hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,921 Commits 1,697 Branches 161 Tags
f577e973bc6c52bc06629e29ae235dc630935ef6
Commit Graph

1673 Commits

Author SHA1 Message Date
Owen Mansel-Chan
f577e973bc Update other test in same folder 2026-02-18 13:39:06 +00:00
Owen Mansel-Chan
eb7f1989c7 Reinstate ql model for String#shellescape 2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c Add MaD barriers for Shellwords.escape and shellescape 
Note that this will only block flow for queries that use the kind `command-injection`.
 2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb Reinstate SQLite3 sanitizer in MaD 2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9 Move SQLite3 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a Improve Sqlite3 test 2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038 Reinstate Mysql2 sanitizer in MaD 2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3 Move Mysql2 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757 Improve Mysql2 test 2026-02-17 22:27:00 +00:00
Simon Friis Vindum
bf02e478fd Rust: Comment out tests with parse errors 2026-02-12 14:49:09 +01:00
Simon Friis Vindum
218585b52a Ruby: Add additonal tests with operators at the start of lines 2026-02-12 12:30:43 +01:00
Simon Friis Vindum
a27d20dbcd Rust: Add test cases for binary operator at start of line 2026-02-12 09:31:59 +01:00
Tom Hvitved
b974a84bef Merge pull request #21051 from hvitved/shared/flow-summary-provenance-filtering 
Shared: Provenance-based filtering of flow summaries
 2026-01-26 17:24:34 +01:00
Tom Hvitved
c975ae5231 Ruby: Adapt to changes in FlowSummaryImpl 2026-01-26 12:40:14 +01:00
yoff
b08c972cc3 ruby: Add back sanitizer as MaD model 2026-01-22 17:30:24 +01:00
yoff
15980cb1da ruby: remove sanitizer to be replaced by MaD model 2026-01-22 17:30:24 +01:00
yoff
3dbfb9fa4b python: add machinery for MaD barriers 
and reinstate previously removed barrier
now as a MaD row
 2026-01-22 17:30:24 +01:00
Owen Mansel-Chan
2cfafe53ca Fix failing ruby crypto test that lists all algorithms 2025-11-19 14:36:26 +00:00
Chad Bentz
46d330cb21 Merge branch 'ruby-framework-grape' of github.com:felickz/codeql into ruby-framework-grape 2025-09-23 10:40:46 -04:00
Chad Bentz
37e0c30842 Add expected output for VariablesConsistency test case 2025-09-23 10:40:30 -04:00
Chad Bentz
7a9a259c03 Merge branch 'main' into ruby-framework-grape 2025-09-22 19:29:36 -04:00
Chad Bentz
89fd9694ce codeql query format 2025-09-22 19:25:05 -04:00
Chad Bentz
0665c39a07 Refactor GrapeHelperMethod constructor to reuse getHelperSelf to traverse dataflow instead of AST 
- add tests to check for nested helpers
 2025-09-22 19:08:34 -04:00
Chad Bentz
f4bbbc346f Refactor Grape framework to be encapsulated properly in Module 2025-09-19 19:06:50 -04:00
Chad Bentz
89e9ee43c0 Convert from GrapeHelperMethodTaintStep extends AdditionalTaintStep to a simplified GrapeHelperMethodTarget extends AdditionalCallTarget 2025-09-19 18:28:45 -04:00
Anders Schack-Mulligen
d93b2edc0d Ruby: Accept test changes. 2025-09-18 08:13:43 +02:00
Chad Bentz
c5e3be2c4c Grape - detect params calls inside helper methods 
- added unit tests for flow using inline format
- removed grape from Arel tests (temporary)
 2025-09-16 17:09:18 -04:00
Chad Bentz
ffd32efba2 codeql query format 2025-09-16 09:08:07 -04:00
Chad Bentz
a8d4d6b563 Apply naming standards + changenote 2025-09-15 22:02:03 -04:00
Chad Bentz
5cfa6e83b3 Add support for route parameters(+ blocks), headers, and cookies in Grape API 2025-09-12 22:51:47 -04:00
Chad Bentz
3252bd39d2 Enhance Grape framework with additional data flow modeling and helper method support 2025-09-12 22:13:21 -04:00
Chad Bentz
738ab6fba7 Refactor Grape framework code for improved readability and consistency 2025-09-12 19:23:15 -04:00
Chad Bentz
d295acc3c3 Add initial support for Ruby Grape 2025-09-12 19:22:05 -04:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Anders Schack-Mulligen
c1662cf05c C#/Ruby: Accept qltest changes. 
Mostly toString changes, and a slight change to
splitting in C#.
 2025-09-01 12:56:07 +02:00
Anders Schack-Mulligen
d8c193df18 Ruby: Use shared SuccessorType. 2025-09-01 12:56:04 +02:00
Anders Schack-Mulligen
e2eb6dbbf2 Ruby: Fix query compilation. 2025-09-01 11:26:37 +02:00
Matt Schwager
5192f3128a Update expected test output 2025-07-21 15:26:39 -04:00
Matt Schwager
9da94fb880 Fix #19294, Ruby NetHttpRequest improvements 2025-07-21 15:17:54 -04:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
52bbfa30d2 Ruby: update expected test results 2025-07-04 15:32:07 +02:00
Nora Dimitrijević
89f1ee0301 Ruby: add meta/TaintedNodes.ql test 2025-06-26 13:22:07 +02:00
Nora Dimitrijević
92a48cdc2b Ruby: convert InsecureDownload test to .qlref 2025-06-24 14:57:59 +02:00
Nora Dimitrijević
e32982057c Ruby: convert CommandInjection test to .qlref 2025-06-24 14:57:54 +02:00
Nora Dimitrijević
8a1987ab71 Merge pull request #19448 from d10c/d10c/ruby-printast-order-fix 
Ruby printAst: fix order for synth children of real parents
 2025-05-15 18:17:01 +02:00
yoff
3fcd46ec6c Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-05-13 16:57:32 +02:00
yoff
774b1820c2 ruby: also insert capturedExitRead-nodes by exceptional exits 2025-05-13 15:11:00 +02:00
yoff
73bae1627b ruby: test for DeadStore and captured variables 2025-05-13 15:08:01 +02:00