hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-07 14:41:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
eba7f1a7440ff60bb328effdedf26b36f7a00fa4
codeql/ruby/ql/test/library-tests/frameworks
History
Harry Maclean 0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
2022-10-17 09:34:44 +13:00
..
action_cable
Ruby: Recognise ActionCable logger class
2022-06-20 13:36:02 +12:00
action_controller
Add content_mime_type, fix env/filtered_env
2022-10-14 19:49:22 +13:00
action_dispatch
Ruby: Model Mime::Type
2022-07-29 11:41:48 +12:00
action_mailer
Ruby: add ActionMailer#params as a RemoteFlowSource
2022-10-10 10:23:48 +01:00
action_view
Add test code
2022-09-26 20:56:11 +13:00
active_record
Treat ActiveRecord.create as a model instantiation
2022-09-29 09:24:42 +13:00
active_resource
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
active_storage
Remove redundant import
2022-09-27 10:35:39 +13:00
active_support
Ruby: ActiveSupport extends Pathname with an existence method that may return itself
2022-10-11 21:35:58 +01:00
app
Ruby: Model ActionDispatch::Response
2022-10-17 08:17:37 +13:00
archive
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
arel
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
core
Ruby: Fix identification IO.open args
2022-05-10 17:32:00 +12:00
files
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
http_clients
ensure consistent casing of names
2022-09-09 10:34:14 +02:00
pathname
Ruby: use Dataflow for Pathname instead of TypeTracking
2022-10-04 12:58:49 +02:00
railties
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
stdlib
Ruby: Add tests for ActiveSupport modelling
2022-05-24 09:35:26 +01:00
ActionController.expected
Ruby: Restrict XSS header sinks
2022-10-17 09:34:44 +13:00
ActionController.ql
Ruby: Model ActionDispatch::Response
2022-10-17 08:17:37 +13:00
ActionDispatch.expected
Ruby: Model ActionDispatch::Response
2022-10-17 08:17:37 +13:00
ActionDispatch.ql
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
ActionView.expected
Ruby: Model ActionDispatch::Response
2022-10-17 08:17:37 +13:00
ActionView.ql
Ruby: make old class names available as deprecated aliases
2022-10-04 16:11:43 +01:00
Core.expected
Ruby: Update filename in test fixture
2022-02-21 09:43:36 +13:00
Core.ql
Ruby: split tests to match stdlib changes
2022-02-17 20:44:04 +13:00
Eval.rb
Ruby: split tests to match stdlib changes
2022-02-17 20:44:04 +13:00
GraphQL.expected
Ruby: Add classes for detecting user input from graphql-ruby
2022-01-18 09:13:58 -07:00
GraphQL.ql
Ruby: Add classes for detecting user input from graphql-ruby
2022-01-18 09:13:58 -07:00
PosixSpawn.expected
Ruby: Simplify posix-spawn modeling
2022-05-26 14:29:04 +01:00
PosixSpawn.ql
Ruby: Do not expose AST layer through ruby.qll
2022-09-13 19:59:56 +02:00
PosixSpawn.rb
Ruby: Simplify posix-spawn modeling
2022-05-26 14:29:04 +01:00
Stdlib.rb
Ruby: split tests to match stdlib changes
2022-02-17 20:44:04 +13:00