hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4873 Commits

Author SHA1 Message Date
Alex Ford
4d59181571 Ruby: rack - Rack::Response#finish constructs a valid rack response 2023-06-22 13:45:44 +01:00
Alex Ford
521e65c5bd Ruby: rack - extend rack applications to include instance methods, lambdas, and procs 2023-06-22 13:45:44 +01:00
Alex Ford
7a3b6f107b Ruby: add predicates to DataFlow::ModuleNode to get singleton methods 2023-06-22 13:45:44 +01:00
Alex Ford
24e83165ee Merge pull request #13289 from alexrford/rb/rack-redirect 
Ruby: rack - model redirect responses
 2023-06-22 13:45:02 +01:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Alex Ford
8ef8a0d2f6 qlformat 2023-06-20 14:59:13 +01:00
Alex Ford
7aec22c1e4 Ruby: rack - remove MIME modelling 2023-06-20 14:57:23 +01:00
Owen Mansel-Chan
d7c97f8759 Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific 
Dataflow: add language-specific hook for breaking up big step relation
 2023-06-20 13:24:26 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
yoff
579c56c744 Merge pull request #13178 from yoff/python-ruby/track-through-summaries-pm 
ruby/python: Shared module for typetracking through flow summaries
 2023-06-20 11:19:45 +02:00
Jeroen Ketema
c53e529bac Ruby: Update remaining inline expectation tests to use the paramterized module 2023-06-20 10:16:01 +02:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Tony Torralba
5cb451b040 Merge pull request #13475 from atorralba/atorralba/many/zipslip-docs-update 
C#/Go/Java/JS/Python/Ruby: Update the description and qhelp of the Zipslip query
 2023-06-19 14:33:44 +02:00
Asger F
8539db07c4 Ruby: Update ActiveDispatch due to change in toString 2023-06-19 12:16:07 +02:00
Asger F
f392af220b Ruby: benign changes to SQLi tests (fixed FNs) 2023-06-19 12:15:57 +02:00
Asger F
ce0073b30c Ruby: update StoredXSS test results 
These results were previously flagged for the wrong reason.

Calls to a user-define method were seen as ORM calls. The real source is inside the user-defined method, but we miss that due to lack of 'self' handling in ORM tracking.
 2023-06-19 12:15:57 +02:00
Asger F
e3a04499f6 Ruby: minor overhaul of ActiveResource model 2023-06-19 12:15:57 +02:00
Asger F
8bc4193ce0 Ruby: minor overhaul of ActiveRecord model 
Old version had scalability issues when adding taking more interprocedural flow and inheritance into account.
 2023-06-19 12:15:44 +02:00
Asger F
bb3b973b32 Ruby: use new features in ActionController 2023-06-19 12:06:35 +02:00
Asger F
fbfa31937f Ruby: use new features in ActionMailer 2023-06-19 12:05:57 +02:00
Asger F
1ae41484da Ruby: Use new features in ActionMailbox model 2023-06-19 12:05:15 +02:00
Asger F
f8ae5301a4 Ruby: update Twirp 
This used right-to-left evaluation for API graphs, which is not supported anymore
 2023-06-19 12:04:53 +02:00
Asger F
b305c13b65 Ruby: update SQLite3 model 2023-06-19 12:04:12 +02:00
Asger F
2ef010f1c0 Ruby: update GraphQL model 2023-06-19 12:04:00 +02:00
Asger F
61cda97163 Ruby: rename some call sites 2023-06-19 12:03:25 +02:00
Asger F
5b05e72d27 Ruby: switch to local dataflow when dealing with Kernel/IO 2023-06-19 12:02:39 +02:00
Asger F
0110610c6a Ruby: overhaul API graphs 2023-06-19 12:01:42 +02:00
Arthur Baars
ea97c3ea83 Merge pull request #13423 from aibaars/update-grammar-3 
Ruby: update grammar
 2023-06-19 10:54:12 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
Maiky
849e732c48 typos 2023-06-19 01:16:27 +02:00
Rasmus Lerchedahl Petersen
3cf9e3e692 Py/js/ruby: sync files 2023-06-18 21:52:49 +02:00
Tony Torralba
c97868f774 Add change notes 2023-06-16 09:01:02 +02:00
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Maiky
f6887c86b3 Rename Libxml.qll to LibXml.qll 2023-06-15 00:19:23 +02:00
Maiky
e5fe5403b7 Apply requested changes 2023-06-14 22:55:14 +02:00
Rasmus Lerchedahl Petersen
0e713e6fc1 ruby/python: more consistent naming of parameters 2023-06-14 21:02:42 +02:00
Owen Mansel-Chan
3ff6d033d3 Rename to neverSkipInPathGraph 2023-06-14 15:29:54 +01:00
Owen Mansel-Chan
e34bcef2bd Ruby: Move path summary visibility code into flowCheckNodeSpecific 2023-06-14 14:46:41 +01:00
Owen Mansel-Chan
5f72ce0935 Add stub implementations of flowCheckNodeSpecific 2023-06-14 14:46:35 +01:00
Owen Mansel-Chan
e0f7437d40 Sync dataflow library 2023-06-14 14:29:56 +01:00
Jami
35591113c2 Merge branch 'main' into jcogs33/shared-sink-kind-validation 2023-06-14 08:06:34 -04:00
Michael Nebel
afec9b05e9 Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor 
C#: Use synthetic global in the EntityFramework code instead of jump steps.
 2023-06-14 13:47:56 +02:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Alex Ford
75ccbe58ee Ruby: rack - use Mimetype rather than MimeType in predicate names for consistency with concepts 2023-06-13 12:44:29 +01:00