381 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	0b24af901d	Merge pull request #7349 from aschackmull/dataflow/state ... Dataflow: Add support for flow state	2022-01-14 09:12:38 +01:00
Anders Schack-Mulligen	c44cf29992	Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard ... Dataflow: Add default taint sanitizer guard	2022-01-13 14:44:55 +01:00
Anders Schack-Mulligen	f7cf327e71	Dataflow: Sync	2022-01-13 13:28:43 +01:00
Anders Schack-Mulligen	a34c981209	Dataflow: Address comments.	2022-01-13 13:28:24 +01:00
Erik Krogh Kristensen	89bab6ae12	Merge pull request #7097 from erik-krogh/railsReDoS ... JS/PY/RB: support a limited number of ranges for ReDoS analysis	2022-01-13 11:04:36 +01:00
Owen Mansel-Chan	8e8278764b	Add predicate defaultTaintSanitizerGuard for each language ... This was done manually, as these files are not synced by sync-files.py.	2022-01-12 14:44:56 +00:00
Owen Mansel-Chan	c112980b81	Sync TaintTrackingImpl.qll ... Done automatically using sync-files.py	2022-01-12 14:44:55 +00:00
Anders Schack-Mulligen	c8a6798c05	Ruby: Workaround for optimiser problem. ... A size 1 DataFlowType causes misoptimisations.	2022-01-10 11:21:18 +01:00
Tom Hvitved	d2ebbe0819	Merge pull request #7469 from hvitved/csharp/promote-adhoc-consistency-checks ... C#: Promote existing ad-hoc consistency checks to consistency queries	2022-01-10 11:10:25 +01:00
Erik Krogh Kristensen	f7a63d5ea0	remove duplicated line	2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen	c8d29a9cf1	sync files	2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen	1a8b6d7414	recognize ranges without upper bounds	2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen	acaf294bee	support a limited number of regexp ranges	2022-01-07 18:36:30 +01:00
Alex Ford	f935df9865	Merge pull request #7313 from github/ruby/rails-cookie-config ... Ruby: Add `rb/weak-cookie-configuration` query	2022-01-05 15:20:40 +00:00
Alex Ford	da8c745bd8	Ruby: Restrict Rails Setting nodes to SetterMethodCalls	2022-01-05 14:11:07 +00:00
Anders Schack-Mulligen	ef714f7328	Dataflow: Sync	2022-01-05 14:25:35 +01:00
Alex Ford	712972cb82	Ruby: formatting	2022-01-04 16:41:23 +00:00
Alex Ford	36ea360b25	Ruby: behaviour -> behavior	2022-01-04 15:43:38 +00:00
Erik Krogh Kristensen	b9964799f3	Merge pull request #7458 from erik-krogh/modelling ... QL: add "modelling/modeling" to `ql/non-us-spelling`	2022-01-04 13:33:54 +01:00
Alex Ford	dadaf25262	Merge branch 'main' into ruby/rails-cookie-config	2022-01-04 12:04:44 +00:00
Tom Hvitved	1f8a291d6f	Merge pull request #7198 from hvitved/ruby/dataflow/arrays ... Ruby: Flow through arrays/enumerables	2022-01-04 10:37:08 +01:00
yoff	5ba70ff3b6	Merge pull request #7369 from RasmusWL/filter-tag-cwe ... JS/Py/Ruby: Add more CWEs to bad-tag-filter queries	2022-01-04 10:11:03 +01:00
Dave Bartolomeo	5f5af4a29e	Move change notes to correct location ... A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.	2022-01-03 18:21:16 -05:00
Dave Bartolomeo	ded3c52a34	Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 ... Post-release preparation for codeql-cli-2.7.4	2022-01-03 17:09:58 -05:00
github-actions[bot]	1334d207fa	Post-release version bumps	2022-01-03 20:11:15 +00:00
Alex Ford	7d3932dc8d	Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config	2021-12-22 17:54:03 +00:00
Alex Ford	7f01be7067	Ruby: use new changenote format for rb/weak-cookie-configuration	2021-12-22 17:47:44 +00:00
Alex Ford	d977e8a473	Ruby: remove unnecessary custom transitive version of getReceiver	2021-12-22 17:47:44 +00:00
Alex Ford	9821c4a06c	Ruby: behaviour -> behavior ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-12-22 17:47:44 +00:00
Alex Ford	2cd02157c9	Ruby: fix import	2021-12-22 17:47:44 +00:00
Alex Ford	71c5711eb3	Ruby: add some rb/weak-cookie-configuration tests	2021-12-22 17:47:44 +00:00
Alex Ford	8976469d9b	Ruby: Model some Rails cookie configuration settings	2021-12-22 17:47:44 +00:00
Alex Ford	5ce6e63590	Ruby: Tidy Rails.qll to make adding new settings modeling easier	2021-12-22 17:47:44 +00:00
Alex Ford	737f7332bc	Ruby: add rb/weak-cookie-configuration query	2021-12-22 17:47:44 +00:00
Alex Ford	8a3d1fe174	Ruby: add CookieSecurityConfigurationSetting concept	2021-12-22 17:47:43 +00:00
Alex Ford	0cbf136e21	Merge pull request #7273 from github/ruby/crypto-algorithms ... Ruby: add CryptoAlgorithms library	2021-12-22 17:42:59 +00:00
Alex Ford	3da98ecb73	Bump a date	2021-12-22 16:38:16 +00:00
Alex Ford	a2104de8a0	Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll	2021-12-22 16:38:15 +00:00
Alex Ford	f16d77615d	Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll	2021-12-22 16:38:15 +00:00
Alex Ford	df0da980ea	Update ruby/ql/lib/codeql/ruby/security/OpenSSL.qll ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-12-22 16:38:15 +00:00
Alex Ford	27a40fb5cf	Ruby: OpenSSL QLDoc fixes	2021-12-22 16:38:15 +00:00
Alex Ford	97c75de771	Ruby: OpenSSL and CryptoAlgorithms test update	2021-12-22 16:38:15 +00:00
Alex Ford	e6bc45ee3b	Ruby: Base OpenSSL supported algorithms on OpenSSL 1.1.1 and LibreSSL 3.4.1	2021-12-22 16:38:15 +00:00
Alex Ford	d3af687767	Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames ... Strong encryption algorithms: ARIA, IDEA, SEED, SM4 Strong block modes: CBC, CFB, CTR, OFB	2021-12-22 16:38:15 +00:00
Alex Ford	bdb2d8ba16	Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version	2021-12-22 16:38:15 +00:00
Alex Ford	0303c279e2	Ruby: add empty ruby file to avoid DataFlowConsistency failure	2021-12-22 16:38:15 +00:00
Alex Ford	1156581b52	Ruby: add CryptoAlgorithms library	2021-12-22 16:38:15 +00:00
Jeff Gran	accfd482d4	autoformat file	2021-12-22 08:44:35 -07:00
Jeff Gran	f21398ce84	changed the name of one of the constants for a better test case	2021-12-22 08:42:07 -07:00
Jeff Gran	445c420a3d	rerun test --learn with rebuilt ruby extractor	2021-12-22 08:42:04 -07:00