03-01 09:57:24 +00:00
Joe Farebrother
ef0a1d2873 Implement models for translation methods 2024-03-01 09:52:53 +00:00
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00
Tom Hvitved
994d990f37 Ruby: Add another data flow test 2024-02-27 15:33:58 +01:00
Joe Farebrother
3ab6f222d0 Merge pull request #15718 from joefarebrother/ruby-arel-sqlliteral 
Ruby: Model Arel::Nodes::SqlLiteral.new
 2024-02-27 12:43:47 +00:00
Harry Maclean
d0e7fbc871 Ruby: Add changenote 2024-02-27 09:47:51 +00:00
Tom Hvitved
bbeee8f38d Merge pull request #15717 from hvitved/csharp/view-cfg 
Shared `View CFG` implementation
 2024-02-27 09:13:18 +01:00
Joe Farebrother
cb733dcf85 Simplify model defenition 2024-02-26 14:59:03 +00:00
Cornelius Riemenschneider
4bb725cbf5 Merge pull request #15656 from github/criemen/ruby-bazel 
Ruby: Start building the language pack using bazel.
 2024-02-26 15:52:28 +01:00
Harry Maclean
8212f5de1b Ruby: Update test 2024-02-26 13:10:27 +00:00
Harry Maclean
b86643fab2 Ruby: doc fixes 2024-02-26 12:57:21 +00:00
Harry Maclean
8a670fe9a2 Ruby: formatting 2024-02-26 12:26:04 +00:00
amammad
32f5667bb6 revert YAML.qll and yaml sinks to previous PR, make a separate experimental query only for yaml 2024-02-26 12:12:03 +00:00
amammad
c582ea626d update expected test file 2024-02-26 12:10:04 +00:00
amammad
1c1a6f13df fix QLDoc style 2024-02-26 12:05:35 +00:00
amammad
9c5c8c8362 fix test file 2024-02-26 12:05:35 +00:00
amammad
464e2e4291 fix qldoc and test files 2024-02-26 12:04:52 +00:00
amammad
18fa91bde4 add transform method that is an alias for to_ruby 2024-02-26 11:59:41 +00:00