hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 18:50:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
20f1a74202dde3697fdd2e3753e6f69eede1f9e7
codeql/ruby/ql/test/library-tests/frameworks
History
Harry Maclean 20f1a74202 Ruby: Restrict GraphQL remote flow sources 
Previously we considered any splat parameter in a graphql resolver to be
a remote flow source. Now we limit that to reads of the parameter which
yield scalar types (e.g. String), as defined by the GraphQL schema.

This should reduce GraphQL false positives.
2023-09-14 12:14:56 +01:00
..
action_cable
Ruby: add ActionCable channel RPC params as remote-flow sources
2022-11-09 14:16:04 +00:00
action_controller
Ruby: Use proper PathGraph module in inline flow tests
2023-09-04 20:27:34 +02:00
action_dispatch
Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand"
2023-07-07 09:42:34 +02:00
action_mailbox
Ruby: Remove unused class
2022-11-30 11:50:35 +13:00
action_mailer
Ruby: Use proper PathGraph module in inline flow tests
2023-09-04 20:27:34 +02:00
action_view
Ruby: Move ActionDispatch tests to own directory
2023-02-04 14:19:08 +13:00
active_record
Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand"
2023-07-07 09:42:34 +02:00
active_resource
Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand"
2023-07-07 09:42:34 +02:00
active_storage
Ruby: Include all assignments in data flow paths
2023-03-24 10:09:30 +01:00
active_support
Ruby: Use proper PathGraph module in inline flow tests
2023-09-04 20:27:34 +02:00
archive
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
arel
Ruby: Use proper PathGraph module in inline flow tests
2023-09-04 20:27:34 +02:00
core
Ruby: re-add Eval.rb
2023-02-07 09:37:26 +13:00
files
Ruby: Include all assignments in data flow paths
2023-03-24 10:09:30 +01:00
globalid
Ruby: improve coverage of GlobalID::Identification modelling
2022-12-14 15:21:19 +00:00
graphql
Ruby: Restrict GraphQL remote flow sources
2023-09-14 12:14:56 +01:00
http_clients
Ruby: instantiate NetHttpRequest even if body is not accessed
2023-03-31 12:56:09 +02:00
json
Consolidate all InlineFlowTest libraries in the dataflow qlpack
2023-08-24 21:38:46 +02:00
mysql2
Add Mysql2 as SQL Injection Sink
2023-05-06 12:25:25 +02:00
pathname
Ruby: Fix tests.
2023-06-09 15:39:18 +02:00
posix-spawn
Ruby: Move PosixSpawn tests to their own directory
2023-02-04 14:30:23 +13:00
rack
Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string
2023-07-17 14:11:25 +01:00
railties
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
sequel
Ruby: update test output
2023-06-01 13:50:32 +01:00
sinatra
Ruby: Use proper PathGraph module in inline flow tests
2023-09-04 20:27:34 +02:00
sqlite3
Ruby: fix sqlite3 PreparedStatementExecution.getSql() predicate
2023-06-28 17:09:43 +01:00
stdlib
Ruby: Add tests for ActiveSupport modelling
2022-05-24 09:35:26 +01:00
Twirp
Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand"
2023-07-07 09:42:34 +02:00