hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 18:20:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,051 Commits 1,673 Branches 157 Tags
bf1cb33be3d84570bfe0669302e98fd91945c795
Commit Graph

3566 Commits

Author SHA1 Message Date
Alex Ford
bf1cb33be3 Ruby: configsig rb/sql-injection 2023-09-03 17:20:05 +01:00
Alex Ford
ba8ff0710d Ruby: configsig rb/request-forgery 2023-09-03 17:20:05 +01:00
Alex Ford
df9173502e Ruby: configsig rb/sensitive-get-query 2023-09-03 17:20:05 +01:00
Alex Ford
593d9a48d4 Ruby: configsig rb/reflected-xss 2023-09-03 17:20:05 +01:00
Alex Ford
ad2bbfb265 Ruby: configsig rb/path-injection 2023-09-03 17:20:05 +01:00
Alex Ford
867e47bcdd Ruby: renames for rb/log-injection 2023-09-03 17:20:04 +01:00
Alex Ford
eb34bbbfd2 Ruby: renames for rb/ldap-injection 2023-09-03 17:20:04 +01:00
Alex Ford
d46eceb5f4 Ruby: configsig rb/kernel-open 2023-09-03 17:20:04 +01:00
Alex Ford
a8ad0d8ff5 Ruby: renames for rb/insecure-download 2023-09-03 17:20:04 +01:00
Alex Ford
c973fc1274 Ruby: configsig rb/http-to-file-access 2023-09-03 17:20:04 +01:00
Alex Ford
2536f1a0cd Ruby: configsig rb/user-controlled-bypass 2023-09-03 17:20:04 +01:00
Alex Ford
377570f361 Ruby: configsig rb/command-line-injection 2023-09-03 17:20:04 +01:00
Alex Ford
b1a49ddb0d Ruby: configsig rb/code-injection 2023-09-03 17:20:04 +01:00
Alex Ford
6fa267a820 Ruby: configsig rb/clear-text-storage-sensitive-data 2023-09-03 17:20:04 +01:00
Alex Ford
2a2f21d3a9 Ruby: configsig rb/clear-text-logging-sensitive-data 2023-09-03 17:20:04 +01:00
Alex Ford
ce35d6921f Ruby: configsig rb/hardcoded-data-interpreted-as-code 2023-08-31 16:20:18 +01:00
Harry Maclean
54c2221f35 Merge pull request #14033 from hmac/excon-bugfix 
Ruby: Fix bug in excon model
 2023-08-23 14:24:53 +01:00
Harry Maclean
d18ca3f5d7 Ruby: Fix bug in excon model 
If a codebase included a definition for `Excon.new`, we matched
connection nodes to unrelated request nodes.
 2023-08-23 12:55:36 +01:00
Harry Maclean
842da58269 Ruby: Update test fixture 2023-08-23 09:59:04 +01:00
Harry Maclean
fb4b774c0d Merge pull request #13967 from hmac/remove-splat-all 
Ruby: Remove isSplatAll
 2023-08-23 09:40:06 +01:00
Tom Hvitved
5192d7c137 Merge pull request #13997 from hvitved/ruby/type-tracking-splats 
Ruby: Include more (hash) splat flow in type tracking
 2023-08-22 11:33:39 +02:00
Tom Hvitved
3f54ecbcc2 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2023-08-22 11:18:12 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Harry Maclean
414ae76ae1 Ruby: Add another splat flow test 2023-08-21 16:21:55 +01:00
Harry Maclean
c615f183c1 Ruby: Add test for spurious splat flow 
We don't yet properly model splat flow when a positional argument
follows a splat argument.
 2023-08-21 16:11:10 +01:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
4c06fbdc65 Ruby: Sync files and make manual changes. 2023-08-21 09:59:01 +02:00
Tom Hvitved
deaa37d9d3 Ruby: Include more (hash)splat flow in type tracking 2023-08-18 14:07:12 +02:00
Tom Hvitved
da05e3e0e8 Ruby: Add more type tracking tests 2023-08-18 13:51:29 +02:00
Harry Maclean
0bbda992fb Ruby: Remove isSplatAll arg/parameter position 
This is equivalent to isSplat(0).
 2023-08-18 12:09:04 +01:00
Harry Maclean
222aa41bbf Merge pull request #13938 from hmac/splat-flow-2 
Ruby: More precise flow into splat parameters
 2023-08-18 12:07:58 +01:00
Tom Hvitved
da8005dbd3 Code review suggestions 2023-08-17 09:26:58 +02:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Tom Hvitved
44b734e120 Merge pull request #13955 from hvitved/ruby/type-tracking-capture-insensitive 
Ruby: Make type tracking flow-insensitive for captured variables
 2023-08-15 11:42:41 +02:00
Erik Krogh Kristensen
6a3b9e10eb Merge pull request #13914 from erik-krogh/escape-unicode 
ReDoS: escape unicode chars in the output for the ReDoS queries
 2023-08-15 11:21:21 +02:00
Tom Hvitved
061575ff77 Merge pull request #13937 from hvitved/ruby/for-loop-desugar 
Ruby: Improve desugaring of `for` loops
 2023-08-14 20:12:12 +02:00
Arthur Baars
77db0cf547 Merge pull request #13334 from aibaars/print-cfg-2 
Ruby: printCfg: only show graph for selected CfgScope
 2023-08-14 18:24:20 +02:00
Tom Hvitved
e96cbeb00a Ruby: Adjust locations of synthesized nodes 2023-08-14 14:37:47 +02:00
Tom Hvitved
c084a9b27a Ruby: Make type tracking flow-insensitive for captured variables 2023-08-14 13:44:37 +02:00
Harry Maclean
d45e9101ba Ruby: Add change note 2023-08-14 11:20:58 +01:00
Harry Maclean
ca5456a54a Ruby: Remove duplicate disjuncts 2023-08-14 09:45:57 +01:00
Henry Mercer
75e6fd9c8e Merge pull request #13918 from github/post-release-prep/codeql-cli-2.14.2 
Post-release preparation for codeql-cli-2.14.2
 2023-08-11 16:28:16 +01:00
Harry Maclean
6011d26823 Ruby: Restrict parameter nodes 2023-08-11 15:14:32 +01:00
Tom Hvitved
e39fb093e9 Merge pull request #13945 from hvitved/ruby/destruct-param-test 
Ruby: Add test for documenting missing flow through destructured parameters
 2023-08-11 15:11:39 +02:00
Henry Mercer
1213eba630 Merge branch 'main' into post-release-prep/codeql-cli-2.14.2 2023-08-11 13:54:55 +01:00
Tom Hvitved
b28f60ccd2 Ruby: Add test for documenting missing flow through destructured parameters 2023-08-10 20:22:11 +02:00
Tom Hvitved
f19232f800 Ruby: Fix another bug in isCapturedAccess 2023-08-10 14:02:58 +02:00
Harry Maclean
b365ff095a Ruby: Fix SynthSplatParameterElementNode 
Make this class into a proper subclass of `ParameterNodeImpl`, to
prevent some consistency test failures.
 2023-08-10 12:35:12 +01:00