1049 Commits

Author	SHA1	Message	Date
Alex Ford	a65850e922	Merge pull request #10784 from alexrford/ruby/pathname-existence ... Ruby: model `Pathname#existence` extension from `ActiveSupport`	2022-10-13 11:38:22 +01:00
Harry Maclean	a3c14f7f46	Update test	2022-10-13 13:57:28 +13:00
Harry Maclean	ad464abde2	Ruby: Model more params accesses	2022-10-13 13:24:16 +13:00
Asger F	83464d48a9	Merge pull request #10773 from asgerf/rb/bugfix-singleton-class-resolution ... Ruby: bugfix in type-tracking singleton class resolution	2022-10-12 13:45:16 +02:00
Nick Rolfe	39107047bf	Merge pull request #10735 from github/nickrolfe/actionmailer ... Ruby: add `ActionMailer#params` as a `RemoteFlowSource`	2022-10-12 10:21:11 +01:00
Alex Ford	d3c8ce3f48	Ruby: ActiveSupport extends Pathname with an existence method that may return itself	2022-10-11 21:35:58 +01:00
Asger F	ed165c6194	Ruby: bugfix in self-resolution in type-tracking	2022-10-11 18:53:20 +02:00
Asger F	a64286b664	Ruby: add test for singleton class instance field ... incorrect test output	2022-10-11 18:53:20 +02:00
Asger F	6daa1c432b	Ruby: update test output	2022-10-11 09:03:51 +02:00
Asger F	d55925d8d4	Ruby: support splat type-tracking step	2022-10-11 09:03:51 +02:00
Nick Rolfe	d61f0559a0	Ruby: add ActionMailer#params as a RemoteFlowSource	2022-10-10 10:23:48 +01:00
Nick Rolfe	a6674a5313	Ruby: fix uses of deprecated class name	2022-10-07 13:17:05 +01:00
Tom Hvitved	b065d2d3ab	Merge pull request #10705 from hvitved/ruby/singleton-overrides ... Ruby: Take overrides into account for singleton methods defined on modules	2022-10-07 13:33:59 +02:00
Harry Maclean	75cb0efecb	Merge pull request #10538 from hmac/hmac/actioncontroller-parameters ... Ruby: Model flow through ActionController::Parameters	2022-10-07 22:21:40 +13:00
Tom Hvitved	48bdf13c89	Ruby: Take overrides into account for singleton methods defined on modules	2022-10-06 11:56:26 +02:00
Tom Hvitved	7608276397	Ruby: Add more call graph tests	2022-10-06 10:38:02 +02:00
Tom Hvitved	0e6735b804	Merge pull request #10691 from hvitved/dataflow/conjunctive-clears ... Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`	2022-10-06 09:03:30 +02:00
Asger F	387e57546b	Merge pull request #10650 from asgerf/rb/summarize-more ... Ruby: more type-tracking steps	2022-10-05 19:16:56 +02:00
Asger F	decd4c93c7	Ruby: update type tracking test	2022-10-05 15:15:52 +02:00
Arthur Baars	6509c19aad	Merge pull request #10692 from aibaars/fix-splats ... Ruby: fix CFG and toString for anonymous '*' and '**'	2022-10-05 13:25:29 +02:00
Tom Hvitved	e51c20bfc7	Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow	2022-10-05 12:58:29 +02:00
Arthur Baars	a080f498be	Ruby: fix CFG and toString for anonymous '*' and '**'	2022-10-05 11:50:37 +02:00
Tom Hvitved	9d23742ed6	Ruby: Add test that illustrates issue with conjunctive WithoutContents	2022-10-05 11:26:23 +02:00
Asger F	f664a77a02	Ruby: ensure Hash flow works again	2022-10-05 11:07:55 +02:00
Arthur Baars	4ff85d5275	Ruby: add test case	2022-10-05 10:57:53 +02:00
Asger F	6f74a52542	Merge branch 'main' into rb/summarize-more	2022-10-05 09:55:23 +02:00
Asger F	8b7ec20573	Merge branch 'main' into rb/summarize-more	2022-10-05 09:43:52 +02:00
Tom Hvitved	1496c4f0e2	Merge pull request #10686 from hvitved/ruby/remove-value-pair-content ... Ruby: Remove `PairValueContent`	2022-10-05 09:41:14 +02:00
Arthur Baars	c1c16e44ee	Merge pull request #10559 from aibaars/cve-2019-3881 ... Ruby: some improvements	2022-10-04 21:24:14 +02:00
Tom Hvitved	aae9a58ca3	Ruby: Remove ValuePairContent	2022-10-04 20:10:51 +02:00
Nick Rolfe	227100d883	Ruby: make old class names available as deprecated aliases	2022-10-04 16:11:43 +01:00
Tom Hvitved	9d7d6c29f9	Review comments	2022-10-04 12:58:50 +02:00
Tom Hvitved	77c47bc856	Ruby: Add another call graph test	2022-10-04 12:58:49 +02:00
Arthur Baars	0160c374e4	Ruby: add flow summaries for Object#dup and Kernel#tap	2022-10-04 12:58:49 +02:00
Arthur Baars	c2b98a4761	Ruby: add support for 'extend' method	2022-10-04 12:58:49 +02:00
Arthur Baars	09bc78eafc	Ruby: local dataflow step for || and &&	2022-10-04 12:58:49 +02:00
Arthur Baars	e95b5468d9	Ruby: use Dataflow for Pathname instead of TypeTracking	2022-10-04 12:58:49 +02:00
Nick Rolfe	a738f1d5cf	Ruby: remove public abstract classes for Action{View,Controller}	2022-10-04 10:53:41 +01:00
Asger F	948594043d	Ruby: share type-tracking test with array test	2022-10-04 11:15:13 +02:00
Asger F	b6231e82ec	Ruby: do not treat WithoutElement[0..!] as a type filter	2022-10-04 11:14:31 +02:00
Asger F	6e7aea85ef	Ruby: update benign test output ... API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.	2022-10-04 11:14:31 +02:00
Asger F	00e52ad109	Ruby: add type-tracking variant of hash-flow test ... Ruby: fixup type-tracking hash flow test Fixup! type-tracking hash flow test result	2022-10-04 11:14:30 +02:00
Asger F	c06743afb5	Ruby: update benign test updates	2022-10-04 11:08:46 +02:00
Asger F	f75f27d30e	Ruby: update test	2022-10-04 11:08:46 +02:00
Asger F	1c484d80aa	Ruby: add some calls to .each in call graph test	2022-10-04 11:06:44 +02:00
Asger F	ab672ded6a	Ruby: strip trailing whitespace in calls.rb test	2022-10-04 11:06:44 +02:00
Harry Maclean	42a97b26bb	Merge pull request #10316 from hmac/hmac/actionview ... Ruby: Model ActionView	2022-10-04 08:16:16 +13:00
Tom Hvitved	d52d3d7b75	Merge pull request #10644 from hvitved/ruby/prevent-reevaluation ... Ruby: Prevent reevaluation of expensive predicates	2022-10-03 13:10:39 +02:00
Asger F	47e5623b90	Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs ... Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-10-03 09:23:33 +02:00
Harry Maclean	a5998fbe4d	Ruby: Model ActionController::Parameters ... Add flow summaries for methods on ActionController::Parameters, which mostly propagate taint from receiver to return value.	2022-10-03 09:45:59 +13:00