codeql

mirror of https://github.com/github/codeql.git synced 2025-12-25 21:26:37 +01:00

Author	SHA1	Message	Date
Harry Maclean	ece196cb25	Ruby: Update model editor tests	2023-12-08 14:52:51 +00:00
Harry Maclean	1dc0a063b0	Merge pull request #14679 from hmac/hmac-model-editor-ruby Ruby: Experimental model editor support	2023-12-08 11:03:38 +00:00
Harry Maclean	d630773575	Merge pull request #14627 from alexrford/rb/update_all_sink Ruby: refine `ActiveRecord` `update_all` as an SQL sink	2023-12-04 13:02:14 +00:00
Harry Maclean	bd575db254	Ruby: Add test for FrameworkModeEndpoints query	2023-11-27 14:18:18 +00:00
Alex Ford	8db23dc775	Ruby: refine ActiveRecord update_all as an SQL sink	2023-10-30 09:47:16 +00:00
Alex Ford	013e7aae97	Ruby: test whitespace changes	2023-10-30 09:32:44 +00:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	f42bd28ca9	Port changes to Ruby.	2023-10-26 15:06:45 +01:00
Alex Ford	22850b28df	Ruby: update alert message test output	2023-10-16 13:08:49 +01:00
Alex Ford	3dd042c38a	Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt	2023-10-16 12:42:19 +01:00
Harry Maclean	1297acf5b1	Merge pull request #14216 from hmac/hmac-graphql-enum Ruby: Restrict GraphQL remote flow sources	2023-10-13 11:31:50 +01:00
Harry Maclean	5411123b8a	Ruby: Fix GraphQL test	2023-09-14 14:14:26 +01:00
Tom Hvitved	e258324960	Ruby: Allow for implicit array reads at all sinks during taint tracking	2023-09-14 09:40:05 +02:00
Alex Ford	79c305c1a1	Merge pull request #14124 from alexrford/rb/dataflow-query-refactor Ruby: Use the new dataflow API for checked in queries	2023-09-13 14:24:47 +01:00
Alex Ford	5b013dd5d2	Merge branch 'main' into rb/dataflow-query-refactor	2023-09-07 14:57:38 +01:00
Tom Hvitved	48e2dcfa35	Ruby: Reimplement flow through captured variables using field flow	2023-09-06 11:00:55 +02:00
Alex Ford	cdc788b162	Ruby: configsig rb/hardcoded-credentials	2023-09-03 17:20:06 +01:00
Alex Ford	b6d12f8b1c	Ruby: configsig rb/zip-slip	2023-09-03 17:20:05 +01:00
Alex Ford	42cd58695d	Ruby: configsig rb/url-redirection	2023-09-03 17:20:05 +01:00
Alex Ford	593d9a48d4	Ruby: configsig rb/reflected-xss	2023-09-03 17:20:05 +01:00
Alex Ford	a8ad0d8ff5	Ruby: renames for rb/insecure-download	2023-09-03 17:20:04 +01:00
Tom Hvitved	7e77c77d92	Ruby: Update expected test output	2023-08-30 13:33:48 +02:00
Alex Ford	9957e2683b	Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth Ruby: Add Improper LDAP Authentication query (CWE-287)	2023-08-25 20:52:34 +01:00
Maiky	17565cde75	Add JWT Security Queries	2023-08-25 21:28:53 +02:00
Maiky	ffd618d6cc	Revert "Add `""` and `nil` as sources" This reverts commit `664c1eba72`.	2023-08-25 15:23:55 +02:00
Harry Maclean	d18ca3f5d7	Ruby: Fix bug in excon model If a codebase included a definition for `Excon.new`, we matched connection nodes to unrelated request nodes.	2023-08-23 12:55:36 +01:00
Maiky	664c1eba72	Add `""` and `nil` as sources	2023-08-22 18:10:33 +02:00
erik-krogh	92db7b047c	escape unicode chars in the output for the ReDoS queries	2023-08-08 00:15:54 +02:00
Maiky	6f1b406b3a	typo Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-08-03 17:08:10 +02:00
Maiky	0237f37842	typo Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-08-03 17:07:58 +02:00
Maiky	c54561e775	Merge branch 'main' into maikypedia/ldap-improper-auth	2023-08-03 16:49:30 +02:00
Alex Ford	af854749d7	Ruby: update Ldapinjection test output	2023-07-31 16:08:15 +01:00
Alex Ford	f437a6f729	Merge branch 'main' into maikypedia/ldap-injection	2023-07-31 16:00:41 +01:00
Maiky	2d88ac1846	Suggested Changes	2023-07-27 23:40:52 +02:00
Anders Schack-Mulligen	ae24d68b5d	C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output.	2023-07-19 11:41:15 +02:00
Alex Ford	d89c10dd85	Merge pull request #13130 from maikypedia/maikypedia/xpath-injection Ruby : XPath Injection Query (CWE-643)	2023-07-14 14:10:09 +01:00
Alex Ford	a524735236	Merge branch 'main' into maikypedia/ldap-injection	2023-07-14 12:05:17 +01:00
Asger F	86b5f0adc7	Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" This reverts commit `133de56ac2`, reversing changes made to `28a8e48351`.	2023-07-07 09:42:34 +02:00
Asger F	5d1a437e9c	Revert "Ruby: overhaul API graphs"	2023-06-29 15:39:19 +02:00
Asger F	0039cb141e	Merge branch 'main' into rb/tracking-on-demand	2023-06-23 12:55:54 +02:00
Asger F	f392af220b	Ruby: benign changes to SQLi tests (fixed FNs)	2023-06-19 12:15:57 +02:00
Asger F	ce0073b30c	Ruby: update StoredXSS test results These results were previously flagged for the wrong reason. Calls to a user-define method were seen as ORM calls. The real source is inside the user-defined method, but we miss that due to lack of 'self' handling in ORM tracking.	2023-06-19 12:15:57 +02:00
Jeroen Ketema	d82c3ce11a	Ruby: Rewrite `InlineFlowTest` as a parameterized module	2023-06-15 10:52:23 +02:00
Jeroen Ketema	c3ba206b6a	Merge pull request #13346 from jketema/inline-2 Update inline expectation tests to use parameterized module	2023-06-13 10:10:55 +02:00
Jeroen Ketema	4485560f43	Ruby: Rewrite inline expectation tests to use parameterized module	2023-06-09 10:43:05 +02:00
Arthur Baars	7324d1705e	Merge branch 'main' into amammad-ruby-YAMLunsafeLoad	2023-06-06 12:09:06 +02:00
Erik Krogh Kristensen	219ec9d05d	Merge pull request #13127 from erik-krogh/polReDoS ReDoS: revert new superlinear algorithm.	2023-06-02 16:10:24 +02:00
Maiky	62353122c0	Add Improper LDAP Authentication query (CWE-287)	2023-05-29 21:16:13 +02:00
Maiky	d45d046fa7	Add test file and .expected	2023-05-28 17:29:34 +02:00
Harry Maclean	b8c3cba4ff	Ruby: Consolidate unsafe deserialization queries Merge the experimental YAMLUnsafeDeserialization and PlistUnsafeDeserialization queries into the generate UnsafeDeserialization query in the default suite. These queries look for some specific sinks that we now find in the general query. Also apply some small code and comment refactors.	2023-05-27 01:20:04 +00:00

1 2 3 4 5 ...

453 Commits