codeql

mirror of https://github.com/github/codeql.git synced 2025-12-27 06:06:32 +01:00

Author	SHA1	Message	Date
erik-krogh	7797211118	Merge branch 'main' into unsafeRbCmd	2022-10-20 10:34:17 +02:00
Harry Maclean	eddb8493d8	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-10-17 09:34:44 +13:00
Harry Maclean	545222d1e9	Ruby: Add change note	2022-10-17 08:17:37 +13:00
Alex Ford	3baad89e57	Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query	2022-10-14 10:50:09 +01:00
Erik Krogh Kristensen	332bc35ff1	Merge pull request #10708 from erik-krogh/kernelSink RB: add a query flagging uses of `Kernel.open()` that are not with a constant string	2022-10-14 09:13:26 +02:00
Alex Ford	3d478a3951	Ruby: clarify qhelp	2022-10-13 22:39:54 +01:00
Alex Ford	15cab6eed5	Update ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.qhelp Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-13 21:43:59 +01:00
Josh Soref	8078f91b28	spelling: mapping Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Josh Soref	2648cb0322	spelling: injection Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 10:56:41 -04:00
Asger F	d28b9af8bd	Merge pull request #10791 from asgerf/rb/rails-render-file Ruby: treat render 'file:' argument as a file system access	2022-10-12 21:18:32 +02:00
Asger F	7bfb3497eb	Ruby: change note	2022-10-12 14:29:34 +02:00
Jeroen Ketema	d389a183f0	Merge pull request #10743 from jsoref/spelling Spelling	2022-10-12 12:48:22 +02:00
erik-krogh	cadb948d57	add change-note	2022-10-11 13:26:03 +02:00
erik-krogh	d427e55507	add qhelp	2022-10-11 13:26:03 +02:00
erik-krogh	557dd10896	add a `rb/unsafe-shell-command-construction` query	2022-10-11 13:26:01 +02:00
Erik Krogh Kristensen	7d282c3d75	fix casing in alert-message Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-11 11:12:59 +02:00
erik-krogh	9a9d2a6fe1	Merge branch 'main' into rb-last-msg	2022-10-11 10:43:39 +02:00
erik-krogh	de3b15ebe9	add a query flagging uses of Kernel.open that are not with a constant string	2022-10-11 09:23:29 +02:00
Josh Soref	b5bed9cbf5	spelling: explicitly Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	cbea5ec40c	spelling: executables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:36 -04:00
Josh Soref	6db36616cd	spelling: arbitrary Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 00:23:35 -04:00
erik-krogh	38c17c5d0c	Merge branch 'main' into rbMeta	2022-10-10 12:22:56 +02:00
Alex Ford	43fec9dfc8	Revert "Ruby: switch rb/sensitive-get-query back to using local flow" This reverts commit `fa58c51810`.	2022-10-09 13:06:13 +01:00
Alex Ford	139d3868e5	Merge branch 'main' into rb/sensitive-get-query	2022-10-09 12:26:44 +01:00
github-actions[bot]	b8ef9e0ddc	Post-release preparation for codeql-cli-2.11.1	2022-10-07 15:59:45 +00:00
erik-krogh	cbeefd418b	add change-note	2022-10-07 13:47:32 +02:00
erik-krogh	5d9c68c962	remove the taint-steps meta query	2022-10-07 13:21:24 +02:00
erik-krogh	a0725fba71	fix some more style-guide violations in the alert-messages	2022-10-07 12:01:03 +02:00
github-actions[bot]	a02dcdc5e1	Release preparation for version 2.11.1	2022-10-07 02:20:28 +00:00
erik-krogh	c1fae91a1f	have rb/meta/taint-steps print only one for each file, to limit the size of the output	2022-10-06 15:19:11 +02:00
erik-krogh	169965cfb9	make rb/meta/taint-steps into a @kind problem query	2022-10-06 13:28:10 +02:00
erik-krogh	db056aae1b	add some more meta queries for Ruby evaluations	2022-10-06 10:14:28 +02:00
Henry Mercer	d80d39504f	Tag successfully extracted files queries Tag the successfully extracted files queries with `successfully-extracted-files` to make them easier to identify programmatically in a language-independent way. This follows the prior art for lines of code queries, which are tagged `lines-of-code`.	2022-10-05 19:19:43 +01:00
Alex Ford	fa58c51810	Ruby: switch rb/sensitive-get-query back to using local flow	2022-10-05 15:58:05 +01:00
Alex Ford	dea53d86c9	Ruby: remove some redundant imports of DataFlow	2022-10-05 13:22:19 +01:00
Alex Ford	d64f8c73be	Merge branch 'main' into rb/sensitive-get-query	2022-10-05 12:59:35 +01:00
Alex Ford	880fb2b14a	Ruby: split out rb/sensitive-get-query using query/customizations pattern	2022-10-05 11:59:40 +01:00
Nick Rolfe	525fe12671	Merge pull request #10585 from github/nickrolfe/libxml-xxe Ruby: detect uses of LibXML with entity substitution enabled by default	2022-10-05 09:51:39 +01:00
Alex Ford	703829c647	Ruby: use taint tracking for rb/sensitive-get-query	2022-10-04 15:04:41 +01:00
Erik Krogh Kristensen	5ba7c13ecd	fix alert-message by adding the link Co-authored-by: Arthur Baars <aibaars@github.com>	2022-10-04 13:50:25 +02:00
erik-krogh	d370b2a51e	simplify the where clause of `rb/kernel-open`	2022-10-04 13:49:50 +02:00
erik-krogh	bf74481f65	add a link to the source in the alert-message for `rb/kernel-open`	2022-10-04 13:41:50 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from `internal/Module.qll` and make sure they are cached	2022-09-30 14:56:55 +02:00
Nick Rolfe	8ca1e1b2d1	Ruby: add changenote for XXE improvements	2022-09-27 16:11:41 +01:00
github-actions[bot]	6cef0af5df	Post-release preparation for codeql-cli-2.11.0	2022-09-23 21:01:40 +00:00
github-actions[bot]	f5cf8cffa3	Release preparation for version 2.11.0	2022-09-22 20:14:12 +00:00
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Nick Rolfe	ee34ac5394	Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-22 10:59:49 +01:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Nick Rolfe	2edbc16829	Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-21 13:01:21 +01:00

1 2 3 4 5 ...

377 Commits