hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

26 Commits

Author SHA1 Message Date
Tom Hvitved
b2f1022e5c Ruby: Prune irrelevant data flow nodes and edges 2023-11-16 13:52:07 +01:00
Tom Hvitved
c570083163 Ruby: Improve performance of flow through (hash) splats 2023-09-27 11:49:31 +02:00
Harry Maclean
4c1beea465 Ruby: Address review comments 2023-09-14 09:26:33 +01:00
Harry Maclean
222aa41bbf Merge pull request #13938 from hmac/splat-flow-2 
Ruby: More precise flow into splat parameters
 2023-08-18 12:07:58 +01:00
Tom Hvitved
e96cbeb00a Ruby: Adjust locations of synthesized nodes 2023-08-14 14:37:47 +02:00
Harry Maclean
6011d26823 Ruby: Restrict parameter nodes 2023-08-11 15:14:32 +01:00
Tom Hvitved
77fca277fe Ruby: Improve desugaring of for loops 2023-08-10 13:22:01 +02:00
Harry Maclean
5fff9fa8da More precise flow into splat parameters 
We now precisely track flow from positional arguments to splat
parameters, provided that splat arguments are not used and there are no
positional parameters after the splat parameter. For example, in this
case:

    def f(x, y, *z); end

    f(a, b, c, d)

we get flow from `c` to `z[0]` and `d` to `z[1]`.

We get false flow if there are positional parameters after the splat
parameter. For example in this case:

    def g(x, y, *z, w); end

    g(a, b, c, d)

we get flow from `d` to `z[0]` instead of `w`.

We also track flow in this case

    def f(a, *b)
      sink b[0]
    end

    f(1, *[taint, 2])
 2023-08-10 12:02:47 +01:00
Arthur Baars
d862972d5e Ruby: Add use-use stress test 2022-12-07 15:28:51 +01:00
Tom Hvitved
32f60fd112 Ruby: Add more local flow tests for use-use flow 2022-11-15 11:45:31 +01:00
Arthur Baars
0160c374e4 Ruby: add flow summaries for Object#dup and Kernel#tap 2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Arthur Baars
0cef887683 Ruby: address comments 2022-01-24 11:27:26 +01:00
Arthur Baars
e9a01f9e8f Ruby: fix test case 2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388 Address comments 2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d Ruby: add taint step test for hash patterns 2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e Ruby: add taint steps from case value to variables in patterns 2022-01-24 10:10:22 +01:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Arthur Baars
6c7114804e Ruby: remove CaseExprChildMapping::getBranch 2021-12-20 19:21:36 +01:00
Tom Hvitved
1e27ddf7c7 Ruby: Data flow for keyword arguments/parameters 2021-12-17 15:42:29 +01:00
Tom Hvitved
413375992d Ruby: Flatten nested statements inside desugared for loops 2021-11-17 09:05:37 +01:00
Tom Hvitved
945bb7459a Ruby: Update expected test output 2021-11-17 09:05:37 +01:00
Alex Ford
8603609698 Update test output to account for for-loop -> each desugaring 2021-11-17 09:05:36 +01:00
Tom Hvitved
c57b7c5b2b Data flow: Restrict ExprReturnNode to nodes from the body of the callable 2021-10-18 17:01:30 +02:00
Tom Hvitved
397b8345e0 Data flow: Fix bug for sugared call arguments 2021-10-18 13:48:11 +02:00
Tom Hvitved
0de27bbc7e Data flow: Add ArgumentNode test 2021-10-18 13:47:50 +02:00