hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 15:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,785 Commits 1,673 Branches 157 Tags
d15c60ba7674a98060011357e4bd57be01ffb9d7
Commit Graph

324 Commits

Author SHA1 Message Date
Asger F
89bd00a4ec Ruby: port queries to ConfigSig-style 2023-10-11 10:06:19 +02:00
Erik Krogh Kristensen
7e7852eff6 Merge pull request #13641 from erik-krogh/multi-char 
JS/RB: write qhelp for `incomplete-multi-character-sanitization`
 2023-09-14 14:48:30 +02:00
Alex Ford
4a01de13ef Ruby: avoid toString in query warning 2023-09-07 14:54:50 +01:00
Alex Ford
13300a2e2f Ruby: un-private PathGraph imports 2023-09-07 14:24:46 +01:00
Alex Ford
0d7d5a35c9 Ruby: Use a newtype instead of DataFlow::FlowState for code-injection 2023-09-07 13:39:10 +01:00
Alex Ford
98851736d6 Revert "Ruby: configsig rb/tainted-format-string" 
This reverts commit f5860cb4818dc3c07eeb6731e75bf5df203dd48f.
 2023-09-03 17:20:06 +01:00
Alex Ford
bf6837cca0 Revert "Ruby: configsig rb/http-to-file-access" 
This reverts commit e77ba1589663905c952cdb643ab66885760b27bd.
 2023-09-03 17:20:06 +01:00
Alex Ford
73ed5696f3 Ruby: configsig rb/xxe 2023-09-03 17:20:06 +01:00
Alex Ford
956207b7d9 Ruby: configsig rb/meta/tainted-nodes 2023-09-03 17:20:06 +01:00
Alex Ford
cdc788b162 Ruby: configsig rb/hardcoded-credentials 2023-09-03 17:20:06 +01:00
Alex Ford
4d1684e37b Ruby: configsig rb/overly-permissive-file 2023-09-03 17:20:06 +01:00
Alex Ford
7445fc43f9 Ruby: configsig rb/regexp-injection 2023-09-03 17:20:05 +01:00
Alex Ford
494b7b3fdf Ruby: configsig rb/polynomial-redos 2023-09-03 17:20:05 +01:00
Alex Ford
04d3d04317 Ruby: configsig rb/regex/badly-anchored-regexp 2023-09-03 17:20:05 +01:00
Alex Ford
42cd58695d Ruby: configsig rb/url-redirection 2023-09-03 17:20:05 +01:00
Alex Ford
f79796a644 Ruby: configsig rb/shell-command-constructed-from-input 2023-09-03 17:20:05 +01:00
Alex Ford
f03f670312 Ruby: configsig rb/html-constructed-from-input 2023-09-03 17:20:05 +01:00
Alex Ford
8ad6c72ba2 Ruby: configsig rb/unsafe-deserialization 2023-09-03 17:20:05 +01:00
Alex Ford
461bc0d359 Ruby: configsig rb/unsafe-code-construction 2023-09-03 17:20:05 +01:00
Alex Ford
0a73ebdbee Ruby: configsig rb/tainted-format-string 2023-09-03 17:20:05 +01:00
Alex Ford
f5e433940f Ruby: renames for rb/stored-xss 2023-09-03 17:20:05 +01:00
Alex Ford
030aae5693 Ruby: configsig rb/stack-trace-exposure 2023-09-03 17:20:05 +01:00
Alex Ford
bf1cb33be3 Ruby: configsig rb/sql-injection 2023-09-03 17:20:05 +01:00
Alex Ford
ba8ff0710d Ruby: configsig rb/request-forgery 2023-09-03 17:20:05 +01:00
Alex Ford
df9173502e Ruby: configsig rb/sensitive-get-query 2023-09-03 17:20:05 +01:00
Alex Ford
593d9a48d4 Ruby: configsig rb/reflected-xss 2023-09-03 17:20:05 +01:00
Alex Ford
ad2bbfb265 Ruby: configsig rb/path-injection 2023-09-03 17:20:05 +01:00
Alex Ford
867e47bcdd Ruby: renames for rb/log-injection 2023-09-03 17:20:04 +01:00
Alex Ford
d46eceb5f4 Ruby: configsig rb/kernel-open 2023-09-03 17:20:04 +01:00
Alex Ford
a8ad0d8ff5 Ruby: renames for rb/insecure-download 2023-09-03 17:20:04 +01:00
Alex Ford
c973fc1274 Ruby: configsig rb/http-to-file-access 2023-09-03 17:20:04 +01:00
Alex Ford
377570f361 Ruby: configsig rb/command-line-injection 2023-09-03 17:20:04 +01:00
Alex Ford
b1a49ddb0d Ruby: configsig rb/code-injection 2023-09-03 17:20:04 +01:00
Alex Ford
6fa267a820 Ruby: configsig rb/clear-text-storage-sensitive-data 2023-09-03 17:20:04 +01:00
Alex Ford
2a2f21d3a9 Ruby: configsig rb/clear-text-logging-sensitive-data 2023-09-03 17:20:04 +01:00
Alex Ford
ce35d6921f Ruby: configsig rb/hardcoded-data-interpreted-as-code 2023-08-31 16:20:18 +01:00
Tom Hvitved
525ed65b0b Rename getNode to getAstNode 2023-08-03 10:56:50 +02:00
Erik Krogh Kristensen
4f1c12e9dc apply suggestion from review 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2023-07-13 14:49:25 +02:00
erik-krogh
1fe66232c6 suggestions based on review: add a popular library example for HTML-sanitization, and use the old text about ../ replacements 2023-07-13 14:28:11 +02:00
Asger F
59c72836d3 Ruby: fix typo 2023-07-06 14:57:24 +02:00
Asger F
db58d32f7a Ruby: Add a query ID 2023-07-06 14:57:24 +02:00
Asger F
d123e5ba63 Ruby: add performance diagnostic query 2023-07-06 14:57:24 +02:00
Erik Krogh Kristensen
8676516cb9 recursively -> repeatedly 
Co-authored-by: Asger F <asgerf@github.com>
 2023-07-03 13:17:13 +02:00
erik-krogh
3e2b8124c9 apply suggestions from review 2023-07-03 10:03:45 +02:00
erik-krogh
bea4162736 delete multi-char note from the incomplete-sanitization qhelp 2023-07-03 09:10:54 +02:00
erik-krogh
a60478ba8a write qhelp for js/incomplete-multi-character-sanitization 2023-07-03 09:07:13 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Arthur Baars
7324d1705e Merge branch 'main' into amammad-ruby-YAMLunsafeLoad 2023-06-06 12:09:06 +02:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Harry Maclean
e70e3e52dc Ruby: fix typo in qhelp 2023-05-29 04:05:42 +00:00