codeql

mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00

Author	SHA1	Message	Date
Asger F	d28b9af8bd	Merge pull request #10791 from asgerf/rb/rails-render-file Ruby: treat render 'file:' argument as a file system access	2022-10-12 21:18:32 +02:00
Asger F	7bfb3497eb	Ruby: change note	2022-10-12 14:29:34 +02:00
Jeroen Ketema	d389a183f0	Merge pull request #10743 from jsoref/spelling Spelling	2022-10-12 12:48:22 +02:00
Erik Krogh Kristensen	7d282c3d75	fix casing in alert-message Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-11 11:12:59 +02:00
erik-krogh	9a9d2a6fe1	Merge branch 'main' into rb-last-msg	2022-10-11 10:43:39 +02:00
Josh Soref	b5bed9cbf5	spelling: explicitly Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	cbea5ec40c	spelling: executables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
erik-krogh	38c17c5d0c	Merge branch 'main' into rbMeta	2022-10-10 12:22:56 +02:00
github-actions[bot]	b8ef9e0ddc	Post-release preparation for codeql-cli-2.11.1	2022-10-07 15:59:45 +00:00
erik-krogh	cbeefd418b	add change-note	2022-10-07 13:47:32 +02:00
erik-krogh	5d9c68c962	remove the taint-steps meta query	2022-10-07 13:21:24 +02:00
erik-krogh	a0725fba71	fix some more style-guide violations in the alert-messages	2022-10-07 12:01:03 +02:00
github-actions[bot]	a02dcdc5e1	Release preparation for version 2.11.1	2022-10-07 02:20:28 +00:00
erik-krogh	c1fae91a1f	have rb/meta/taint-steps print only one for each file, to limit the size of the output	2022-10-06 15:19:11 +02:00
erik-krogh	169965cfb9	make rb/meta/taint-steps into a @kind problem query	2022-10-06 13:28:10 +02:00
erik-krogh	db056aae1b	add some more meta queries for Ruby evaluations	2022-10-06 10:14:28 +02:00
Henry Mercer	d80d39504f	Tag successfully extracted files queries Tag the successfully extracted files queries with `successfully-extracted-files` to make them easier to identify programmatically in a language-independent way. This follows the prior art for lines of code queries, which are tagged `lines-of-code`.	2022-10-05 19:19:43 +01:00
Nick Rolfe	525fe12671	Merge pull request #10585 from github/nickrolfe/libxml-xxe Ruby: detect uses of LibXML with entity substitution enabled by default	2022-10-05 09:51:39 +01:00
Erik Krogh Kristensen	5ba7c13ecd	fix alert-message by adding the link Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-04 13:50:25 +02:00
erik-krogh	d370b2a51e	simplify the where clause of `rb/kernel-open`	2022-10-04 13:49:50 +02:00
erik-krogh	bf74481f65	add a link to the source in the alert-message for `rb/kernel-open`	2022-10-04 13:41:50 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from `internal/Module.qll` and make sure they are cached	2022-09-30 14:56:55 +02:00
Nick Rolfe	8ca1e1b2d1	Ruby: add changenote for XXE improvements	2022-09-27 16:11:41 +01:00
github-actions[bot]	6cef0af5df	Post-release preparation for codeql-cli-2.11.0	2022-09-23 21:01:40 +00:00
github-actions[bot]	f5cf8cffa3	Release preparation for version 2.11.0	2022-09-22 20:14:12 +00:00
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Nick Rolfe	ee34ac5394	Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-22 10:59:49 +01:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Nick Rolfe	2edbc16829	Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-21 13:01:21 +01:00
Tom Hvitved	a9f2e5272f	Merge pull request #10376 from hvitved/ruby/no-ast-by-default Ruby: Do not expose AST layer through `ruby.qll`	2022-09-21 13:15:30 +02:00
Erik Krogh Kristensen	7e17a919ae	Merge pull request #10304 from erik-krogh/rb-followMsg RB: make the alert messages of taint-tracking queries more consistent	2022-09-20 22:58:31 +02:00
Andrew Eisenberg	58e4861b45	Merge branch 'main' into rc/3.7	2022-09-20 12:43:20 -07:00
github-actions[bot]	67ce442674	Post-release preparation for codeql-cli-2.10.5	2022-09-16 14:23:44 +00:00
Tom Hvitved	007ab2b7ce	Ruby: Do not expose AST layer through `ruby.qll`	2022-09-13 19:59:56 +02:00
erik-krogh	063c76b6d1	apply suggestions from review	2022-09-13 10:52:23 +02:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
github-actions[bot]	a9d80a5a48	Release preparation for version 2.10.5	2022-09-08 11:35:54 +00:00
erik-krogh	79a048968e	make the alert messages of taint-tracking queries more consistent	2022-09-07 12:22:50 +02:00
Rasmus Wriedt Larsen	a9e1e72196	Merge branch 'main' into shared-http-client-request	2022-09-06 10:52:27 +02:00
Edoardo Pirovano	8f332714f4	Merge pull request #10260 from github/edoardo/3.7-mergeback Merge `rc/3.7` into `main`	2022-09-01 15:44:17 +01:00
Nick Rolfe	898689f550	Merge pull request #9896 from github/nickrolfe/hardcoded_code Ruby: port js/hardcoded-data-interpreted-as-code	2022-08-26 13:49:25 +01:00
github-actions[bot]	3b4ad3c4f1	Post-release preparation for codeql-cli-2.10.4	2022-08-26 09:32:11 +00:00
github-actions[bot]	0f63bc077f	Release preparation for version 2.10.4	2022-08-25 12:52:26 +00:00
Nick Rolfe	acf5b11139	Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code	2022-08-25 11:44:55 +01:00
erik-krogh	1c0f2251e2	Merge branch 'main' into msgConsis	2022-08-24 14:38:57 +02:00
erik-krogh	f7846a598e	add change-notes	2022-08-23 07:54:01 +02:00
erik-krogh	df9a9f4a56	update rb/stored-css to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	9b257bfa9e	update rb/reflected-xss to match javascript	2022-08-22 21:41:47 +02:00
erik-krogh	778879908e	update rb/code-injection to match python	2022-08-22 21:41:46 +02:00

1 2 3 4 5 ...

351 Commits