codeql

mirror of https://github.com/github/codeql.git synced 2026-04-12 10:34:02 +02:00

Files

Harry Maclean 615beeec80 Identify more vulnerable ActiveRecord methods

This change identifies the following patterns:

- `Model.select(input)`
- `Model.reselect(input)`
- `Model.rewhere(input)`
- `Model.update_all(input)`
- `model.reload(lock: input)`

2021-09-29 11:47:07 +01:00

cwe-078

Test that KernelMethodCall is specific enough

2021-09-17 17:02:17 +01:00

cwe-079

update test output (subpaths)

2021-09-15 20:51:14 +01:00

cwe-089

Identify more vulnerable ActiveRecord methods

2021-09-29 11:47:07 +01:00

cwe-094

Add query for Code Injection

2021-09-20 11:35:45 +01:00

cwe-502

Add empty subpaths section to expected test output

2021-09-20 15:56:58 +01:00

cwe-601

Bump codeql submodule

2021-09-15 14:59:42 +02:00

cwe-732

revamp weak file permissions query

2021-09-21 19:02:11 +01:00

cwe-798

Bump codeql submodule

2021-09-15 14:59:42 +02:00

cwe-1333-exponential-redos

Rename exponential ReDoS test directory

2021-09-02 17:57:56 +01:00

cwe-1333-polynomial-redos

Merge pull request #292 from github/regexp_slash_az

2021-09-17 16:42:13 +01:00