hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1073 Commits

Author SHA1 Message Date
Tom Hvitved
19e910e1b5 Merge pull request #16801 from hvitved/ruby/element-reference-block 
Ruby: Handle element references with blocks
 2024-07-02 13:08:31 +02:00
Tom Hvitved
7fdc09c17f Ruby: Add missing local flow steps 2024-07-01 19:46:40 +02:00
Tom Hvitved
a8758c0160 Ruby: Handle element references with blocks 2024-06-21 12:04:55 +02:00
Tom Hvitved
8ea4f85de3 Ruby: Rework Sinatra.FilterJumpStep 2024-06-21 08:57:59 +02:00
Tom Hvitved
95c764eff6 Fix Sinatra test to properly output pathgraph 2024-06-21 08:57:19 +02:00
Alex Ford
6c3d90e8a0 Merge pull request #16650 from alexrford/rb/routing-improvements 
Ruby: ActionDispatch - support `path => target` route format
 2024-06-18 11:17:05 +01:00
Tom Hvitved
e42de3de6f Ruby: Fix extraction errors 2024-06-04 14:54:02 +02:00
Tom Hvitved
ad99158838 Ruby: Fix/accept extraction errors 2024-06-04 12:55:44 +02:00
Alex Ford
1100b75a3c Ruby: handle routes with path/action pairs 2024-05-31 15:54:57 +01:00
Alex Ford
0473655752 Ruby: actiondispatch add hash arg testcase 2024-05-31 15:08:35 +01:00
Alex Ford
22858249f9 Ruby: actiondispatch test whitespace changes 2024-05-31 15:07:39 +01:00
Tom Hvitved
a006c29a00 Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Tom Hvitved
04de315e0e Ruby: Deprecate models-as-data CSV interface 2024-04-12 13:40:14 +02:00
Anders Schack-Mulligen
2c43d0c5a4 Ruby: Update expected output (interesting). 2024-04-12 09:20:38 +02:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
Tom Hvitved
5f8eb7b138 Merge pull request #16110 from hvitved/dataflow/param-flow-no-expects-content 
Data flow: Block flow at `expectsContents` nodes in `parameterValueFlow`
 2024-04-09 11:26:24 +02:00
Tom Hvitved
ce3b359813 Ruby: Fix CFG for nodes that may raise 2024-04-04 13:27:29 +02:00
Tom Hvitved
6d2d9654b5 Ruby: Add CFG test 2024-04-04 13:27:29 +02:00
Tom Hvitved
2d4cf55c87 Merge pull request #15985 from hvitved/ruby/phi-barrier-guards 
Ruby: Extend barrier guards to handle phi inputs
 2024-04-03 15:22:39 +02:00
Tom Hvitved
7871fb8ce6 Data flow: Block flow at expectsContents nodes in parameterValueFlow 2024-04-03 15:19:34 +02:00
Tom Hvitved
137594cf36 Ruby: Add regression test 2024-04-03 15:19:34 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Tom Hvitved
90779f4413 Ruby: Extend barrier guards to handle phi inputs 2024-03-20 10:02:20 +01:00
Tom Hvitved
0f0acc0428 Ruby: Add barrier guard flow tests 2024-03-20 09:25:20 +01:00
Harry Maclean
219cd4e415 Merge pull request #14426 from hmac/hmac-ar-scopes 
Ruby: Track flow into ActiveRecord scopes
 2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e Ruby: Fix Hash#keys flow summary 2024-03-19 13:47:45 +00:00
Harry Maclean
32b80f8cb1 Ruby: Add tests for hash flow 2024-03-19 08:38:14 +00:00
Tom Hvitved
8899d66132 Merge pull request #15734 from hvitved/dataflow/hidden-subpath 
Data flow: Account for hidden `subpath` wrappers
 2024-03-18 20:17:16 +01:00
Joe Farebrother
4177c38ed4 Merge pull request #15907 from joefarebrother/ruby-uploaded-file 
Ruby: Model ActiveDispatch::Http::UploadedFile
 2024-03-18 14:02:33 +00:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b Add change note + fix qldoc 2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Tom Hvitved
e793a1e9fe Ruby: Add variable capture spurious flow test 2024-03-08 10:00:42 +01:00
Anders Schack-Mulligen
0dbe8c3d8a Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity 
Data flow: prune context-sensitivity relations
 2024-03-06 10:04:48 +01:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Harry Maclean
91cb2a37fd Ruby: Model Process.exec 2024-03-05 10:19:22 +00:00
Tom Hvitved
bd7b2c4cc6 Update expected output 2024-03-05 10:44:13 +01:00
Harry Maclean
179aaa1342 Ruby: model Open4.popen4ext 2024-03-05 09:35:18 +00:00
Peter Stöckli
4adc373dfe Ruby: more test cases for code injection via method 2024-03-01 16:01:07 +01:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Joe Farebrother
0b7b7ea1b8 Add test cases and improve controller model 2024-03-01 09:57:24 +00:00
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00