thiggy1342
3c62271dba
fix casing of Api
2022-06-06 21:18:08 +00:00
thiggy1342
074583eab8
add archive api file open query and test
2022-06-06 21:09:57 +00:00
thiggy1342
c5db11ee2e
use select placeholder correctly
2022-06-06 14:01:02 +00:00
thiggy1342
6cb0717a07
Fix test syntax for sanitizer tests
2022-06-04 16:33:18 +00:00
thiggy1342
c5dc8779d1
Increased query robustness and test coverage
2022-06-03 18:05:56 +00:00
Rasmus Wriedt Larsen
50196d099b
Inline Expectation Tests: sync
2022-06-03 11:39:57 +02:00
thiggy1342
09f082081f
Simple tests passing
2022-05-28 23:29:58 +00:00
thiggy1342
39baadbdd2
test ql packs must be in the security directory
2022-05-28 23:19:32 +00:00
Adam Thigpen
52ac93b82e
adding skeleton for experimental unit tests
2022-05-28 15:14:42 -04:00
Alex Ford
5d4473bb2a
Merge pull request #8845 from alexrford/ruby/rbi-lib
...
Ruby: Add partial support for working with RBI (Ruby Interface) files
2022-05-27 11:43:44 +01:00
Alex Ford
919555d168
Merge pull request #9341 from alexrford/ruby/activerecordinstance-public
...
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
2022-05-27 11:21:58 +01:00
Arthur Baars
e3ef258b0e
Merge pull request #9287 from aibaars/instance-variable-flow-2
...
Ruby: flow through getters/setters
2022-05-27 10:49:20 +02:00
Alex Ford
4e0e4f9b5b
Ruby: make ActiveRecordInstance public
2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f
Ruby: fix some misidentification of ActiveRecordModelInstantiations
2022-05-26 17:54:01 +01:00
Harry Maclean
c80a06a6d8
Ruby: Simplify posix-spawn modeling
2022-05-26 14:29:04 +01:00
Harry Maclean
ee827604f7
Ruby: Model the posix-spawn gem
...
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
2022-05-26 14:16:08 +01:00
Tom Hvitved
b3ce2d4a2b
Ruby: Data flow for hash-splat expressions in hash literals
2022-05-25 19:55:28 +02:00
Arthur Baars
033df767ef
Ruby: allow fields in flow summaries
2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01
Ruby: flow through getters/setters
2022-05-25 16:01:04 +02:00
Tom Hvitved
ce4959287a
Ruby: Flow through hash-splat expressions
2022-05-25 15:40:08 +02:00
Tom Hvitved
a7b39ebeca
Ruby: Flow through hash-splat parameters
2022-05-25 12:37:22 +02:00
Rasmus Wriedt Larsen
ae65af2c07
Ruby: Fix Argument[any] in Hash.qll
...
With this PR, `self` have to be explicitly added. A few edges were
removed, and I don't know why. It doesn't seem to affect results, so I
did not worry too much.
2022-05-24 18:09:52 +02:00
Rasmus Wriedt Larsen
04ac466189
Merge branch 'main' into ruby-mad-argument-self
2022-05-24 18:04:02 +02:00
Tom Hvitved
faf24a4f18
Ruby: Data-flow through hashes
2022-05-24 14:27:55 +02:00
Harry Maclean
334c43a2b7
Ruby: Add tests for ActiveSupport modelling
2022-05-24 09:35:26 +01:00
Arthur Baars
cf2eb0d3a1
Merge branch 'main' into instance-variable-flow
2022-05-23 18:48:51 +02:00
Arthur Baars
7ed60b19a2
Ruby: improve test case
2022-05-23 11:59:12 +02:00
Arthur Baars
29ea1b2f24
Ruby: rename getSelfVariableAccess to getReceiver
2022-05-23 11:30:29 +02:00
Arthur Baars
68aeb2ba85
Update test output
2022-05-20 16:30:58 +02:00
Arthur Baars
d9c2b78aa2
Ruby: flow through instance variables
2022-05-20 16:30:58 +02:00
Rasmus Wriedt Larsen
5d6fbcec64
Ruby: Autoformat
2022-05-19 16:30:12 +02:00
Rasmus Wriedt Larsen
e810ba4ef6
Ruby: Expand flowToAnyArg test
2022-05-19 16:27:04 +02:00
Rasmus Wriedt Larsen
0879b6ae12
Ruby: Fix Argument[any,any-named] handling for path component in MaD
2022-05-19 15:51:30 +02:00
Rasmus Wriedt Larsen
7784b9f879
Ruby: WIP: Make Argument[any] and any-named work
...
It's not fully working I think the problem is that the code below ties
up `Argument[x]` with parameter positions, and `Parameter[x]` with
argument positions. This flip might be correct for flow-summaries, but
it does NOT seem to be correct for the `path` component in MaD.
Specifically, quick-eval for ParameterPosition does NOT include `keyword key` while
quick-eval for ArgumentPosition DOES include `keyword key`!
For the test `Foo.sinkAnyNamedArg(key: tainted) # $ MISSING: hasValueFlow=tainted`
c8be8d30b3/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll (L130-L133)
2022-05-19 15:51:25 +02:00
Rasmus Wriedt Larsen
df83a51e1e
Ruby: Add anyNamedArg summary test
2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb6e5c24fc
Ruby: Prepare for anyNamedArg summary test
2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
a7f627af0c
Ruby: Add test for Argument[any] and any-named
2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb5ad8b775
Ruby: Don't include Argument[self] in Argument[any]
...
For flow-sumamries
2022-05-19 15:42:41 +02:00
Tom Hvitved
a18aef23f9
Data flow: Do not discard call context when computing reverse lambda flow through jumps
2022-05-19 15:19:41 +02:00
Tom Hvitved
ea703bc49a
Ruby: Add test that illustrates false negative lambda flow
2022-05-19 15:19:34 +02:00
Rasmus Wriedt Larsen
051754cf7e
Ruby: Add test of what Argument[any] for input/output includes
...
and an explicit test of what `Argument[self]` includes.
2022-05-19 14:02:22 +02:00
Alex Ford
c620fceb82
Ruby: remove unnecessary line from test
2022-05-17 14:57:11 +01:00
Alex Ford
6b496c78ef
Ruby: failing crypto op test
2022-05-17 14:57:11 +01:00
Nick Rolfe
c518150b49
Merge pull request #9132 from github/nickrolfe/misspelling
...
QL for QL: generalise non-US spelling query
2022-05-16 16:03:36 +01:00
Alex Ford
0cc0494586
codeql format
2022-05-16 15:54:31 +01:00
Tom Hvitved
a9f6d203cd
Merge pull request #8971 from aibaars/safe-nagivation
...
Ruby: add safe navigation operator
2022-05-16 10:53:56 +02:00
Alex Ford
03e34e071a
ruby: inline expectations tests for CryptographicOperation concept
2022-05-13 16:32:36 +01:00
Alex Ford
4752c45fe5
ruby: update rb/weak-cryptographic-algorithm to specify the block mode if appropriate
2022-05-13 16:32:30 +01:00
Nick Rolfe
8caad12011
Ruby: fix typos in comments
2022-05-12 16:02:20 +01:00
Tom Hvitved
0a7892797e
Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens
...
Ruby: Introduce `With(out)Element` MaD input tokens
2022-05-12 11:49:51 +02:00
