hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,812 Commits 1,688 Branches 158 Tags
f3c7aed1f930ca418ea474a5895263d53589033d
Commit Graph

489 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a5d229903d Ruby: Autoformat 2023-03-10 09:41:20 +01:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Tom Hvitved
b6a709df50 Ruby: Rewrite Stored XSS query to use new data flow interface 2023-03-07 07:23:27 +01:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
gregxsunday
34b441c3cc move query to experimental folder 2023-02-23 12:12:04 +00:00
Grzegorz Niedziela
4ab6a7bdfd Merge branch 'github:main' into main 2023-02-23 10:50:15 +00:00
Grzegorz Niedziela
815b5a0312 add changelog file 2023-02-17 12:50:10 +00:00
Grzegorz Niedziela
c03ba2cc13 fix docs references 2023-02-17 12:50:01 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
gregxsunday
d1aaa9ad86 Add ZipSlip/TarSlip query for ruby 2023-02-16 11:24:15 +00:00
Erik Krogh Kristensen
2f404df17c Merge pull request #10782 from erik-krogh/rbPoly 
Ruby: add library input as a source for `rb/polynomial-redos`
 2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen
26d5fb2412 Merge pull request #11824 from erik-krogh/secondMissAnchor 
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
 2023-02-13 11:26:05 +01:00
erik-krogh
634087b417 Merge branch 'main' into rbPoly 2023-02-13 10:46:00 +01:00
Erik Krogh Kristensen
3ebac65167 apply change-note suggestions from doc review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-02-08 14:55:54 +01:00
erik-krogh
eb564760be improve qhelp based on doc review 2023-02-08 11:00:54 +01:00
erik-krogh
3545bb0819 adjust qhelp based on review 2023-02-03 10:50:18 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
erik-krogh
31743afa87 add change-note 2023-01-30 16:34:23 +01:00
erik-krogh
e01002368f add query detecting validators that use badly anchored regular expressions on library/remote input 2023-01-30 16:34:20 +01:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
erik-krogh
a017b7500b Merge branch 'main' into rbPoly 2023-01-24 20:51:36 +01:00
erik-krogh
7c6ee5f293 Merge branch 'main' into unsafeHtmlConstruction 2023-01-23 15:01:01 +01:00
Erik Krogh Kristensen
32c4cf5769 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-23 14:58:04 +01:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
erik-krogh
8251ad5e99 add unsafe-html-construction query 2023-01-17 15:35:17 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Tony Torralba
c9d1cd97fb Ruby: Remove omittable exists variables 2023-01-10 13:39:49 +01:00
Erik Krogh Kristensen
f2658a0936 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-01-10 12:56:22 +01:00
Erik Krogh Kristensen
5157d4df7b Merge pull request #11581 from erik-krogh/stdin 
Rb: add stdin as source for unsafe-deserialization
 2023-01-09 13:57:47 +01:00
github-actions[bot]
cdb8f67601 Post-release preparation for codeql-cli-2.12.0 2023-01-06 10:36:34 +00:00
erik-krogh
0a1769657d add change-note 2023-01-06 09:09:09 +01:00
erik-krogh
0e6028a7f3 add stdin as source for unsafe-deserialization 2023-01-06 09:04:36 +01:00
Erik Krogh Kristensen
d9176541c6 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-05 20:02:54 +01:00
Nick Rolfe
6e07076151 tweak wording in 2.12 release notes 2023-01-05 16:46:44 +00:00
github-actions[bot]
b6a8193785 Release preparation for version 2.12.0 2023-01-05 16:32:14 +00:00
erik-krogh
3811eae679 simplify the qhelp for unsafe-code-construction 
The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".
 2023-01-02 13:33:56 +01:00
erik-krogh
3815a5a096 fix qhelp syntax 2023-01-02 10:19:05 +01:00
Harry Maclean
a6571a05ab Ruby: Include send example in qhelp 2022-12-28 11:34:55 +13:00
Harry Maclean
d3812f5906 Ruby: Add another code injection example to qhelp 2022-12-28 11:20:56 +13:00
Arthur Baars
035ad65e43 AlertSuppression: move library into util folder 2022-12-21 10:39:57 +01:00
Arthur Baars
a8be5d7274 AlertSuppression: add change notes 2022-12-19 17:02:52 +01:00
Arthur Baars
c176606be5 AlertSuppression: allow //lgtm comments to scope over the next line 2022-12-19 16:10:26 +01:00
Arthur Baars
016c7a8ca7 Merge pull request #11719 from aibaars/alert-suppression-shared 
Shared AlertSuppression library
 2022-12-19 16:04:44 +01:00
Erik Krogh Kristensen
f136651384 Merge pull request #11575 from erik-krogh/kernelLoad 
Rb: add Kernel methods as sinks to path-injection
 2022-12-19 15:09:21 +01:00
Arthur Baars
621a108846 Ruby: use shared AlertSuppression.qll 2022-12-19 12:26:06 +01:00