hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-11 13:40:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,730 Commits 1,679 Branches 158 Tags
b9b2aa35809e85fe617135a967319289fc3ec546
Commit Graph

4305 Commits

Author SHA1 Message Date
erik-krogh
4ae25c2d34 don't mention arrays in the qhelp for rb/shell-command-constructed-from-input, because there are no array 2024-04-10 14:26:00 +02:00
Tom Hvitved
6c9a0e4a9a Merge pull request #16154 from hvitved/ruby/redundant-implicit-read 
Ruby: Remove two redundant `allowImplicitRead` predicates
 2024-04-09 15:38:05 +02:00
Tom Hvitved
5f8eb7b138 Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content 
Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`
 2024-04-09 11:26:24 +02:00
Tom Hvitved
e6984aa865 Ruby: Remove two redundant allowImplicitRead predicates 2024-04-09 10:10:25 +02:00
Tom Hvitved
aa24c29395 Merge pull request #16122 from hvitved/ruby/cfg-may-raise-issue 
Ruby: Fix CFG for nodes that may raise
 2024-04-08 11:20:49 +02:00
Erik Krogh Kristensen
0cfac605bd Merge pull request #16100 from erik-krogh/fix-js-rb-typo 
RB: fix language specifier typo in qhelp for rb/multi-char-san
 2024-04-04 15:42:45 +02:00
Tom Hvitved
ce3b359813 Ruby: Fix CFG for nodes that may raise 2024-04-04 13:27:29 +02:00
Tom Hvitved
6d2d9654b5 Ruby: Add CFG test 2024-04-04 13:27:29 +02:00
Erik Krogh Kristensen
35f61d9de4 Merge pull request #16107 from erik-krogh/fix-log-injection-typo 
RB: Tiny fixes to log-injection QHelp
 2024-04-03 18:29:37 +02:00
Tom Hvitved
2d4cf55c87 Merge pull request #15985 from hvitved/ruby/phi-barrier-guards 
Ruby: Extend barrier guards to handle phi inputs
 2024-04-03 15:22:39 +02:00
Tom Hvitved
7871fb8ce6 Data flow: Block flow at expectsContents nodes in parameterValueFlow 2024-04-03 15:19:34 +02:00
Tom Hvitved
137594cf36 Ruby: Add regression test 2024-04-03 15:19:34 +02:00
erik-krogh
ec32bdce63 fix unsanitized -> sanitized typo, and don't add a new variable just to remove newlines 2024-04-03 09:19:18 +02:00
erik-krogh
572d3ba542 fix language specifier typo in qhelp for rb/multi-char-san 2024-04-02 19:40:46 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Erik Krogh Kristensen
332c1e3b8a Merge pull request #16026 from erik-krogh/htmlSafeSan 
RB: Add barrier guard for `.html_safe?` to the XSS queries
 2024-04-02 07:54:19 +02:00
github-actions[bot]
8e61c6625b Post-release preparation for codeql-cli-2.17.0 2024-04-01 15:27:42 +00:00
github-actions[bot]
ec97d9a304 Release preparation for version 2.17.0 2024-04-01 13:46:57 +00:00
Henry Mercer
0646744928 Merge branch 'main' into henrymercer/merge-back-rc-3.13 2024-03-26 12:59:12 +00:00
github-actions[bot]
f67b5f9158 Post-release preparation for codeql-cli-2.16.6 2024-03-25 18:17:15 +00:00
github-actions[bot]
71ab804274 Release preparation for version 2.16.6 2024-03-25 16:58:08 +00:00
erik-krogh
051120e958 add qldoc for ReflectedXssSanitizers 2024-03-22 17:58:25 +01:00
erik-krogh
c60cec36d4 add calls to .html_safe? as a shared XSS sanitizer 2024-03-22 17:46:39 +01:00
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Tom Hvitved
8f56edea80 Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table 
Tree-sitter: Split up `ast_node_info` table into two tables
 2024-03-20 20:38:18 +01:00
erik-krogh
db3bf0e482 use the sanitizers from ReflectedXSS in unsafe-html-construction 2024-03-20 10:11:07 +01:00
Tom Hvitved
90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Tom Hvitved
0f0acc0428 Ruby: Add barrier guard flow tests 2024-03-20 09:25:20 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Harry Maclean
219cd4e415 Merge pull request #14426 from hmac/hmac-ar-scopes 
Ruby: Track flow into ActiveRecord scopes
 2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e Ruby: Fix Hash#keys flow summary 2024-03-19 13:47:45 +00:00
Harry Maclean
22ddf2129b Ruby: remove isString from TSymbol 2024-03-19 12:27:34 +00:00
Tom Hvitved
865026f22b Ruby: Add up/downgrade scripts (sigh) 2024-03-19 13:04:12 +01:00
Tom Hvitved
72ff494739 Ruby: Regenerate dbscheme and stats 2024-03-19 13:04:07 +01:00
Harry Maclean
dde148ee7e Ruby: add changenote 2024-03-19 08:40:30 +00:00
Harry Maclean
32b80f8cb1 Ruby: Add tests for hash flow 2024-03-19 08:38:14 +00:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved
8899d66132 Merge pull request #15734 from hvitved/dataflow/hidden-subpath 
Data flow: Account for hidden `subpath` wrappers
 2024-03-18 20:17:16 +01:00
Harry Maclean
187a68bf76 Ruby: Add flow summary for Hash#keys 2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a Ruby: Taint flow to second block param in map 
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
 2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1 Ruby: Track flow into ActiveRecord scopes 2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4 Merge pull request #15907 from joefarebrother/ruby-uploaded-file 
Ruby: Model ActiveDispatch::Http::UploadedFile
 2024-03-18 14:02:33 +00:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
Arthur Baars
dbf16827bf Merge pull request #15951 from github/aibaars/changenotes-fixes 
Fix minor formatting issues in changenotes
 2024-03-18 12:56:50 +01:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00