hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1638 Commits

Author SHA1 Message Date
Tom Hvitved
59caa977d0 Ruby: Add post-update nodes for compound arguments 2022-09-21 11:02:24 +02:00
Tom Hvitved
1f4573cf25 Ruby: Add more field flow tests 2022-09-21 10:32:38 +02:00
Erik Krogh Kristensen
7e17a919ae Merge pull request #10304 from erik-krogh/rb-followMsg 
RB: make the alert messages of taint-tracking queries more consistent
 2022-09-20 22:58:31 +02:00
Harry Maclean
d5ef853343 Ruby: Remove ActiveStorage entry points 2022-09-20 15:55:35 +01:00
Harry Maclean
ba5cd08a09 Update ActionController fixture 2022-09-20 15:55:35 +01:00
Harry Maclean
53a34174b9 Model ActiveStorage 2022-09-20 15:55:34 +01:00
Tom Hvitved
647397759e Merge pull request #10336 from hvitved/ruby/call-graph-rework 
Ruby: Rework call graph implementation
 2022-09-20 15:29:40 +02:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Alex Ford
be1ac17a60 Merge branch 'main' into rb/sensitive-get-query 2022-09-19 20:57:20 +01:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Tom Hvitved
a8cc669251 Ruby: Address review comments 2022-09-18 19:34:54 +02:00
Tom Hvitved
9004e82820 Ruby: Add another call graph test 2022-09-18 19:34:00 +02:00
Alex Ford
08c8db8937 Ruby: stop rb/sensitive-get-query from considering ID type data as sensitive 2022-09-16 15:40:13 +01:00
Nick Rolfe
b5d648a6b0 Ruby: model ActionView::FileSystemResolver as a FileSystemAccess 2022-09-16 09:24:14 +01:00
Tom Hvitved
ac4d4ff613 Ruby: Rework call graph implementation 2022-09-16 10:22:26 +02:00
Tom Hvitved
41c45c26bc Ruby: Add more call graph tests, and make calls.rb interpretable by irb 2022-09-16 10:22:20 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
Tom Hvitved
4247843a27 Ruby: Adjust the scope of singleton class targets 
In

```rb
class << x
  ...
end
```

the scope of `x` is not the singleton class itself, but rather the outer scope.
 2022-09-13 11:39:38 +02:00
Tom Hvitved
87db5fc6b1 Ruby: Add tests for getEnclosing{Method,Module} 2022-09-13 11:39:15 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
Alex Ford
0da367f6e5 Ruby: address QL4QL alerts for rb/sensitive-get-query 2022-09-12 08:56:17 +01:00
Alex Ford
f84035a65c Ruby: add rb/sensitive-get-query query 2022-09-10 17:43:15 +01:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tom Hvitved
e3948e6683 Merge pull request #10354 from hvitved/ruby/convert-flow-test 
Ruby: Convert data-flow test to use inline test expectations
 2022-09-08 15:20:58 +02:00
Tom Hvitved
46127f9f59 Ruby: Convert data-flow test to use inline test expectations 2022-09-08 14:32:21 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Harry Maclean
30c9bea8b3 Merge pull request #9974 from hmac/hmac/active-resource 
Ruby: Model ActiveResource
 2022-09-08 07:44:59 +01:00
Asger F
6b2ebcce3a Merge pull request #10276 from asgerf/mad-typedef-entry-points 
Add TypeModel hook for adding MaD type-defs from CodeQL
 2022-09-07 14:14:48 +02:00
erik-krogh
79a048968e make the alert messages of taint-tracking queries more consistent 2022-09-07 12:22:50 +02:00
Rasmus Wriedt Larsen
a9e1e72196 Merge branch 'main' into shared-http-client-request 2022-09-06 10:52:27 +02:00
Tom Hvitved
b197eff23e Ruby: Add missing edges to the call graph for singleton methods 2022-09-05 14:11:04 +02:00
Tom Hvitved
ab22f932a5 Ruby: Add more tests for singleton methods 2022-09-05 14:09:59 +02:00
Asger F
62383fb3c9 Ruby: add TypeModel hook for adding type-defs from CodeQL 2022-09-03 13:51:02 +02:00
Asger F
55fdf84d15 Ruby+JS: change LabelEntryPoint.toString() 
fixup Ruby entry point tests
 2022-09-03 13:24:45 +02:00
Asger F
c9ba6f171b Ruby: rename EntryPoint.getAUse,getARhs -> getASource,getASink 2022-09-03 13:13:32 +02:00
Harry Maclean
6fff02817d Ruby: Fix bug in disablesCertificateValidation 2022-09-02 13:15:02 +12:00
Harry Maclean
570a03a08f Ruby: Test disablesCertificateValidation 2022-09-02 13:00:29 +12:00
Tom Hvitved
4d485163a6 Ruby: Exclude top-level self accesses from trackModule 2022-09-01 11:05:53 +02:00
erik-krogh
7fd426e748 print a correct range for ranges that doesn't contain any alpha-numeric chars 2022-08-30 13:57:11 +02:00
Harry Maclean
aa6edb0edb Ruby: Model ActiveResource 2022-08-29 14:24:37 +12:00
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
Nick Rolfe
95bf18fdc9 Ruby: make hex-escaped strings ("\xCD\xEF" etc.) sources of hardcoded data 2022-08-26 09:33:03 +01:00
Arthur Baars
f77c2ac3d0 Update tests 2022-08-25 17:40:52 +02:00
Arthur Baars
59773eb743 Ruby: update tree-sitter grammar 2022-08-25 17:21:29 +02:00
Nick Rolfe
acf5b11139 Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code 2022-08-25 11:44:55 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00