hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-19 17:34:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4258ea390342f99c25379fb002cb67e317bd5fa
codeql/ruby/ql/test/query-tests/security
History
Erik Krogh Kristensen ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
2022-10-24 18:59:36 +02:00
..
cwe-020
Ruby: improve tracking of regular expressions
2022-10-04 12:58:49 +02:00
cwe-022
add model for Dir.glob and other Dir methods
2022-10-24 12:05:26 +02:00
cwe-078
add a test for explicit shell invocations using Kernel.open
2022-10-11 09:23:29 +02:00
cwe-079
remove FPs in rb/stored-xss from spurious sources
2022-10-18 11:07:48 +02:00
cwe-089
apply suggestions from review
2022-09-13 10:52:23 +02:00
cwe-094
remove duplicate alerts due to multiple states reaching the same sink
2022-10-19 13:19:18 +02:00
cwe-116
JS/Python/Ruby: s/a HTML/an HTML/
2022-09-30 10:37:52 +01:00
cwe-117
apply suggestions from review
2022-09-13 10:52:23 +02:00
cwe-134
apply suggestions from review
2022-09-13 10:52:23 +02:00
cwe-295
fix some more style-guide violations in the alert-messages
2022-10-07 12:01:03 +02:00
cwe-300
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
cwe-312
fix some more style-guide violations in the alert-messages
2022-10-07 12:01:03 +02:00
cwe-327
add model for the core OpenSSL::Digest module
2022-10-14 13:25:34 +02:00
cwe-352
Ruby: add missing example rails action
2022-01-19 13:47:00 +00:00
cwe-502
Ruby: add rb/unsafe-deserialization sinks for const_get args
2022-10-11 15:45:51 +01:00
cwe-506
make the alert messages of taint-tracking queries more consistent
2022-09-07 12:22:50 +02:00
cwe-598
Ruby: update rb/sensitive-get-query tests
2022-10-13 22:41:34 +01:00
cwe-601
Ruby: Add kind to Http::Server::RequestInputAccess
2022-10-13 13:24:16 +13:00
cwe-611
Ruby: detect uses of libxml with entity substitution enabled by default
2022-09-27 11:53:43 +01:00
cwe-732
fix some more style-guide violations in the alert-messages
2022-10-07 12:01:03 +02:00
cwe-798
fix some more style-guide violations in the alert-messages
2022-10-07 12:01:03 +02:00
cwe-807-user-controlled-bypass
apply suggestions from review
2022-09-13 10:52:23 +02:00
cwe-829
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
cwe-912
update expected output
2022-10-11 11:37:26 +02:00
cwe-918
apply suggestions from review
2022-09-13 10:52:23 +02:00
cwe-1333-exponential-redos
add further normalization of char classses
2022-06-23 14:36:25 +02:00
cwe-1333-polynomial-redos
add case-in as a sink for polynomial-redos
2022-10-13 12:36:07 +02:00
cwe-1333-regexp-injection
apply suggestions from review
2022-09-13 10:52:23 +02:00
decompression-api
update test expectation
2022-06-20 17:27:33 +00:00