hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 08:23:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,589 Commits 1,693 Branches 160 Tags
ec58107439af237c8d106925600ca2cff11f9e8a
Commit Graph

148 Commits

Author SHA1 Message Date
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
Nick Rolfe
95bf18fdc9 Ruby: make hex-escaped strings ("\xCD\xEF" etc.) sources of hardcoded data 2022-08-26 09:33:03 +01:00
Nick Rolfe
acf5b11139 Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code 2022-08-25 11:44:55 +01:00
erik-krogh
7e0bd5bde4 update expected output of tests 2022-08-22 21:41:47 +02:00
Harry Maclean
70ec70940a Merge pull request #8142 from github/hmac/incomplete-multi-char-sanitization 2022-08-18 10:02:39 +12:00
Alex Ford
d4d6657cb7 Merge pull request #10008 from alexrford/rb/log-injection 
Ruby: Add `rb/log-injection` query
 2022-08-17 15:01:22 +01:00
Harry Maclean
f1a546c4d6 Rename IncompleteMultiCharacterSanitization[Query] 2022-08-17 16:03:49 +12:00
Harry Maclean
f2384a6a8f Ruby: Share more code with JS 2022-08-17 16:03:49 +12:00
Harry Maclean
025e34d8e1 Ruby: Simplify imports 2022-08-17 16:03:48 +12:00
Harry Maclean
b7d9bf4066 Share IncompleteMultiCharacterSanitization JS/Ruby 
Most of the classes and predicates in this query can be shared between
the two languages. There's just a few language-specific things that we
place in IncompleteMultiCharacterSanitizationSpecific.
 2022-08-17 16:03:46 +12:00
Harry Maclean
c234bd94d1 Ruby: IncompleteMultiCharacterSanitization Query 
This query is similar to IncompleteSanitization but for multi-character
sequences.
 2022-08-17 16:02:48 +12:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Alex Ford
44c4b9ba5c Ruby: add rb/log-injection test cases 2022-08-10 16:17:37 +01:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Nick Rolfe
6356b20928 Ruby: port js/hardcoded-data-interpreted-as-code 2022-07-26 16:05:22 +01:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Erik Krogh Kristensen
2e295e4a04 filter out potential misparses from rb/suspicious-regexp-range 2022-06-29 13:16:28 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Harry Maclean
101111bd2f Merge pull request #9574 from hmac/hmac/action-cable-logger 
Ruby: More Rails modeling
 2022-06-27 19:56:54 +12:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
thiggy1342
c5bf1b8aab update test expectation 2022-06-20 17:27:33 +00:00
thiggy1342
7932d3e4ab Update ruby/ql/test/query-tests/security/decompression-api/DecompressionApi.expected 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 11:05:56 -04:00
thiggy1342
b4c893d857 Update ruby/ql/test/query-tests/security/decompression-api/decompression_api.rb 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-06-20 09:50:12 -04:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
thiggy1342
7c2b19baad tweaks and add Zip::File.open_buffer to query 2022-06-17 02:43:54 +00:00
thiggy1342
01cb408393 Merge branch 'main' into experimental-decompression-api 2022-06-16 17:23:55 -04:00
thiggy1342
b078430faf add Zip::File.new query to tests 2022-06-16 00:51:50 +00:00
thiggy1342
0281dbd532 remove Zip::Entry.extract from query 2022-06-16 00:04:31 +00:00
thiggy1342
0fce620536 Merge branch 'main' into experimental-decompression-api 2022-06-14 21:54:08 -04:00
thiggy1342
df226ee610 remove standalone archive api query 2022-06-15 01:39:47 +00:00
thiggy1342
0832e299f2 move archive api path traversal tests to cwe-022 2022-06-15 01:39:47 +00:00
thiggy1342
af6fbd439c Merge branch 'main' into experimental-archive-api 2022-06-14 20:09:02 -04:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
thiggy1342
c7e67eb2e2 expand test coverage for sanitizers 2022-06-10 21:30:41 +00:00
thiggy1342
62291124ff remove constraint for Zip::File.open 2022-06-06 21:20:44 +00:00
thiggy1342
3c62271dba fix casing of Api 2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8 add archive api file open query and test 2022-06-06 21:09:57 +00:00
thiggy1342
c5db11ee2e use select placeholder correctly 2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07 Fix test syntax for sanitizer tests 2022-06-04 16:33:18 +00:00
thiggy1342
c5dc8779d1 Increased query robustness and test coverage 2022-06-03 18:05:56 +00:00
thiggy1342
09f082081f Simple tests passing 2022-05-28 23:29:58 +00:00
thiggy1342
39baadbdd2 test ql packs must be in the security directory 2022-05-28 23:19:32 +00:00
Tom Hvitved
a7b39ebeca Ruby: Flow through hash-splat parameters 2022-05-25 12:37:22 +02:00
Tom Hvitved
faf24a4f18 Ruby: Data-flow through hashes 2022-05-24 14:27:55 +02:00
Arthur Baars
68aeb2ba85 Update test output 2022-05-20 16:30:58 +02:00
Alex Ford
4752c45fe5 ruby: update rb/weak-cryptographic-algorithm to specify the block mode if appropriate 2022-05-13 16:32:30 +01:00
Harry Maclean
ba1d43dd42 Merge pull request #8658 from hmac/hmac/insecure-download 
Ruby: Add InsecureDownload query
 2022-04-28 11:07:35 +12:00