hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,103 Commits 1,692 Branches 160 Tags
ca1024e2858c6f541c5adef4e0405dbc6b7625f1
Commit Graph

1223 Commits

Author SHA1 Message Date
Harry Maclean
b8c3cba4ff Ruby: Consolidate unsafe deserialization queries 
Merge the experimental YAMLUnsafeDeserialization and
PlistUnsafeDeserialization queries into the generate
UnsafeDeserialization query in the default suite.

These queries look for some specific sinks that we now find in the
general query.

Also apply some small code and comment refactors.
 2023-05-27 01:20:04 +00:00
amammad
b9296d3df8 v2.1 fix file names 2023-05-27 01:14:36 +00:00
amammad
4360a56b45 v2 add plist.parse_xml as a dangerous sink and enhancements on documents 2023-05-27 01:14:36 +00:00
amammad
0521ffe175 v1.4 correct dirs uppercase issue 2023-05-27 01:14:36 +00:00
amammad
0e343e5a12 v1.3 2023-05-27 01:14:36 +00:00
amammad
486a5ac96f v1 2023-05-27 01:14:36 +00:00
Arthur Baars
e0466900ad Merge pull request #12992 from Sim4n6/ruby-UBV 
[Ruby] Add Unicode Bypass Validation query, test and help file
 2023-05-26 13:00:21 +02:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Asger F
6d1a4451fb Ruby: update a test expectation 2023-05-24 10:15:51 +02:00
Maiky
8dca585207 Expected 2023-05-23 20:04:34 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Sim4n6
90c174de4e Updated the .expected file accordingly 2023-05-23 17:36:50 +01:00
Sim4n6
f7f0564e36 added one more test 2023-05-20 18:00:27 +01:00
Sim4n6
d11cb9195c Use of CGI.escapeHTML() in test samples 2023-05-20 12:57:50 +01:00
Tom Hvitved
826b6219a0 Ruby: Include self parameters in type tracking flow-through logic 2023-05-15 16:02:33 +02:00
Tom Hvitved
3cdb27725a Ruby: Add more call graph tests 2023-05-15 16:02:33 +02:00
Kasper Svendsen
e6ca3fe272 Ruby: Enable implicit this warnings 2023-05-10 13:03:39 +02:00
Kasper Svendsen
6b8a7c2f6f Ruby: Make implicit this receivers explicit 2023-05-10 13:03:39 +02:00
Tom Hvitved
2f95af8ef2 Ruby: Remove self edges 2023-05-08 10:26:01 +02:00
Mathias Vorreiter Pedersen
09ba9a74ce Merge pull request #12959 from MathiasVP/identity-consistency-check 
DataFlow: Add an "identity-step" consistency check
 2023-05-05 10:03:20 +01:00
Sim4n6
1247403d43 Updated expected results file 2023-05-04 08:56:45 +01:00
Mathias Vorreiter Pedersen
77001a070b Merge branch 'main' into identity-consistency-check 2023-05-03 22:01:06 +01:00
Mathias Vorreiter Pedersen
924854c6dc Ruby: Accept consistency changes. 2023-05-03 20:32:33 +01:00
Alex Ford
e7213e92cf Merge remote-tracking branch 'origin/main' into rb/sqlite3 2023-05-03 15:18:07 +01:00
Alex Ford
6e6eee2dab Ruby: add test case for instance variable flow with sqlite3 2023-05-03 15:16:16 +01:00
Alex Ford
82c025020d Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti 2023-05-02 16:18:41 +01:00
Alex Ford
a571bc64ac ruby: regenerate TemplateInjection.expected 2023-05-02 16:14:20 +01:00
Sim4n6
019b85beb6 Add Unicode Bypass Validation query, test and help file 2023-05-02 15:36:39 +01:00
Maiky
5d15ec99c8 Change expected file to new 2023-05-02 09:26:41 +02:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen
90f84bb516 Ruby: Update expected output. 2023-04-26 13:08:16 +02:00
Asger F
f3b14e13b2 Merge pull request #12841 from asgerf/rb/api-graph-class-nodes 
Ruby: add API node representing a module/class object
 2023-04-21 10:59:51 +02:00
Alex Ford
9dc04f30ac Ruby: model sqlite3 2023-04-20 15:47:14 +01:00
Peter Stöckli
2f268b309b Ruby: improve non-constant-kernel-open, freeze called on constant 2023-04-18 11:24:01 +02:00
Peter Stöckli
0a6bb3f7ce Ruby: improve non-constant-kernel-open, no FP's on open without arguments 2023-04-18 10:10:36 +02:00
Asger F
8c0c335daf Ruby: update test output 2023-04-17 12:47:23 +02:00
Maiky
820db43945 Add ERB Template Injection Sink 2023-04-13 17:21:31 +02:00
Asger F
c699afd07f Ruby: instantiate NetHttpRequest even if body is not accessed 2023-03-31 12:56:09 +02:00
Asger F
504a0f8112 Ruby: Add test where response body is not referenced 2023-03-31 12:55:49 +02:00
Asger F
209aebad61 Ruby: Update HttpClients.ql not assume all predicates have results 2023-03-31 11:12:45 +02:00
Arthur Baars
cd53c77e23 Merge pull request #12670 from alexrford/mergeback-rc/3.9 
Merge `rc/3.9` back into `main`
 2023-03-28 10:49:08 +02:00
Asger F
32bab0b8b2 Merge pull request #12654 from asgerf/rb/always-resolve-toplevel-namespace 
RB: always resolve toplevel namespaces to their locally qualified name
 2023-03-28 09:54:59 +02:00
Tom Hvitved
e3799adbe0 Merge pull request #12612 from hvitved/ruby/print-ast-desugar-reorder 
Ruby: Order synthetic children in PrintAST based on their index instead of location
 2023-03-28 09:13:03 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
Alex Ford
181e5d588d Merge remote-tracking branch 'origin/rc/3.9' into main 2023-03-27 12:16:03 +01:00
Tom Hvitved
f8c28bee6a Ruby: Order synthetic children in PrintAST based on their index instead of location 2023-03-27 11:38:30 +02:00
Alex Ford
24aa16c919 Ruby: update rb/sensitive-get-query test output 2023-03-27 09:44:55 +01:00
Arthur Baars
9a8e138684 Ruby: also change evaluation order for scoped constants 2023-03-24 16:57:55 +01:00
Arthur Baars
a819797508 Ruby: add test case of destructured assignment with contants 2023-03-24 16:57:39 +01:00