1073 Commits

Author	SHA1	Message	Date
Asger F	8b7ec20573	Merge branch 'main' into rb/summarize-more	2022-10-05 09:43:52 +02:00
Tom Hvitved	1496c4f0e2	Merge pull request #10686 from hvitved/ruby/remove-value-pair-content ... Ruby: Remove `PairValueContent`	2022-10-05 09:41:14 +02:00
Arthur Baars	c1c16e44ee	Merge pull request #10559 from aibaars/cve-2019-3881 ... Ruby: some improvements	2022-10-04 21:24:14 +02:00
Tom Hvitved	aae9a58ca3	Ruby: Remove ValuePairContent	2022-10-04 20:10:51 +02:00
Nick Rolfe	227100d883	Ruby: make old class names available as deprecated aliases	2022-10-04 16:11:43 +01:00
Tom Hvitved	9d7d6c29f9	Review comments	2022-10-04 12:58:50 +02:00
Tom Hvitved	77c47bc856	Ruby: Add another call graph test	2022-10-04 12:58:49 +02:00
Arthur Baars	0160c374e4	Ruby: add flow summaries for Object#dup and Kernel#tap	2022-10-04 12:58:49 +02:00
Arthur Baars	c2b98a4761	Ruby: add support for 'extend' method	2022-10-04 12:58:49 +02:00
Arthur Baars	09bc78eafc	Ruby: local dataflow step for || and &&	2022-10-04 12:58:49 +02:00
Arthur Baars	e95b5468d9	Ruby: use Dataflow for Pathname instead of TypeTracking	2022-10-04 12:58:49 +02:00
Nick Rolfe	a738f1d5cf	Ruby: remove public abstract classes for Action{View,Controller}	2022-10-04 10:53:41 +01:00
Asger F	948594043d	Ruby: share type-tracking test with array test	2022-10-04 11:15:13 +02:00
Asger F	b6231e82ec	Ruby: do not treat WithoutElement[0..!] as a type filter	2022-10-04 11:14:31 +02:00
Asger F	6e7aea85ef	Ruby: update benign test output ... API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.	2022-10-04 11:14:31 +02:00
Asger F	00e52ad109	Ruby: add type-tracking variant of hash-flow test ... Ruby: fixup type-tracking hash flow test Fixup! type-tracking hash flow test result	2022-10-04 11:14:30 +02:00
Asger F	c06743afb5	Ruby: update benign test updates	2022-10-04 11:08:46 +02:00
Asger F	f75f27d30e	Ruby: update test	2022-10-04 11:08:46 +02:00
Asger F	1c484d80aa	Ruby: add some calls to .each in call graph test	2022-10-04 11:06:44 +02:00
Asger F	ab672ded6a	Ruby: strip trailing whitespace in calls.rb test	2022-10-04 11:06:44 +02:00
Harry Maclean	42a97b26bb	Merge pull request #10316 from hmac/hmac/actionview ... Ruby: Model ActionView	2022-10-04 08:16:16 +13:00
Tom Hvitved	d52d3d7b75	Merge pull request #10644 from hvitved/ruby/prevent-reevaluation ... Ruby: Prevent reevaluation of expensive predicates	2022-10-03 13:10:39 +02:00
Asger F	47e5623b90	Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs ... Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-10-03 09:23:33 +02:00
Harry Maclean	a5998fbe4d	Ruby: Model ActionController::Parameters ... Add flow summaries for methods on ActionController::Parameters, which mostly propagate taint from receiver to return value.	2022-10-03 09:45:59 +13:00
Tom Hvitved	292bc67125	Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods ... Ruby: Account for `protected` methods in call graph	2022-09-30 19:31:36 +02:00
Tom Hvitved	dd7458acc8	Ruby: Add more call graph tests for protected methods	2022-09-30 16:24:34 +02:00
Tom Hvitved	3ec43dbd16	Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-09-30 14:57:50 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached	2022-09-30 14:56:55 +02:00
Asger F	6e1914ad01	Merge pull request #10375 from asgerf/rb/summarize-loads-v2 ... Ruby: type-tracking and API edges through simple library callables	2022-09-30 14:25:17 +02:00
Michael Nebel	82294c1349	Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr ... Ruby: Postupdate notes for assignment expressions.	2022-09-30 10:00:02 +02:00
Harry Maclean	4a39bc8f47	Merge pull request #10598 from hmac/hmac/actioncontroller-metal ... Ruby: Identify ActionController::Metal controllers	2022-09-30 13:07:03 +13:00
Asger F	ae60b0ae6d	Ruby: ensure pruning works with startInContent	2022-09-29 15:54:51 +02:00
Michael Nebel	dd0f19d0b0	Ruby: Update expected test output.	2022-09-29 14:12:20 +02:00
Michael Nebel	af4db77046	Ruby: Update expected test output.	2022-09-29 13:54:59 +02:00
Michael Nebel	9ee831a378	Ruby: Add (failing) test case for flow out via assignment expression.	2022-09-29 13:54:32 +02:00
Asger F	dc03557aea	Merge branch 'main' into rb/summarize-loads-v2	2022-09-29 12:07:30 +02:00
Tom Hvitved	e9b96c19b8	Ruby: Account for protected methods in call graph	2022-09-29 11:58:04 +02:00
Asger F	296c0a7925	Merge pull request #10603 from asgerf/type-model-api-node ... Add TypeModel.getAnApiNode	2022-09-29 11:39:09 +02:00
Tom Hvitved	58b7556bdf	Ruby: Add call graph tests for protected methods	2022-09-29 11:37:35 +02:00
Harry Maclean	4217a50900	Treat ActiveRecord.create as a model instantiation	2022-09-29 09:24:42 +13:00
Harry Maclean	424f31a24a	Add test for AR Model.create instantiations ... These currently aren't recognised.	2022-09-29 09:24:42 +13:00
Harry Maclean	63309150e0	Make some space	2022-09-29 09:24:37 +13:00
Harry Maclean	e7d19e849f	Merge pull request #10090 from hmac/hmac/activestorage ... Ruby: Model Activestorage	2022-09-29 09:16:25 +13:00
Harry Maclean	0ce0ada4df	Merge pull request #10002 from hmac/hmac/protected-methods ... Ruby: Model protected methods	2022-09-29 08:39:29 +13:00
Asger F	65de5d014c	Ruby: add test case	2022-09-28 12:23:58 +02:00
Asger F	a48b893ed6	Merge pull request #10588 from asgerf/rb/rbi-instantiated-type ... Ruby: add RbiInstantiatedType	2022-09-28 11:51:20 +02:00
Asger F	fea47c85f3	Ruby: expand on type-tracking test a bit	2022-09-28 11:40:55 +02:00
Asger F	971657245d	Ruby: update API graph inline test to match output	2022-09-28 11:17:13 +02:00
Asger F	ce1c258273	Ruby: Update TypeTracker.expected	2022-09-28 11:15:25 +02:00
Asger F	ee7dea1ab6	Merge branch 'main' into rb/summarize-loads-v2 ... This only fixes superficial conflicts with https://github.com/github/codeql/pull/10574 semantic conflicts will be addressed in later commits	2022-09-28 11:11:44 +02:00