codeql

mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00

Author	SHA1	Message	Date
Asger F	9302271c15	Ruby: Hack special-casing of hash literals	2022-10-04 11:14:30 +02:00
Asger F	bd11946aec	Ruby: support WithoutContent steps in restricted cases fixup ContentFilter fixup basicWith(out)contentstep	2022-10-04 11:14:28 +02:00
Asger F	323abf45ca	Ruby: Speed up evaluateSummaryComponentStackLocal	2022-10-04 11:12:09 +02:00
Asger F	a7d764d2a7	Ruby: Improve join order when generating edges	2022-10-04 11:12:09 +02:00
Asger F	8c43ab627f	Ruby: go to local source in load-store steps	2022-10-04 11:11:50 +02:00
Asger F	8b389fe5f9	Ruby: use getACallSimple in more Hash methods	2022-10-04 11:08:46 +02:00
Asger F	74c3886167	Ruby: use getACallSimple in more Array methods	2022-10-04 11:08:46 +02:00
Asger F	5b2d8b0894	Ruby: make Array.each a simple summary	2022-10-04 11:08:46 +02:00
Asger F	fbab0f50f2	Ruby: Evaluate longer summary component stacks	2022-10-04 11:08:46 +02:00
Asger F	0000a7d429	Ruby: Summarize load-store steps in type-tracking fixup to LoadStore	2022-10-04 11:08:44 +02:00
Asger F	a4d4e406c6	Ruby: Summarize level steps in type tracking	2022-10-04 11:06:44 +02:00
Tom Hvitved	12536578d4	Merge pull request #10664 from hvitved/type-tracking-more-caching Ruby/Python: Cache more type tracking predicates	2022-10-04 10:58:41 +02:00
Harry Maclean	42a97b26bb	Merge pull request #10316 from hmac/hmac/actionview Ruby: Model ActionView	2022-10-04 08:16:16 +13:00
Tom Hvitved	bc3e9339dc	Ruby: Cache more type tracking predicates	2022-10-03 20:29:17 +02:00
Tom Hvitved	d52d3d7b75	Merge pull request #10644 from hvitved/ruby/prevent-reevaluation Ruby: Prevent reevaluation of expensive predicates	2022-10-03 13:10:39 +02:00
Asger F	47e5623b90	Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-10-03 09:23:33 +02:00
Harry Maclean	e48665ad9f	Fix doc	2022-10-03 14:13:12 +13:00
Harry Maclean	236b628ee2	Ruby: Constrain parameters flow properly	2022-10-03 14:06:06 +13:00
Harry Maclean	32baf67b07	Fix change note month	2022-10-03 09:46:01 +13:00
Harry Maclean	5c20039e09	Ruby: Slightly improve class name	2022-10-03 09:46:01 +13:00
Harry Maclean	fa1ae26fab	Add change note	2022-10-03 09:46:01 +13:00
Harry Maclean	a5998fbe4d	Ruby: Model ActionController::Parameters Add flow summaries for methods on ActionController::Parameters, which mostly propagate taint from receiver to return value.	2022-10-03 09:45:59 +13:00
Harry Maclean	ba83b7c6c7	Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming Ruby: Model send_file	2022-10-03 09:44:05 +13:00
Alex Ford	5c32c8badf	Merge pull request #10560 from alexrford/ruby/yaml-load_file Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization	2022-10-02 20:19:10 +01:00
Tom Hvitved	292bc67125	Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods Ruby: Account for `protected` methods in call graph	2022-09-30 19:31:36 +02:00
Tom Hvitved	32d002ed60	Merge pull request #10627 from hvitved/ruby/synthesis-reduce-non-linear-rec Ruby: Reduce size of input predicate for non-linear recursion	2022-09-30 15:36:21 +02:00
Tom Hvitved	3ec43dbd16	Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-09-30 14:57:50 +02:00
Tom Hvitved	e5d884a905	Ruby: Cache predicates in `ApiGraphModels::ModelOutput`	2022-09-30 14:56:55 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from `internal/Module.qll` and make sure they are cached	2022-09-30 14:56:55 +02:00
Asger F	6e1914ad01	Merge pull request #10375 from asgerf/rb/summarize-loads-v2 Ruby: type-tracking and API edges through simple library callables	2022-09-30 14:25:17 +02:00
Nick Rolfe	ef8ec0878a	Merge pull request #10641 from github/nickrolfe/a_an JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 12:17:15 +01:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
