hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,213 Commits 1,741 Branches 165 Tags
cfd4be6b4e24364ecaeaf108ecb3cb9ab8ef8b66
Commit Graph

562 Commits

Author SHA1 Message Date
Sid Shankar
b1d7a635f5 Renames diagnostic query files and tests 
This commit renames the files relating to the diagnostic query that produces information on the number of files extracted. The files have been renamed from "SuccessfullExtractedFiles.*" to "ExtractedFiles.*". All related tests and test files have been renamed too.

The `@tags` and `@id` attributes of the queries have been left untouched, consistent with the `@tags` and `@id` for similar queries in other languages.
 2024-01-29 20:19:20 +00:00
Sid Shankar
b26fef816a Rb: Report any extracted file as successfully extracted 2024-01-08 22:21:30 +00:00
Harry Maclean
ece196cb25 Ruby: Update model editor tests 2023-12-08 14:52:51 +00:00
Harry Maclean
1dc0a063b0 Merge pull request #14679 from hmac/hmac-model-editor-ruby 
Ruby: Experimental model editor support
 2023-12-08 11:03:38 +00:00
Harry Maclean
d630773575 Merge pull request #14627 from alexrford/rb/update_all_sink 
Ruby: refine `ActiveRecord` `update_all` as an SQL sink
 2023-12-04 13:02:14 +00:00
Harry Maclean
bd575db254 Ruby: Add test for FrameworkModeEndpoints query 2023-11-27 14:18:18 +00:00
Alex Ford
8db23dc775 Ruby: refine ActiveRecord update_all as an SQL sink 2023-10-30 09:47:16 +00:00
Alex Ford
013e7aae97 Ruby: test whitespace changes 2023-10-30 09:32:44 +00:00
Max Schaefer
104700f6d3 Address review comment. 2023-10-27 10:19:28 +01:00
Max Schaefer
f42bd28ca9 Port changes to Ruby. 2023-10-26 15:06:45 +01:00
Maiky
35d390ad06 Add Insecure Randomness Query (CWE-338) 2023-10-21 17:23:41 +02:00
Peter Stöckli
09cf76a880 Ruby: additional unsafe deserialization sinks for ox, oj 2023-10-19 14:04:48 +02:00
Alex Ford
22850b28df Ruby: update alert message test output 2023-10-16 13:08:49 +01:00
Alex Ford
3dd042c38a Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt 2023-10-16 12:42:19 +01:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
amammad
609bb762fe fix a bug,modularize 2023-10-11 12:04:11 +02:00
amammad
90017712a6 Merge remote-tracking branch 'origin/main' into amammad-ruby-bombs 2023-10-11 10:45:16 +02:00
Harry Maclean
5411123b8a Ruby: Fix GraphQL test 2023-09-14 14:14:26 +01:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Alex Ford
79c305c1a1 Merge pull request #14124 from alexrford/rb/dataflow-query-refactor 
Ruby: Use the new dataflow API for checked in queries
 2023-09-13 14:24:47 +01:00
Alex Ford
5b013dd5d2 Merge branch 'main' into rb/dataflow-query-refactor 2023-09-07 14:57:38 +01:00
amammad
4191b07b1f Merge branch 'github:main' into amammad-ruby-bombs 2023-09-06 20:17:49 +10:00
Tom Hvitved
48e2dcfa35 Ruby: Reimplement flow through captured variables using field flow 2023-09-06 11:00:55 +02:00
Alex Ford
cdc788b162 Ruby: configsig rb/hardcoded-credentials 2023-09-03 17:20:06 +01:00
Alex Ford
b6d12f8b1c Ruby: configsig rb/zip-slip 2023-09-03 17:20:05 +01:00
Alex Ford
42cd58695d Ruby: configsig rb/url-redirection 2023-09-03 17:20:05 +01:00
Alex Ford
593d9a48d4 Ruby: configsig rb/reflected-xss 2023-09-03 17:20:05 +01:00
Alex Ford
a8ad0d8ff5 Ruby: renames for rb/insecure-download 2023-09-03 17:20:04 +01:00
Tom Hvitved
7e77c77d92 Ruby: Update expected test output 2023-08-30 13:33:48 +02:00
Alex Ford
9957e2683b Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth 
Ruby: Add Improper LDAP Authentication query (CWE-287)
 2023-08-25 20:52:34 +01:00
Maiky
17565cde75 Add JWT Security Queries 2023-08-25 21:28:53 +02:00
Maiky
ffd618d6cc Revert "Add "" and nil as sources" 
This reverts commit 664c1eba72.
 2023-08-25 15:23:55 +02:00
Harry Maclean
d18ca3f5d7 Ruby: Fix bug in excon model 
If a codebase included a definition for `Excon.new`, we matched
connection nodes to unrelated request nodes.
 2023-08-23 12:55:36 +01:00
Maiky
664c1eba72 Add "" and nil as sources 2023-08-22 18:10:33 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
Maiky
6f1b406b3a typo 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:08:10 +02:00
Maiky
0237f37842 typo 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-08-03 17:07:58 +02:00
Maiky
c54561e775 Merge branch 'main' into maikypedia/ldap-improper-auth 2023-08-03 16:49:30 +02:00
Alex Ford
af854749d7 Ruby: update Ldapinjection test output 2023-07-31 16:08:15 +01:00
Alex Ford
f437a6f729 Merge branch 'main' into maikypedia/ldap-injection 2023-07-31 16:00:41 +01:00
Maiky
2d88ac1846 Suggested Changes 2023-07-27 23:40:52 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Alex Ford
d89c10dd85 Merge pull request #13130 from maikypedia/maikypedia/xpath-injection 
Ruby :  XPath Injection Query (CWE-643)
 2023-07-14 14:10:09 +01:00
Alex Ford
a524735236 Merge branch 'main' into maikypedia/ldap-injection 2023-07-14 12:05:17 +01:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
amammad
9540c58c4a make one ql file 2023-06-26 20:55:11 +10:00
amammad
796075f9dc V1 Bombs 2023-06-25 00:59:21 +10:00
Asger F
0039cb141e Merge branch 'main' into rb/tracking-on-demand 2023-06-23 12:55:54 +02:00
Asger F
f392af220b Ruby: benign changes to SQLi tests (fixed FNs) 2023-06-19 12:15:57 +02:00