hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

4730 Commits

Author SHA1 Message Date
Tom Hvitved
4346a7f426 Data flow: Inline fwdFlowOutNotFromArg 2022-11-28 12:11:18 +01:00
Tom Hvitved
70d2a0df8a Data flow: Track parameter position instead of parameter in pruning stages 2-4 2022-11-28 12:11:12 +01:00
Nick Rolfe
8a94cabdbf Merge pull request #11250 from github/nickrolfe/stack-trace-exposure 
Ruby: add stack-trace exposure query
 2022-11-28 10:45:59 +00:00
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh
d5725255fe add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Alex Ford
8362caa9d9 Merge pull request #11417 from alexrford/ruby/activesupport-json_escape 
Ruby: model ActiveSupport `json_escape` flow
 2022-11-25 10:46:34 +00:00
erik-krogh
f75b853ae4 add change-note 2022-11-25 11:08:14 +01:00
erik-krogh
53f24a5281 fix QL-for-QL warning 2022-11-25 10:32:06 +01:00
erik-krogh
0817238177 drive-by: same change in unsafe-shell-command-construction 2022-11-25 10:32:06 +01:00
erik-krogh
378cc1aed2 add support for string-like-literals 2022-11-25 10:32:06 +01:00
erik-krogh
80c92dc3e6 add support for array pushes 2022-11-25 10:32:05 +01:00
erik-krogh
3461404bbb add basic support for arrays 2022-11-25 10:31:35 +01:00
erik-krogh
0f2a48f461 fix QL-for-QL warnings 2022-11-25 10:26:24 +01:00
erik-krogh
2033dd2dcc remove parameters named "code" as source 2022-11-25 10:25:31 +01:00
erik-krogh
e7c6571f52 remove the "send(..)" and similar from unsafe-code-construction 2022-11-25 10:25:31 +01:00
erik-krogh
f1668801d3 add a rb/unsafe-code-construction query 
rebase
 2022-11-25 10:25:30 +01:00
Harry Maclean
f49507e59a Ruby: Add note about WithElement usage 2022-11-25 16:55:37 +13:00
Harry Maclean
df398fb9a0 Ruby: Add more flow summary tests 2022-11-25 16:55:37 +13:00
Harry Maclean
fe13ac188f Ruby: US spelling 2022-11-25 16:55:37 +13:00
Harry Maclean
0b065001a8 Ruby: Add tests for flow summary behaviour 
These test cases are a companion to the flow summary docs, and ensure
that the documentated behaviour matches reality.
 2022-11-25 16:55:37 +13:00
Harry Maclean
c0501c189e Ruby: Document ?/any behaviour in output paths 2022-11-25 16:55:37 +13:00
Harry Maclean
5b07c3a746 Ruby: Elaborate WithoutElement docs 2022-11-25 16:55:37 +13:00
Harry Maclean
5e3a817064 Ruby: With[out]Element only valid in input 2022-11-25 16:55:37 +13:00
Harry Maclean
0c2dd1a5a6 Ruby: Flesh out hash-splat docs 2022-11-25 16:55:37 +13:00
Harry Maclean
43f2713925 Ruby: Update test fixture 2022-11-25 16:55:37 +13:00
Harry Maclean
78f604aef1 Ruby: Document Field access path token 2022-11-25 16:55:37 +13:00
Harry Maclean
6f852aad0b Ruby: Document flow summary syntax 2022-11-25 16:55:36 +13:00
Harry Maclean
0a4a8516eb Ruby: simplify Hash#transform_keys! flow summary 2022-11-25 16:55:36 +13:00
Harry Maclean
2822c94aa7 Ruby: Minor refactor of barrier guard code 2022-11-25 09:12:51 +13:00
Harry Maclean
6897fb46cb Ruby: Clean up WhenClause CFG 2022-11-25 09:12:51 +13:00
erik-krogh
5f6cb1684b move the code-injection tests into a subfolder 2022-11-24 17:23:25 +01:00
Alex Ford
e6446e501c Ruby: fix docs failure 2022-11-24 15:37:03 +00:00
Alex Ford
893c8763bb Ruby: model ActiveSupport json_escape flow 2022-11-24 15:33:08 +00:00
Erik Krogh Kristensen
03737543d4 Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Nick Rolfe
50b10be2db Ruby: StackTraceExposure: add test for a specific rescue type 2022-11-24 14:08:34 +00:00
Nick Rolfe
1c407a28cd Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-11-24 14:02:32 +00:00
Tom Hvitved
4e4ee32dbc Data flow: Join on one more column in flowThroughIntoCall 2022-11-24 10:48:29 +01:00
Harry Maclean
57f689401e Ruby: SplatExprCfgNode extends UnaryOperationCfgNode 2022-11-24 17:33:57 +13:00
Erik Krogh Kristensen
3d4f64f168 Merge pull request #11397 from erik-krogh/call-instanceof 
Rb: use `instanceof` instead of `extends` on `DataFlow::CallNode` in some case
 2022-11-23 22:20:17 +01:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
erik-krogh
33216f3867 cleanup imports 2022-11-23 15:22:19 +01:00
erik-krogh
19b5f64a11 use instanceof instead of extends on DataFlow::CallNode in some case 2022-11-23 14:58:17 +01:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
Nick Rolfe
e16bdc4d07 Ruby/QL: only create dbscheme case-splits for columns on defining tables 2022-11-23 10:00:08 +00:00
erik-krogh
2ad28ab4db add library inputs as a source to poly-redos 2022-11-22 13:05:34 +01:00
Edoardo Pirovano
6c33ddcd47 Merge pull request #11349 from github/edoardo/2.11.4-mergeback 
Merge `rc/3.8` into `main`
 2022-11-21 18:08:27 +00:00
erik-krogh
9c792902c7 Ruby: cache the entire extractor 2022-11-21 17:55:57 +01:00
Erik Krogh Kristensen
b4661f4a59 Merge pull request #11245 from erik-krogh/rb-redosMod 
Ruby: use the shared regex pack
 2022-11-21 15:34:20 +01:00
Tom Hvitved
2fac505221 Ruby: Update expected test output 2022-11-21 12:52:27 +01:00
Tom Hvitved
e7ed056b6f Sync files 2022-11-21 12:00:36 +01:00