Tom Hvitved
15bfeab652
Ruby: Make getPreUpdateNode Unique Again
2025-04-04 09:43:55 +02:00
Anders Schack-Mulligen
e7e5f75949
Ruby: Accept test changes.
2025-03-25 12:31:04 +01:00
Michael Nebel
138e294dae
Ruby: Update all test util paths to point to the new location.
2024-12-12 13:54:37 +01:00
Tom Hvitved
c9aaba677d
Ruby: Update expected test output
2024-08-13 13:34:46 +02:00
Tom Hvitved
7fdc09c17f
Ruby: Add missing local flow steps
2024-07-01 19:46:40 +02:00
Tom Hvitved
90779f4413
Ruby: Extend barrier guards to handle phi inputs
2024-03-20 10:02:20 +01:00
Tom Hvitved
e7b00a7b42
Ruby: Add post-update argument nodes for string constants
2024-03-15 10:47:39 +01:00
Joe Farebrother
b4ed77343b
Add change note + fix qldoc
2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a
Add test cases
2024-03-14 22:25:36 +00:00
Joe Farebrother
0b7b7ea1b8
Add test cases and improve controller model
2024-03-01 09:57:24 +00:00
Joe Farebrother
386defc3c7
Update test output
2024-02-26 11:21:03 +00:00
Anders Schack-Mulligen
35a3aa0a09
Ruby: Add empty provenance column to expected files.
2024-02-09 11:32:08 +01:00
Tom Hvitved
d2d017dd64
Ruby: Model flow through ViewComponent render methods
2024-01-30 20:30:58 +01:00
Harry Maclean
f230e618a3
Ruby: Update tests
2024-01-30 09:43:56 +00:00
Tom Hvitved
25a676ac6a
Ruby: Model simple pattern matching as value steps instead of taint steps
2023-12-14 20:18:24 +01:00
Tom Hvitved
b2f1022e5c
Ruby: Prune irrelevant data flow nodes and edges
2023-11-16 13:52:07 +01:00
Tom Hvitved
f1b67ade9b
Ruby: Include name of variable in UninitializedDefinition.toString
2023-11-14 11:33:59 +01:00
Tom Hvitved
c570083163
Ruby: Improve performance of flow through (hash) splats
2023-09-27 11:49:31 +02:00
Tom Hvitved
e11a4b63e9
Ruby: Remove SynthSplatArgParameterNode
2023-09-14 09:26:38 +01:00
Harry Maclean
4c1beea465
Ruby: Address review comments
2023-09-14 09:26:33 +01:00
Harry Maclean
7ebd51163e
Ruby: Handle more splat arg flow
...
Allow flow from a splat argument to a positional parameter in cases
where there are positional arguments left of the splat. For example:
def foo(x, y, z); end
foo(1, *[2, 3])
2023-09-14 08:54:48 +01:00
Tom Hvitved
a2912cd72b
Ruby: Use proper PathGraph module in inline flow tests
...
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
2023-09-04 20:27:34 +02:00
Jeroen Ketema
9d573e5544
Consolidate all InlineFlowTest libraries in the dataflow qlpack
2023-08-24 21:38:46 +02:00
Harry Maclean
222aa41bbf
Merge pull request #13938 from hmac/splat-flow-2
...
Ruby: More precise flow into splat parameters
2023-08-18 12:07:58 +01:00
Tom Hvitved
e96cbeb00a
Ruby: Adjust locations of synthesized nodes
2023-08-14 14:37:47 +02:00
Harry Maclean
6011d26823
Ruby: Restrict parameter nodes
2023-08-11 15:14:32 +01:00
Tom Hvitved
77fca277fe
Ruby: Improve desugaring of for loops
2023-08-10 13:22:01 +02:00
Harry Maclean
5fff9fa8da
More precise flow into splat parameters
...
We now precisely track flow from positional arguments to splat
parameters, provided that splat arguments are not used and there are no
positional parameters after the splat parameter. For example, in this
case:
def f(x, y, *z); end
f(a, b, c, d)
we get flow from `c` to `z[0]` and `d` to `z[1]`.
We get false flow if there are positional parameters after the splat
parameter. For example in this case:
def g(x, y, *z, w); end
g(a, b, c, d)
we get flow from `d` to `z[0]` instead of `w`.
We also track flow in this case
def f(a, *b)
sink b[0]
end
f(1, *[taint, 2])
2023-08-10 12:02:47 +01:00
Harry Maclean
72356d1515
Ruby: track flow from *args to positional params
...
This models flow in the following case:
def foo(x, y)
sink x # 1
sink y # 2
end
args = [source 1, source 2]
foo(*args)
We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
2023-08-09 15:01:40 +01:00
Alex Ford
f437a6f729
Merge branch 'main' into maikypedia/ldap-injection
2023-07-31 16:00:41 +01:00
Alex Ford
558238a9be
Ruby: update TaintStep test output
2023-07-31 16:00:27 +01:00
Alex Ford
082f26bcb1
Ruby: update TaintStep.ql output
2023-07-05 12:19:55 +01:00
Michael Nebel
0665f4f004
Ruby: Update TaintStep expected test output.
2023-07-03 14:36:06 +02:00
Jeroen Ketema
d82c3ce11a
Ruby: Rewrite InlineFlowTest as a parameterized module
2023-06-15 10:52:23 +02:00
Anders Schack-Mulligen
0c62901a67
Ruby: Fix tests.
2023-06-09 15:39:18 +02:00
Tom Hvitved
cee70883f0
Merge pull request #12964 from hvitved/ruby/remove-synth-returns
...
Ruby: Remove canonical return nodes
2023-06-08 10:07:48 +02:00
Alex Ford
6fa9e13a2e
Ruby: update TaintStep output
2023-06-01 16:27:20 +01:00
Alex Ford
7d943c7621
Ruby: update test output
2023-06-01 13:50:32 +01:00
Alex Ford
baabd2d1fa
Merge pull request #12832 from maikypedia/maikypedia/pg-sqli
...
Ruby: Add SQL Injection Sinks
2023-05-26 11:36:17 +01:00
Alex Ford
609319da20
ruby: update TaintStep.ql test output
2023-05-25 17:53:01 +01:00
Tom Hvitved
13ada1e6ad
Ruby: Remove canonical return nodes
2023-05-24 11:11:50 +02:00
Asger F
6d1a4451fb
Ruby: update a test expectation
2023-05-24 10:15:51 +02:00
Anders Schack-Mulligen
09d4fe21e8
Ruby: Update more expected output.
2023-04-26 13:37:07 +02:00
Tom Hvitved
b816c79248
Ruby: Include all assignments in data flow paths
2023-03-24 10:09:30 +01:00
Alex Ford
e84b08409c
Ruby: test fixes
2023-03-17 12:08:38 +00:00
Tom Hvitved
1d0b3d4112
Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node
2023-03-16 11:28:24 +01:00
erik-krogh
1a27441cfb
drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts
2023-01-06 09:04:36 +01:00
Peter Stöckli
d2c8e70be1
Adjust expected file for TaintStep (due to changes to File.join)
2022-12-09 09:57:19 +01:00
Arthur Baars
d862972d5e
Ruby: Add use-use stress test
2022-12-07 15:28:51 +01:00
Arthur Baars
f11f2cb1a0
Ruby: Update tests
2022-12-07 15:28:50 +01:00
