hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 07:12:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,550 Commits 1,684 Branches 159 Tags
e5b17af9b5841d8b8461c24a8f7d8d479ea0105e
Commit Graph

3448 Commits

Author SHA1 Message Date
Arthur Baars
fad73d71e5 Merge pull request #13307 from hmac/amammad-ruby-YAMLunsafeLoad 
Ruby: Add YAML unsafe deserialization sinks
 2023-06-12 10:43:37 +02:00
Anders Schack-Mulligen
1b7bbf6320 Merge pull request #13083 from aschackmull/dataflow/typestrengthen 
Dataflow: Strengthen tracked types.
 2023-06-09 13:23:30 +02:00
Asger F
bdbbde347e Merge pull request #13407 from asgerf/rb/restrict-orm-tracking 
Ruby: restrict ORM tracking to calls
 2023-06-09 09:13:01 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
53f2b8aab0 Dataflow: Sync. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
fd832416d8 Dataflow: Add empty type strengthening predicate for languages without type pruning. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
e8cea79f1d Dataflow: Sync. 2023-06-09 08:37:35 +02:00
Asger F
74a9d9fa37 Revert "Ruby: update tree-sitter-ruby" 2023-06-08 15:29:36 +02:00
Asger F
d6741f655d Ruby: restrict ORM tracking to calls 2023-06-08 14:01:51 +02:00
Alex Ford
22b9ab43c6 Merge pull request #13259 from alexrford/rb/actiondispatch-refactor 
Ruby: Refactor and slightly expand `ActionDispatch` modelling
 2023-06-08 11:08:36 +01:00
Tom Hvitved
cee70883f0 Merge pull request #12964 from hvitved/ruby/remove-synth-returns 
Ruby: Remove canonical return nodes
 2023-06-08 10:07:48 +02:00
Arthur Baars
dcd254adf8 Merge pull request #13399 from aibaars/update-ruby-grammar 
Ruby: update tree-sitter-ruby
 2023-06-07 19:53:33 +02:00
Arthur Baars
0efa212c40 Ruby: update tree-sitter-ruby 2023-06-07 19:27:46 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tom Hvitved
88c5700c24 Ruby: Use CallGraphConstruction in call graph construction 2023-06-07 09:02:03 +02:00
Tom Hvitved
4bf124bffe Ruby/Python: Add CallGraphConstruction module for recursive type-tracking based call graph construction 2023-06-07 09:02:03 +02:00
Arthur Baars
7324d1705e Merge branch 'main' into amammad-ruby-YAMLunsafeLoad 2023-06-06 12:09:06 +02:00
Alex Ford
c95cf5ad6f Merge pull request #13062 from maikypedia/maikypedia/sqli-sink 
Ruby: Add MySQL as SQL Injection Sink
 2023-06-02 17:06:35 +01:00
Erik Krogh Kristensen
219ec9d05d Merge pull request #13127 from erik-krogh/polReDoS 
ReDoS: revert new superlinear algorithm.
 2023-06-02 16:10:24 +02:00
Jeroen Ketema
5f64354a70 Merge pull request #13353 from jketema/expecation 
Fix typo in spelling of expectation
 2023-06-02 12:29:49 +02:00
erik-krogh
ac9ede4ec0 add change-notes 2023-06-02 11:58:11 +02:00
erik-krogh
c3e57382f7 Ruby: fix compilation 2023-06-02 11:58:08 +02:00
erik-krogh
44b6366586 delete old deprecations 2023-06-02 11:58:08 +02:00
Jeroen Ketema
7b17b92aca Fix typo in spelling of expectation 2023-06-02 10:36:11 +02:00
Alex Ford
6fa9e13a2e Ruby: update TaintStep output 2023-06-01 16:27:20 +01:00
Alex Ford
606d601923 qlformat 2023-06-01 16:26:05 +01:00
Alex Ford
d09f6d318c Merge branch 'main' into maikypedia/sqli-sink 2023-06-01 15:02:44 +01:00
Alex Ford
40cf09996a Merge pull request #13066 from maikypedia/maikypedia/sqli-sink-2 
Ruby: Add Sequel as SQL Injection Sink
 2023-06-01 15:01:38 +01:00
Erik Krogh Kristensen
96a720cfa0 Merge pull request #13285 from erik-krogh/redoshelp 
ReDoS: fix whitespace in the samples in ReDoS.qhelp
 2023-06-01 15:53:58 +02:00
Alex Ford
7d943c7621 Ruby: update test output 2023-06-01 13:50:32 +01:00
Alex Ford
4794066d3c Merge branch 'main' into maikypedia/sqli-sink-2 2023-06-01 13:04:54 +01:00
Maiky
7579f182ad Add requested changes 2023-06-01 11:00:35 +02:00
Maiky
13ce6a6d8e Update Frameworks.qll 2023-06-01 00:53:01 +02:00
Arthur Baars
c211b704f3 Merge pull request #13272 from github/post-release-prep/codeql-cli-2.13.3 
Post-release preparation for codeql-cli-2.13.3
 2023-05-31 15:33:12 +02:00
Michael Nebel
2266e28583 Merge pull request #13262 from michaelnebel/flowsummary/refactorgetcomponentstack 
C#: Re-factor getComponent.
 2023-05-31 08:22:44 +02:00
Arthur Baars
490d22d123 Merge remote-tracking branch 'upstream/main' into post-release-prep/codeql-cli-2.13.3 2023-05-30 21:31:28 +02:00
Arthur Baars
d91fa2d038 Ruby: add print-cfg query 2023-05-30 17:30:04 +02:00
Harry Maclean
e70e3e52dc Ruby: fix typo in qhelp 2023-05-29 04:05:42 +00:00
Harry Maclean
ca1024e285 Ruby: Reword unsafe deserialization qhelp 2023-05-29 03:46:30 +00:00
Harry Maclean
e515981c81 Ruby: Remove unused examples 2023-05-27 12:01:00 +00:00
Harry Maclean
562065f29e Ruby: Add change note 2023-05-27 01:20:09 +00:00
Harry Maclean
b8c3cba4ff Ruby: Consolidate unsafe deserialization queries 
Merge the experimental YAMLUnsafeDeserialization and
PlistUnsafeDeserialization queries into the generate
UnsafeDeserialization query in the default suite.

These queries look for some specific sinks that we now find in the
general query.

Also apply some small code and comment refactors.
 2023-05-27 01:20:04 +00:00
amammad
d727d573d5 v4.2 write exact version of yaml.load default loader change 2023-05-27 01:15:29 +00:00
amammad
40e24b6b94 v4.1 fix file names in qhelp 2023-05-27 01:15:29 +00:00
amammad
335441ce04 v4: make variable names camelCase, some inhancement, remove some duplicates 2023-05-27 01:15:29 +00:00
amammad
e76ed9454a v3 add global taint steps for to_ruby of YAML/Psych 2023-05-27 01:15:24 +00:00
amammad
ad7e107ff5 add the new YAML/PLIST sinks into the existing rb/unsafe-deserialization query 2023-05-27 01:14:36 +00:00
amammad
b9296d3df8 v2.1 fix file names 2023-05-27 01:14:36 +00:00
amammad
4360a56b45 v2 add plist.parse_xml as a dangerous sink and enhancements on documents 2023-05-27 01:14:36 +00:00