hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1073 Commits

Author SHA1 Message Date
erik-krogh
c13e8e4f48 Merge branch 'main' into formatTaint 2022-10-20 10:46:16 +02:00
erik-krogh
e29bf8ced2 Merge branch 'main' into html_safe 2022-10-18 19:49:37 +02:00
Tom Hvitved
61b9065135 Ruby: Fix syntax error in a test 2022-10-18 16:49:32 +02:00
erik-krogh
e47e20c5e7 remove use of HtmlSafeCall from tests 2022-10-18 10:43:24 +02:00
erik-krogh
bb4bc55c6a update expected output 2022-10-17 15:52:21 +02:00
Arthur Baars
f7ff2cdc0d Merge branch 'main' into actiondispatch-response 2022-10-17 13:22:17 +02:00
Harry Maclean
aa6c433529 Ruby: Update test fixture 
This change is due to a8fdda65fb.
 2022-10-17 09:44:32 +13:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
73ca595b56 Ruby: Model ActionDispatch::Response 2022-10-17 08:17:37 +13:00
Arthur Baars
ae0c9b76e0 Merge pull request #10843 from aibaars/fix-self 
Ruby: fix self variables in blocks
 2022-10-15 00:48:14 +02:00
Arthur Baars
a8fdda65fb Ruby: fix self variables in blocks 2022-10-14 16:02:39 +02:00
Asger F
8cb4f230d8 Merge branch 'main' into rb/fix-spurious-singleton-calls 2022-10-14 15:52:38 +02:00
Asger F
1bd3d29409 Ruby: workaround issue with 'def self.method' in a block 2022-10-14 15:07:33 +02:00
Asger F
17a246b321 Ruby: more uninteresting test updates 2022-10-14 13:59:52 +02:00
Asger F
8228730634 Ruby: fix regression for methods in singleton classes 2022-10-14 11:57:35 +02:00
Asger F
30f7380f74 Ruby: Add regression test for lost calls 2022-10-14 11:49:55 +02:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Asger F
a06cc30f05 Ruby: fix some more spurious call edges 2022-10-14 10:11:22 +02:00
Asger F
b1dadc224c Ruby: uninteresting test output update 2022-10-14 10:10:39 +02:00
Asger F
ae71828fc4 Ruby: add more tests for singleton up/down calls 2022-10-14 10:09:59 +02:00
Asger F
789f591de4 Ruby: add another spurious call edge test 2022-10-14 10:09:57 +02:00
Asger F
1476efbe2c Ruby: restrict to a use of 'self' in singleton methods 2022-10-14 10:09:11 +02:00
Asger F
329ab9156a Ruby: add test showing spurious call 2022-10-14 10:07:34 +02:00
Harry Maclean
e6dc27a7b5 Add content_mime_type, fix env/filtered_env 2022-10-14 19:49:22 +13:00
Alex Ford
a65850e922 Merge pull request #10784 from alexrford/ruby/pathname-existence 
Ruby: model `Pathname#existence` extension from `ActiveSupport`
 2022-10-13 11:38:22 +01:00
Harry Maclean
a3c14f7f46 Update test 2022-10-13 13:57:28 +13:00
Harry Maclean
ad464abde2 Ruby: Model more params accesses 2022-10-13 13:24:16 +13:00
Asger F
83464d48a9 Merge pull request #10773 from asgerf/rb/bugfix-singleton-class-resolution 
Ruby: bugfix in type-tracking singleton class resolution
 2022-10-12 13:45:16 +02:00
Nick Rolfe
39107047bf Merge pull request #10735 from github/nickrolfe/actionmailer 
Ruby: add `ActionMailer#params` as a `RemoteFlowSource`
 2022-10-12 10:21:11 +01:00
Alex Ford
d3c8ce3f48 Ruby: ActiveSupport extends Pathname with an existence method that may return itself 2022-10-11 21:35:58 +01:00
Asger F
ed165c6194 Ruby: bugfix in self-resolution in type-tracking 2022-10-11 18:53:20 +02:00
Asger F
a64286b664 Ruby: add test for singleton class instance field 
incorrect test output
 2022-10-11 18:53:20 +02:00
Asger F
6daa1c432b Ruby: update test output 2022-10-11 09:03:51 +02:00
Asger F
d55925d8d4 Ruby: support splat type-tracking step 2022-10-11 09:03:51 +02:00
Nick Rolfe
d61f0559a0 Ruby: add ActionMailer#params as a RemoteFlowSource 2022-10-10 10:23:48 +01:00
Nick Rolfe
a6674a5313 Ruby: fix uses of deprecated class name 2022-10-07 13:17:05 +01:00
Tom Hvitved
b065d2d3ab Merge pull request #10705 from hvitved/ruby/singleton-overrides 
Ruby: Take overrides into account for singleton methods defined on modules
 2022-10-07 13:33:59 +02:00
Harry Maclean
75cb0efecb Merge pull request #10538 from hmac/hmac/actioncontroller-parameters 
Ruby: Model flow through ActionController::Parameters
 2022-10-07 22:21:40 +13:00
Tom Hvitved
48bdf13c89 Ruby: Take overrides into account for singleton methods defined on modules 2022-10-06 11:56:26 +02:00
Tom Hvitved
7608276397 Ruby: Add more call graph tests 2022-10-06 10:38:02 +02:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more 
Ruby: more type-tracking steps
 2022-10-05 19:16:56 +02:00
Asger F
decd4c93c7 Ruby: update type tracking test 2022-10-05 15:15:52 +02:00
Arthur Baars
6509c19aad Merge pull request #10692 from aibaars/fix-splats 
Ruby: fix CFG and toString for anonymous '*' and '**'
 2022-10-05 13:25:29 +02:00
Tom Hvitved
e51c20bfc7 Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow 2022-10-05 12:58:29 +02:00
Arthur Baars
a080f498be Ruby: fix CFG and toString for anonymous '*' and '**' 2022-10-05 11:50:37 +02:00
Tom Hvitved
9d23742ed6 Ruby: Add test that illustrates issue with conjunctive WithoutContents 2022-10-05 11:26:23 +02:00
Asger F
f664a77a02 Ruby: ensure Hash flow works again 2022-10-05 11:07:55 +02:00
Arthur Baars
4ff85d5275 Ruby: add test case 2022-10-05 10:57:53 +02:00
Asger F
6f74a52542 Merge branch 'main' into rb/summarize-more 2022-10-05 09:55:23 +02:00