Michael Nebel	82294c1349	Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr Ruby: Postupdate notes for assignment expressions.	2022-09-30 10:00:02 +02:00
Harry Maclean	4a39bc8f47	Merge pull request #10598 from hmac/hmac/actioncontroller-metal Ruby: Identify ActionController::Metal controllers	2022-09-30 13:07:03 +13:00
Tom Hvitved	a5fbe751f1	Ruby: Reduce size of input predicate for non-linear recursion Before, we would be recursive in all of `MethodCall::getMethodName`: ``` Evaluated named local Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi in 9803ms on iteration 14 (size: 31006941). Evaluated relational algebra for predicate Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi on iteration 14 running pipeline main with tuple counts: 256419 ~1% {2} r1 = SCAN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta OUTPUT In.1, In.0 31006941 ~8% {4} r2 = JOIN r1 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2, Rhs.3 return r2 ``` Now, we have restricted that to only the relevant method names.	2022-09-29 15:59:11 +02:00
Asger F	ae60b0ae6d	Ruby: ensure pruning works with startInContent	2022-09-29 15:54:51 +02:00
Michael Nebel	999eb19c3d	Ruby: Support postupdate notes for assignment expressions.	2022-09-29 14:12:20 +02:00
Asger F	f1de5a2ffd	Ruby: Restrict summaries and type trackers to relevant contents	2022-09-29 14:10:09 +02:00
Tom Hvitved	1fcd22b0f6	Merge pull request #10621 from hvitved/ruby/fix-bad-join Ruby: Fix bad join-order	2022-09-29 13:56:18 +02:00
Asger F	dc03557aea	Merge branch 'main' into rb/summarize-loads-v2	2022-09-29 12:07:30 +02:00
Tom Hvitved	2bf087677f	Ruby: Fix bad join-order Before ``` Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@ba617c9q with tuple counts: 1066626 ~2% {3} r1 = SCAN project#Module#fe82a56b::Cached::lookupMethod#2 OUTPUT In.0, In.0, In.1 931393128 ~0% {4} r2 = JOIN r1 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1, Rhs.2 298573 ~0% {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff_14023#join_rhs ON FIRST 2 OUTPUT Rhs.2, Rhs.3, Rhs.4, Lhs.2, Lhs.3, Lhs.1 return r3 ``` After ``` Evaluated relational algebra for predicate DataFlowDispatch#36b84300::mayBenefitFromCallContext1#6#ffffff@f68de4dn with tuple counts: 583298 ~1% {5} r1 = SCAN DataFlowDispatch#36b84300::mayBenefitFromCallContext0#5#fffff OUTPUT In.1, In.0, In.2, In.3, In.4 583298 ~1% {5} r2 = JOIN r1 WITH DataFlowPrivate#462ff392::ArgumentNode#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4 442278 ~0% {6} r3 = JOIN r2 WITH DataFlowDispatch#36b84300::isInstanceLocalMustFlow#3#fff ON FIRST 1 OUTPUT Rhs.1, Lhs.4, Lhs.1, Lhs.2, Lhs.3, Rhs.2 298573 ~0% {6} r4 = JOIN r3 WITH project#Module#fe82a56b::Cached::lookupMethod#2 ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0, Lhs.5, Lhs.1 return r4 ```	2022-09-29 12:00:26 +02:00
Tom Hvitved	e9b96c19b8	Ruby: Account for `protected` methods in call graph	2022-09-29 11:58:04 +02:00
Asger F	296c0a7925	Merge pull request #10603 from asgerf/type-model-api-node Add TypeModel.getAnApiNode	2022-09-29 11:39:09 +02:00
Alex Ford	4ed4d31efd	Delete 2022-09-23-yaml-load-file.md	2022-09-28 21:44:58 +01:00
Harry Maclean	0e5aa97c46	Fix changenote month	2022-09-29 09:24:42 +13:00
Harry Maclean	76cfd44478	Add change note	2022-09-29 09:24:42 +13:00
Harry Maclean	4217a50900	Treat ActiveRecord.create as a model instantiation	2022-09-29 09:24:42 +13:00
Harry Maclean	e7d19e849f	Merge pull request #10090 from hmac/hmac/activestorage Ruby: Model Activestorage	2022-09-29 09:16:25 +13:00
Harry Maclean	0ce0ada4df	Merge pull request #10002 from hmac/hmac/protected-methods Ruby: Model protected methods	2022-09-29 08:39:29 +13:00
Tom Hvitved	3af3772041	Ruby: Include `With(out)Element` in `isElementBody`	2022-09-28 16:51:20 +02:00

... 38 39 40 41 42 ...

3455 Commits